Hackers leverage Plesk Panel to attack websites

Here is a great article.
————————————————————————————————————

Hackers leverage Plesk Panel to attack websites

Summary: Whether it’s being attacked by repeat-offender hackers or a zero-day vulnerability, Parallels’ Plesk Panel has become a hot target on the internet.

Popular web hosting management software, Plesk Panel, is under attack, being used as a point of entry to compromise websites.

The software, created by virtualization and automation firm Parallels, has been targeted in the past, using a vulnerability in Plesk that allowed hackers to remotely compromise the Plesk server. This vulnerability affected versions 7.x, 8.x, 9.x and 10.0 to 10.3.1 of Plesk. When it closed the hole, Parallels recommended that administrators reset the passwords of all users.
Although the fix was put in place in February this year, Plesk users believe that the hackers who compromised user sites at that time, appear to have returned. They have voiced theories on Parallels’ own forums, suggesting that hackers harvested data from Plesk while it was vulnerable and then took advantage of admins or users not resetting passwords, following the hack. This would explain why admins who updated Plesk and were meant to be secure, are seemingly being compromised by an old vulnerability.
But another theory is that there is a new zero-day vulnerability in Plesk 10.4.4 and earlier. Brian Krebs at Krebs on Security reported that underground hacking forums are selling a Plesk zero-day exploit for US$8000, with other forum members vouching for its legitimacy.
ZDNet Australia contacted Parallels over the claims of a zero-day exploit in the wild, but the firm had not responded at the time of writing.
Regardless, Plesk is definitely attracting attention from hackers. There is now a large surge in unsolicited port scans that are looking for Plesk installations, according to data from the SANS Internet Storm Centre and as noted by Sucuri Malware Lab’s Daniel Cid, during an interview with SC Magazine. Cid said that there are more than 50,000 websites compromised, as part of a hacking campaign.
Yesterday, there were reports of attacks using WordPress and other plug-ins to compromise sites, however, from Cid’s later discussions with Krebs, the common factor among all of the compromised sites appears to actually be Plesk, meaning users don’t have to be running content management systems like WordPress to become a victim.

http://gizmodo.com/5925114/kevin-mitnick-the-worlds-most-notorious-hacker-is-here-to-talk-about-what-got-him-started

Outlook Hangs when Synchronizing Subscribed Folders

Well, I going to start to finally use this blog; most likely as a journal and to post stuff learned at work. So let’s get started. I didn’t write this article, it was written May 11, 2012, by Joseph Hanna. This is a common problem that has a popped up with my end users and clients using Microsoft Outlook especially from using Google Apps as the email provider.

Otaku IT Guy!


Having many folders with many messages in Microsoft Outlook, especially if they have attachments, can be slow. This issue is because Microsoft Outlook downloads all messages every time including attachments versus a normal email IMAP application where only headers are synced to present crucial information only, and messages and attachments are ONLY downloaded and cached upon viewing the message or if the mail application is explicitly told to download all messages. Remedy this situation as follows:

After setting up your IMAP email account in outlook, right click on your email account and select “IMAP Folders…”
Click on the “Subscribed” tab and click the “Query” button.
Select all items in the list as follow:
Select the first item in the list and scroll all the way down.
Hold shift and click the last item in the list.
Click the “Unsubscribe” button.
It may prompt about folders that cannot be unsubscribed, just click “OK” here.
Select the “All” tab as we are now going to sync folders we wish or need to sync.
Select “Drafts” and click subscribe.
Select “Inbox” and click subscribe.
Select “Junk” and click subscribe.
Select “Sent” and click subscribe.
Select “Templates” and click subscribe.
Select “Trash” and click subscribe.
Do this for any other folders you wish to sync with the server.
Uncheck the option “When displaying hierarchy in Outlook, show only subscribed folders.” at the bottom of the window.
Click “OK” to close the window and commit the options.

This will resolve extremely slow synchronizations with Microsoft Outlook platforms. This issue can still be noticed if you have a very large Inbox folder, Sent folder, Trash folder, or any subscribed folder. The recommended method of avoiding this outlook issue is to simply file away messages from these subscribed folders into archived/unsubscribed folders (this also keeps your email organized!). Also, you can simply archive messages in outlook to clean them out of your mailbox (be careful as this WILL remove the messages from the server). Lastly, be sure to empty the Trash folder frequently enough to avoid a constantly growing Trash folder.

by Joseph Hanna.

computers, pc, mac, servers, network, windows, OSx, linux, unix, technology