A critical vulnerability in some versions of Parallels' Plesk Panel control panel application appears to have been key to the recent security breach of two websites of FTC.
Plesk is widely used in the hosting industry. Rackspace offers Plesk-based control of some hosting accounts, as does Media Temple—the hosting provider whose servers housed the FTC sites business.ftc.gov and OnGuardOnline.gov, among others. The software is also used by government and educational institutions;
The vulnerability allows hackers to take control of user accounts, files and security of sites. Even after patches are applied, attacker may still have access to the hacked site.
In some web hosting, it's also possible to create an FTP account that can gain access through a secure shell (SSH) terminal session. In the case of the FTC hacks, it appears that just such an account was used to gain access to Media Temple's servers, pull data from the MySQL databases powering the Drupal and Wordpress sites, and then delete the contents of the server and post new content—going well beyond the usual sort of web defacement.
If your site is hosted with a provider that uses Plesk for site administration, it's worth taking a good look at the content on your server, and the accounts configured to access it—and resetting all your accounts' passwords.
You can read the rest of the story here.
Plesk is widely used in the hosting industry. Rackspace offers Plesk-based control of some hosting accounts, as does Media Temple—the hosting provider whose servers housed the FTC sites business.ftc.gov and OnGuardOnline.gov, among others. The software is also used by government and educational institutions;
The vulnerability allows hackers to take control of user accounts, files and security of sites. Even after patches are applied, attacker may still have access to the hacked site.
In some web hosting, it's also possible to create an FTP account that can gain access through a secure shell (SSH) terminal session. In the case of the FTC hacks, it appears that just such an account was used to gain access to Media Temple's servers, pull data from the MySQL databases powering the Drupal and Wordpress sites, and then delete the contents of the server and post new content—going well beyond the usual sort of web defacement.
If your site is hosted with a provider that uses Plesk for site administration, it's worth taking a good look at the content on your server, and the accounts configured to access it—and resetting all your accounts' passwords.
You can read the rest of the story here.
