QuestionAre there any tips for keeping Parallels Plesk Panel (PP) secure?
AnswerYes. Here is a list of things you may want to do:
Note: Some of these features are available only as of version 11.
1. First, make sure you go through the list provided in the following Knowledge Base article:
114396 Securing Parallels Plesk Panel: Best Practices to Prevent Threats
The article above lists the most common causes of server intrusions, along with ways to prevent and eliminate them.2. Do not forget to check the Securing Panel section of the Administrator's guide. Topics covered in this section include the following:
- Restricting administrative access (from specific IP addresses)
- Setting up the minimum password strength
- Turning on the Enhanced Security mode
- SSL protection
- Restricting script execution in the /tmp directory
- Configuring site isolation settings
- Protecting users from running tasks on behalf of root
9689 FTP users have access to root directory on server
11239 SLAAC Attack - 0day Windows Network Interception Configuration Vulnerability
112171 Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
113321 Remote vulnerability in Plesk Panel (CVE-2012-1557)
114625 PP accepts both old and new admin passwords when integrated to CBM
115942 Public issues VU#310500, CVE-2013-0132, CVE-2013-0133
6. These articles may also be useful in certain scenarios:
1323 How can I run Rootkit Hunter with the update option?
1357 [Security] Defending against a SYN-Flood (DOS) Attack
1763 [Info] How can I ensure that Apache does not allow the SSL 2.0 protocol, which has known weaknesses?
7027 [How to] RKHunter warning improvement
8119 How to prevent your Parallels Plesk Panel from brute-force attacks
112156 How to set up a file audit on Windows server
TIP: Feel free to subscribe to updates to this article in order to keep track of new security issues.