Think Information. Think Security.
 
Picture
Popular web hosting management software, Plesk Panel, is under attack, being used as a point of entry to compromise websites.

The software, created by virtualization and automation firm Parallels, has been targeted in the past, using a vulnerability in Plesk that allowed hackers to remotely compromise the Plesk server which affected versions 7.x, 8.x, 9.x and 10.0 to 10.3.1 of Plesk.

Although the fix was put in place in February this year, Plesk users have voiced theories on Parallels' own forums, suggesting that hackers harvested data from Plesk while it was vulnerable and then took advantage of admins or users not resetting passwords, following the hack that explain why admins who updated Plesk and were meant to be secure, are seemingly being compromised by an old vulnerability.

But another theory is that there is a new zero-day vulnerability in Plesk 10.4.4 and earlier. Brian Krebs at Krebs on Security reported that underground hacking forums are selling a Plesk zero-day exploit for US$8000, with other forum members vouching for its legitimacy. There is now a large surge in unsolicited port scans that are looking for Plesk installations, according to data from the SANS Internet Storm Centre and as noted by Sucuri Malware Lab's Daniel Cid, during an interview with SC Magazine, there are more than 50,000 websites compromised, as part of a hacking campaign.

Yesterday, there were reports of attacks using WordPress and other plug-ins to compromise sites, however, Cid stated that the common factor among all of the compromised sites appears to actually be Plesk, meaning users don't have to be running content management systems like WordPress to become a victim.

Cross-posted from: ZD Net



Leave a Reply.