I am also using the latest version of stand alone plesk with a single server installation. I am not running database or email on this server, those are all done from an external server base.
Shell scripts will not be given out.
besides doing some of the basic tmp and restricing compilers, turning off unneeded services, etc.
is there anything in specific you guys have found that you need to do in order to secure your systems?
I was looking at staminus dedicated hosting offers, and after I asked them about secure port packages prices. I would like to know, after I purchase a dedicated server, how to install secure port? Does it work like a protected DNS?
I came across this very detailed step-by-step tutorial on how to secure a Plesk based VPS. It's up-to-date and was just written so the info is accurate.
I want to secure the webmail access (webmail.mydomain.com) with an SSL certificate. In this case, a self signed certificate should be enough because the users using the webmail will trust it.
Latest Plesk 12 and Windows Server 2012 R2, MailEnable WebMail as shipped with Plesk. Horde Webmail.
How would I set this up? I found no setting to enable SSL for the webmail subdomain. And I can not add it as subdomain and assign the self-signed certificate on it (Plesk panel does not allow webmail.mydomain.com as subdomain as it is already in use).
I found these links but they did not really answer my question as the information is mostly outdated (Windows 200):
On windows 2008 server with Plesk 11.5, the Secure your Sites option is not displayed. In addition unable to share SSL certificates across many sites with shared IP address.
I'm using plesk with CentOS 6.6 and the postfix/courier mail services...I tried to connect an existing mail account with a mail program like thunderbird. But I'm not able to connect to it, except when I'm using "no connection security"...So I tried, if manually contacting the POP3s Port is working:
Code: openssl s_client -ssl3 -host mail.domain.de -port 995 with the following result:
Code: CONNECTED(00000003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent
[code]....
the same results come for trying to connect to port 465 (ssmtp) and 993 (imaps)port 443 (https) seems to work fine..i already checked if the corresponding certificates exist (e.g. /usr/share/imapd.pem) and filled with the standard certificate informtaion given by plesk checking openssl on the server gives the following result:
Code: # openssl version OpenSSL 1.0.1e-fips 11 Feb 2013
One failure cited by a recent PCI compliance report was that of the Plesk non-https login at port 8880. I believe we can resolve this by adding a firewall rule to block access to this port but wanted to check first if this will have any negative consequences elsewhere. Or is there a better way to achieve PCI compliance on this point?
Every time i use Dovecot secure IMAP server with Sieve support.I can not receive emails note. Upgraded from 11.5 to 12
Jun 18 08:03:36 CO6302 postfix/qmgr[1523]: 284FAA0E86: from=<my@gmail.com>, size=1943, nrcpt=1 (queue active) Jun 18 08:03:36 CO6302 postfix-local[2036]: postfix-local: from=my@gmail.com, to=the@domain.com, dirname=/var/qmail/mailnames Jun 18 08:03:36 CO6302 postfix/pipe[2035]: 284FAA0E86: to=<the@domain.com>, relay=plesk_virtual, delay=336, delays=335/0.01/0/0.19, dsn=4.3.0, status=deferred (temporary failure. Command output: lda: Error: user the@domain.com: Error reading configuration: Invalid settings: postmaster_address setting not given lda: Fatal: Internal error occurred. Refer to server log for more information. 4.2.1 Message can not be delivered at this time )
I have used the patch : [URL] .... to disable ssl v3.
After I applied the patch getting error below when i try to send email via horde webmail:
There was an error sending your message: Could not open secure TLS connection to the server.
Roundcube can send mails well but horde not. Otherwise since applied the parch i can't get mails from gmail and maybe other providers i don't know yet.
I've written a script to send property data to rightmove.co.uk as part of their new automated data feed. However they require a secure connection to their systems when posting the data. They have provided me with a .pem file which is a security certificate. I need to install this on my plesk server but where to start as most certificates require a private key and the actual certificate. The private key I have been provided is only an 8 charter string, like a password.
I have a lot of questions here so if you can't answer them all I understand. even pointing me somewhere where I could get the answers would be appreciated; hardware sites focusing on server hardware, forums focusing on such, etc.
we plan to have three different types of servers:
- db server (self explanatory. mysql. for forums, mysql driven sites.)
- file server (lots of files around ~2-10MB, consistant 70mbps right now, but we want more room for upgrades. needs a LOT of storage room.)
- web server (lots of php files, but also static things like plain html, images, etc. also includes all misc services for the setup-- dns, etc.)
could I be given a rundown for which hardware each of the three should have? I don't need specifics, even just knowing that more ram is important here while cpu doesn't matter as much, or that the fastest disks available are a must, etc would all be valuable info for me. despite that, I certainly wouldn't mind specific hypothetical hardware configs.
for the database server I'm assuming the more ram the better. not entirely sure about the cpu? also not positive on disks...
for the fileserver, how much ram would be practical or useful? disk io will be an issue I'm because plenty of people will be pulling files at once so the disk needs to read from multiple places. scsi (and even raptors) are not an option as we need 750GB+ of space on a reasonable budget. more ram will take some load of of the disks, but how much is neccessary / reasonable?
for the web server I'm assuming cpu first, then ram, but it'll likely need less ram than the db server?
I'm more lost on the disks than anything. scsi on the fileserver is not an option under any circumstances due to $/GB. for the db & web server I'm willing to pay for scsi if the performance increase really does warrant the extra money, but I'd like to be convinced before shelling it out. if you have benchmarks geared at server hardware when it comes to disks I'd really appreciate it.
also, what's the best way to network these together when colocated? each one with a dual gigabit ethernet port and then the communications go to and from the router?
I have a server with plesk8 installed. I forsee a time when I shall need either to move to a new bigger server or to add a new bigger server to what I already have.
Problem is, my isp says that PLESK will only work on single server set-ups and can't work in a multi-server environment.
Long story short, my web host is unreliable and after a down period of 3 days - I want to move my website to a new dedicated server.
Old Server - Fedora Core 6 with Plesk 8.1 (64 bit)
New Server - Cent OS 5 with Plesk 8.0 (Still to confirm version)
My problem is how to transfer all data from one server to the other? The most important item to backup are the emails, and the rest I can do manually. Ideally I would want to backup the entire server in a one, and upload it to the new one but I doubt that will be possible.
have a domain setup in pleask but as i can't get sub domain pointing to external IP to work i thought i would try using the DNS server setup in the CP of 123reg.co.uk which is where domain is registered.
We operate many Plesk VPS servers in a virtual environment for our customers and would really like the ability to allow Plesk VPS servers to switch to using our PPA DNS servers instead of having to have multiple ips on each VPS to run their own name servers. Not to mention the added nuisance of each customer having to register name servers and glue records.
We looked at adding the Plesk servers as nodes to our PPA cluster but the license jump and loss of Nginx is completely prohibitive. Is this possible?
is it possible to merge different PLESK-servers to a new one? If I just use the migration-tool there are many errors because of the double-use of the databases (created by plesk-application-manager).
At my company we have running some Helm 3/4 servers and we've installed a new server with Plesk 12 for testing.Do you know a good way to migrate these servers (more than 6) to Plesk 12?.Helm is bringing to me a lot of problems and also servers must be renewed.
I am setting up slave DNS servers using bind 9.8 on CentOS 6. I have followed the procedure here successfully: [URL] ....
The problem is that even if I see something like the following in named.run on the slave server (which implies the rndc connection worked):
received control channel command 'addzone xxxxxxxx.com { type slave; file "xxxxxxxx.com"; masters { x.x.x.x; }; };' received control channel command 'refresh xxxxxxxx.com' received control channel command 'addzone xxxxxxxx.com { type slave; file "xxxxxxxx.com"; masters { x.x.x.x; }; };'
I still cannot query any entries for that zone from the slave DNS server:
$ dig @y.y.y.y xxxxxxxx.com ; <<>> DiG 9.8.3-P1 <<>> @y.y.y.y xxxxxxxx.com ; (1 server found) ;; global options: +cmd
[Code] .....
I also do not see any zone files created anywhere on the slave server.
I have two VPS with two different Datacenters. I am running my website on one of the VPS which has Plesk Panel 11.5 installed on it. Since my second server is not in use, I would like to use it as a Secondary DNS Server for redundancy. I know this can be done with Plesk Expand. But, I am not in a position to invest further as I just run 4 domains on my main server. I was looking at installing some free control panel on my secondary VPS and set it up as a Secondary DNS Server if possible. But, I could not find any Guides on setting this up.
How I can do this? I see that we have an option in Plesk - 'Switch DNS Service mode' which can be used to either setup my first server as a Secondary or Primary. I have installed Webmin/Virtualmin on the second server, but how to set this up perfectly. I can reinstall the 2nd Server if required, but not my first one with Plesk.
If you met any problems with downloading from Odin servers (autoinstall.plesk.com or autoinstall-win.pp.parallels.com) - please describe this problem briefly and specify geographic location (country, city) of your Plesk server.
I have hired two servers for plesk and I have the mail configured in one server and the website in another one, it all seems to work fine except for a problem.
When the server where the website is tries to send a message through a smtp account it can´t send it, it seems to be looking for the mail server in the same server where the website is instead of look for it in the other server.
Yesterday I migrated a domain with the migration tool from a Debian 7.6 Plesk 12.0.18 MU35 box to a Debian 7.6 Plesk 12.0.18 MU35 box
This domain have a simple DNS configuration. The A registry for the domain.com was an own IP instead the IP of the server. Rest of the DNS configuration was the same.
After migration the A registry for the domain.com was an own IP too (as expected) but also the A registry for mail.domain.com
Before migration, in the old server:
A domain.com x.x.x.x (own ip) A mail.domain.com y.y.y.y (server ip)
After migration, in the new server:
A domain.com x.x.x.x A mail.domain.com x.x.x.x
The migration had changed the IP for mail.domain.com for the IP of the A registry for domain.com
Very strange. I double-checked it (as the domain in the "old" server was suspended)
Client don´t have access to the control panel, so no changes done.
