Article ID: 114396, created on Jul 18, 2012, last review on Aug 12, 2014

  • Applies to:
  • Plesk

A critical component to securing any software product you use from security threats is to engage in preventative measures.  We have identified these security best practices that help protect your Parallels Plesk Panel installations:
·         When applying security patches (such as that issued in February 2012 for Parallels Plesk Panel), reset passwords.  It is particularly important to reset passwords if your server had an intrusion, or was at risk of an intrusion. Parallels provides a Mass Password Reset Script for Hosters to help do this in an automated way.
·         Clean sessions after passwords are reset. After changing passwords, remove any active sessions using:
# php -d open_basedir= -d safe_mode=0 plesk_password_changer.php `cat /etc/psa/.psa.shadow` --clean-up-sessions

NOTE:  More details are in the KB article

·         If you experience a security intrusion, review your published web content for integrity, removing any malicious scripts:

# grep -ilr 'km0ae9gr6m' /var/www/vhosts/ | while read arq; do echo $arq; echo $arq >> /root/infected.txt; sed -ni '1h;1!H;${x;s/km0ae9gr6m.*qhk6sa6g1c/virus removed/;p}' $arq; done;

You can then find the list of infected files in /root/infected.txt.
1) Download Sed from
2) Install it by running the .exe file;    
3) Launch the command:
cd "C:\Program Files (x86)\GnuWin32\bin"
findstr /S /I /M /C:km0ae9gr6m %plesk_vhosts%* >> C:\infected.txt & for /F "usebackq tokens=*" %i in (`type "C:\infected.txt"`) do @echo off && sed -ni "1h;1!H;${x;s/km0ae9gr6m.*qhk6sa6g1c/virus removed/;p}" "%i" & echo on

4) You can then find the list of infected files in C:\infected.txt.

·         If you experience a security intrusion, it is possible backdoor was installed on your server.  Set up a new clean server, download and install a clean instance of Parallels Plesk Panel on that server, and transfer customer and account data to that new server.
·         Instruct customers to not reset passwords from the new ones back to the previous (potentially compromised) passwords.  Compromised user/password combinations can potentially be used for future security intrusions and so must never be reused.
·         Keep operating system and 3rd party software applications up-to-date and patched.  Most software vendors issue security updates that you should track and install. 
·         If you are running in a virtualized environment, it is important to set up the environments to apply patches.  For example, if you are running Parallels Virtuozzo Containers for Windows, it is important to read and
·         Stay up to date on Plesk versions and MicroUpdates (MUs). The most recent Plesk version gets any patches pro-actively – with constant monitoring for possible future vulnerabilities.  Plus, stability and ease of upgrades (based on # of Support tickets) are greatly improved – so the added security is well worth upgrading for.

·         Parallels has created a Malware Removal tool. More details you can find in corresponding article

If you think you’ve experienced a security intrusion you can send Parallels your server credentials for us to analyze. The best protection, though, is prevention. Customers who have used the best practices noted here had no issues with security intrusions even during recent reports of potential vulnerabilities.

a914db3fdc7a53ddcfd1b2db8f5a1b9c 56797cefb1efc9130f7c48a7d1db0f0c

Email subscription for changes to this article
Save as PDF