Home/Posts/Administración del Hosting/GUIDE SERIOUS VULNERABILITY IN PLESK (UP TO 10.4). MASSIVE ATTACK 2020 -WAU

Plesk vulnerability

At Websites Are Us we want to reassure our users and clients, since At Websites Are Us we use the hosting software, WHM / Cpanel. None of our teams uses Plesk or Parallels software.
A very serious vulnerability, affecting Plesk, is circulating on the Internet, and is being exploited by a multitude of attackers, in what could be one of the biggest dashboard industry disasters.
The vulnerability allows the attacker to acquire the administrator credentials, and once with this, you can do what you want, in each of the server accounts.

Plesk has publicly announced the vulnerability, which is already circulating in underground forums, so thousands of crackers, they will be locating with a simple script, servers that use Plesk, easily located by the port and the strings it returns when trying to connect to that port.

Plesk is a leader in installation, due to its low-cost licensing policy for few domains or small installations, which is why it is highly installed in small hosting companies, VPS. Other reasons, derived from the years they have been working with them, many page hosting companies are anchored to it.

The vulnerability affects versions prior to 10.4, including this one, and the current solution is to update to version 11, which is a serious handicap for system administrators, since Plesk updates are famous for their complexity and appearance of problems. This means that the number of exposed servers is very high.
It would be expected that Plesk, in the next few hours, will provide a patch or script to solve the problem.

Meanwhile, Websites Are Us offers Reseller or end customers of companies affected by vulnerable versions, our services, and our help, if they wish to migrate their services (Plesk migration -> Cpanel)

More information:

By |2020-07-09T14:03:25+00:00May 12th, 2020|Administración del Hosting|