Skip to Content

archive

Monthly ArchivesMonthly Archives: March 2012

post

Plesk API vulnerability – allow anonymous hacker

Great… Nice start to the day, received an email from Parallels regarding a vulnerability within all Plesk Panel versions below 10.4 which allow anonymous access to the server!

http://kb.parallels.com/en/113321

In a nutshell – if your server is running below 10.4 – you are at risk and MUST update. I have 3 Plesk servers, 10.4 / 9.5.4 / 8.6.0 – so I was able to carry out the “Micro updates” (MU), versions other than this required a manual patch (unless you opt to go upto the highest subversion to get the MU). Read more »

post

Protecting your Plesk server against the TimThumb hack

Plenty of WordPress themes, and many plugins, scripts and add-ins now make use of the great TimThumb script to modify images on-the-fly. I have used the script numerous times on my own sites, and for clients – either within a custom written Theme/Plugin or pre-attached within a theme. This results in a lot of different versions of the script over the year – which caused a bit of a panic when I read Cleaning Up the TimThumb Hack | WP Theming outlining the possible threat that an out of date script would cause.

The handy walk-through put together by Devin helped me find firstly; where my scripts were buried, and secondly; which versions required updating (in the end, I updated them all to the latest release) Read more »