Nieuws
Ernstig beveiligingslek op oudere Plesk omgeving
Geplaatst door Peter-Support-Helpburo.eu Support aan 13-11-2014 15:32

Severe security leak on old Plesk servers

The combination of the outdated Operating System CentOS 4 with the Plesk version 9.5.4 was found to be
open for hackers, using the Plesk FastCGI module, on the 10th of November.

As a quick fix, we immediatly disabled on all servers with that CentOS/Plesk combination the FastCGI module.
Since that time, we upgraded on all those servers the Operating System from CentOS 4 to CentOS 5.11, which
is secured against that attack.

The upgrade was finished today.


Possible implications:

1. Websites might show placeholders instead of special characters like ë
Solution:
- Edit the file /etc/httpd/conf/httpd.conf
- search for "AddDefaultCharset UTF-8"
- replace it with "# AddDefaultCharset UTF-8"
- restart Apache with the command "service httpd restart"


2. Websites are not showing, if the index file is named index.htm
Solution:
- Edit the file /etc/httpd/conf/httpd.conf
- search for a line starting with "DirectoryIndex"
- add " index.htm" at the end of the line
- restart Apache with the command "service httpd restart"


Reacties (0)