Search

Language:  
Search for:

Available article translations:

Parallels Plesk Panel security best practices

APPLIES TO:
  • Parallels Plesk Panel 11.x for Linux
  • Parallels Plesk Panel 10.x for Linux
  • Parallels Plesk Panel 9.x for Linux/Unix
  • Parallels Plesk Panel 11.x for Windows
  • Parallels Plesk Panel 10.x for Windows
  • Parallels Plesk Panel 9.x for Windows

Question

Are there any tips for keeping Parallels Plesk Panel (PP) secure?

Answer

Yes. Here is a list of things you may want to do:

Note: Some of these features are available only as of version 11.

1. First, make sure you go through the list provided in the following Knowledge Base article:

114396 Securing Parallels Plesk Panel: Best Practices to Prevent Threats

The article above lists the most common causes of server intrusions, along with ways to prevent and eliminate them.

2. Do not forget to check the Securing Panel section of the Administrator's guide. Topics covered in this section include the following:
  • Restricting administrative access (from specific IP addresses)
  • Setting up the minimum password strength
  • Turning on the Enhanced Security mode
  • SSL protection
3. Linux users may also check the advanced documentation pages related to PP for Linux security: Enhancing Security. This documentation covers the following topics:
  • Restricting script execution in the /tmp directory
  • Configuring site isolation settings
  • Protecting users from running tasks on behalf of root
4. If you are dealing with credit cards, this document is worth reading:

Meeting PCI DSS Requirements for Parallels Plesk Panel Suite 11

5. It is recommended to be aware of these issues:

9689 FTP users have access to root directory on server
11239 SLAAC Attack - 0day Windows Network Interception Configuration Vulnerability
112171 Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
113321 Remote vulnerability in Plesk Panel (CVE-2012-1557)
114625 PP accepts both old and new admin passwords when integrated to CBM
115942 Public issues VU#310500, CVE-2013-0132, CVE-2013-0133

6. These articles may also be useful in certain scenarios:

1323 How can I run Rootkit Hunter with the update option?
1357 [Security] Defending against a SYN-Flood (DOS) Attack
1763 [Info] How can I ensure that Apache does not allow the SSL 2.0 protocol, which has known weaknesses?
7027 [How to] RKHunter warning improvement
8119 How to prevent your Parallels Plesk Panel from brute-force attacks
112156 How to set up a file audit on Windows server

TIP: Feel free to subscribe to updates to this article in order to keep track of new security issues.



bbe0373935bc886984e30ddeb0b46919 56797cefb1efc9130f7c48a7d1db0f0c 49af2da0f2dd4c81e962790bbbd0c2b4 5fc602d72ea565f353b9320e2ef62a1b 0324051e74e0392d1551a3b559b09eaa 5d735c0e028ee5b991e4fb80d34fb87f 6eab23e8dac1eb5df9820a41f94cf4b4 1aa1c890c6389095129322a3a7c695a6 04f1b0f9f311a40f2f06e7821a7faf9a c7658ac2f68d6572a213687c1077afff

FEEDBACK
Was this article helpful?
Tell us how we may improve it.
Yes No
 
 
 
 
 
 
Desktop Virtualization
- Parallels Desktop 9 for Mac
- Parallels Transporter
- Parallels Desktop Switch to Mac Edition
- Parallels Desktop for Mac Enterprise Edition
- Parallels Management-Mac for Microsoft SCCM
Server Virtualization
- Parallels Cloud Server
- Parallels Containers for Windows 6.0 Beta
- Parallels Virtuozzo Containers
Automation
- Parallels Automation
- Parallels Automation for Cloud Infrastructure
- Parallels Business Automation Standard
- Parallels Virtual Automation
- Parallels Plesk Panel Suite
- Web Presence Builder
- Parallels Plesk Automation
- Parallels Small Business Panel
- Value-added Services for Hosters
- Parallels Partner Storefront
Services & Resources
- Cloud Acceleration Services
- Professional Services
- Support Services
- Training & Certification