Article ID: 118188, created on Oct 24, 2013, last review on May 11, 2014

  • Applies to:
  • Plesk 11.0 for Linux
  • Plesk 10.4 for Linux/Unix
  • Plesk 11.0 for Windows
  • Plesk 10.4 for Windows


Questions regarding backup signing in Parallels Plesk Panel 11.0.9 and 10.4.4.


Parallels Plesk Panel Micro-Update #60 for Plesk 11.0.9 and Micro-Update #57 for Plesk 10.4.4 introduced a new security measure: signing of backup files. This article addresses questions that may arise due to this feature and explains the customer impact.

What are backup signatures for?

Backups are signed with a server-specific key in order to ensure that the backup is made on the same server and has not been modified. This security measure protects against attempts to restore forged backups in order to increase limits or gain permissions.

When are backups signed?

Backups are signed in the following cases:

  • The backup is created in the FTP server repository.
  • The backup is downloaded from the Parallels Plesk Panel interface.
  • The backup is created using the pleskbackup command line utility, even if the argument for -output-file is a local file.

Backups created on the server and stored in the local repository are not signed.

When is a backup signature verified?

A backup signature is verified in the following cases:

  • The backup is uploaded through the control panel.
  • The backup is restored from FTP.
  • The backup is copied from the Personal FTP repository to the Server Repository.
  • The backup is restored from a single file using the pleskrestore command-line utility.

What happens when the server cannot verify a backup signature?

Uploading or restoring of backups with absent or incorrect signatures is not allowed for non-administrator accounts. The Plesk administrator is asked for an additional confirmation when an unsigned or unverified backup is uploaded or restored.

How will the introduction of backup signature checks impact my customers?

  1. All backups uploaded to FTP or downloaded through the control panel before 11.0.9 MU#60 or 10.4.4 MU#57 was installed will be processed as unsigned. This means the following:

    • Non-administrators cannot restore such backups from Personal FTP Repository.
    • Non-administrators cannot upload backups downloaded before installing 11.0.9 MU#60 or 10.4.4 MU#57 to Server Repository.
    • Non-administrators cannot restore their parts of full server backups that are not signed or have incorrect signatures (such backups may be uploaded by the administrator).
  2. The administrator has to confirm the uploading or restoring of unsigned backups or backups with incorrect signatures in the control panel interface and in the command-line utilities:

    • pleskrestore will not start to restore a backup with an incorrect signature unless you add the -ignore-sign option.
    • The "I want to restore this backup despite the fact that it is modified" check-box should be selected on the "Backup Details" and "Upload Backup File from Local Computer to Server Repository" pages in an Administrator control panel session.

I don't need it! How can I disable this feature?

Signature checking may be turned off through the /usr/local/psa/admin/conf/panel.ini configuration file ("%plesk_dir%\admin\conf\panel.ini" on Windows):

allowRestoreModifiedDumps = on

In this case the signature will be checked, but will not block any operation.

ff5a00b8ead2e480367b019417a04207 56797cefb1efc9130f7c48a7d1db0f0c a914db3fdc7a53ddcfd1b2db8f5a1b9c 85a92ca67f2200d36506862eaa6ed6b8 c796c01d6951fa24ed54c7f1111667c6 e8756e9388aeca36710ac39e739b2b37 29d1e90fd304f01e6420fbe60f66f838 dd0611b6086474193d9bf78e2b293040 514af229ae32522202a910a2649c80fb bd7fc88cf1b01f097749ae6f87272128 aea4cd7bfd353ad7a1341a257ad4724a 0a53c5a9ca65a74d37ef5c5eaeb55d7f

Email subscription for changes to this article
Save as PDF