Article ID: 6155, created on Jun 18, 2009, last review on May 4, 2014

  • Applies to:
  • Plesk 12.0 for Linux

Síntomas

Parallels Plesk Panel 9.0 and Parallels Plesk Sitebuilder 4.5 for Windows are installed on the same server.

I was reviewing Sitebuilder Log when I saw the event SBResetPassword.exe admin PASSWORD -createadmin. Where PASSWORD is password of Sitebuilder user admin.

I do not want to see the password in plain text. We need to protect credentials against onlookers! How to hide the notification?

Cause

The record "SBResetPassword.exe admin PASSWORD -createadmin" in logs means that Sitebuilder admin password was reset.
The utility was called by Parallels Plesk Panel when enabled Parallels Plesk Sitebuilder.

Resolution

This security issue is a known. It will be fixed in future update of Parallels Plesk Sitebuilder.

To resolve the problem now and avoid the notification in the log you may disable logging of utility SBResetPassword.exe.

Before reconfiguration backup file [sitebuilder_base_dir]\Utils\SBResetPassword.exe.config.
Open the file with editor and comment this record in it "<!-- <appender-ref ref="DBlog"/> -->"

Where [sitebuilder_base_dir] is base directory, where Parallels Plesk Sitebuilder is installed to.

[sitebuilder_base_dir]\Utils\SBResetPassword.exe.config
---
<?xml version="1.0"?>
<!--
        Note: As an alternative to hand editing this file you can use the
        web admin tool to configure settings for your application. Use
        the Website->Asp.Net Configuration option in Visual Studio.
        A full list of settings and comments can be found in
        machine.config.comments usually located in
        \Windows\Microsoft.Net\Framework\v2.x\Config      
-->
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
        <configSections>
                <section name="log4net"
type="log4net.Config.Log4NetConfigurationSectionHandler, log4net"/>
                <section name="siteRepository"
type="SWsoft.SiteBuilder.Repository.Site.SiteRepositoryConfigSection,
Repository.Site"/>
                <section name="KAServerConfiguration"
type="System.Configuration.NameValueSectionHandler, System, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089"
restartOnExternalChanges="true"/>
        </configSections>
        <KAServerConfiguration>
                <add key="url" value="https://ka.swsoft.com:5224"/>
                <add key="login" value="sb-win"/>
                <add key="password" value="pmdgeryionDWPM6gzmplgRnbfgdfTqpm"/>
                <add key="ignoreCertificateErrors" value="true"/>
        </KAServerConfiguration>
        <log4net>
                <appender name="LogFile" type="log4net.Appender.FileAppender">
                        <file value="C:\Program
Files\Parallels\Plesk\SiteBuilder\_logs\SBResetPassword.log"/>
                        <appendToFile value="true"/>
                        <layout type="log4net.Layout.PatternLayout">
                                <conversionPattern value="%date [%thread]
%-5level %logger - %message%newline"/>
                        </layout>
                </appender>
                <appender name="DBlog"
type="SWsoft.SiteBuilder.Common.Log.DBLogger, Sitebuilder.Common"/>
                <root>
                        <level value="DEBUG"/>
                        <appender-ref ref="LogFile"/>
                        <!-- <appender-ref ref="DBlog"/> -->          <== this record
                </root>
        </log4net>
        <connectionStrings>
                <add name="WSBConnection" connectionString="Connect
Timeout=180;Data Source=localhost;User
Id=D836976A742949B1B30D3DC3E348DEBD;Pwd=747D358E96B64CEDA4898C077AF0F250WsB-5.0.0-forever!..;Database=sitebuilder2399E5FC7DD485645A366075FB6D0B17"/>
        </connectionStrings>
        <appSettings file="appSettings.config">
                <add key="RepositoryFolder" value="C:\Program
Files\Parallels\Plesk\SiteBuilder\Repository"/>
                <add key="SWSoftSiteUrl" value="http://www.swsoft.com"></add>
                <add key="PreviewHostUrl"
value="tcp://localhost:1455/WebApplicationHost.rem"/>
        </appSettings>
        <siteRepository path="C:\Program
Files\Parallels\Plesk\SiteBuilder\Sites"/>
</configuration>
---



IMPORTANT:
The instructions above are valid only for Parallels Plesk Sitebuilder version 4.5 for Windows.
Structure of configuration file SBResetPassword.exe.config is different in other versions.

56797cefb1efc9130f7c48a7d1db0f0c a914db3fdc7a53ddcfd1b2db8f5a1b9c 29d1e90fd304f01e6420fbe60f66f838 2a5151f57629129e26ff206d171fbb5f e335d9adf7edffca6a8af8039031a4c7

Email subscription for changes to this article
Save as PDF