Categories
HowTo Guides Linux Plesk

Plesk API vulnerability – allow anonymous hacker

Great… Nice start to the day, received an email from Parallels regarding a vulnerability within all Plesk Panel versions below 10.4 which allow anonymous access to the server!

http://kb.parallels.com/en/113321

In a nutshell – if your server is running below 10.4 – you are at risk and MUST update. I have 3 Plesk servers, 10.4 / 9.5.4 / 8.6.0 – so I was able to carry out the “Micro updates” (MU), versions other than this required a manual patch (unless you opt to go upto the highest subversion to get the MU).

Categories
HowTo Guides Linux Plesk

Protecting your Plesk server against the TimThumb hack

Plenty of WordPress themes, and many plugins, scripts and add-ins now make use of the great TimThumb script to modify images on-the-fly. I have used the script numerous times on my own sites, and for clients – either within a custom written Theme/Plugin or pre-attached within a theme. This results in a lot of different versions of the script over the year – which caused a bit of a panic when I read Cleaning Up the TimThumb Hack | WP Theming outlining the possible threat that an out of date script would cause.

The handy walk-through put together by Devin helped me find firstly; where my scripts were buried, and secondly; which versions required updating (in the end, I updated them all to the latest release)