Nginx is listening on port 7080 with ipv6 protocol only.ipv6 isn't use on the server (ipv4 only).If I disable ipv6 support on the server, is this stopping nginx to use ipv6 ? (and some other process)How can I disable IPv6 on Plesk 12 ?
View 3 RepliesI'm running plesk 12.0.18 on centOS 6.6 and I have some problems with ipv6 support for a domain. This is what I see in my apache logs for that domain:
2001:8d8:90b:c900::2a:19d1 - - [29/Jun/2015:17:44:55 +0200] "GET /hello.html HTTP/1.0" 404 1208 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
2001:8d8:90b:c900::2a:19d1 - - [29/Jun/2015:17:49:39 +0200] "GET /hello.html HTTP/1.0" 200 384 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.16.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2"
2001:8d8:90b:c900::2a:19d1 is the ipv6 from my server, and it appears there because of nginx working as reverse proxy.
As you can see, facebook can't get /hello.html (404 response), but I can get it from another server using curl (200 response). I tried disabling nginx and this is what I see now:
2a03:2880:2110:dff3:face:b00c:0:1 - - [29/Jun/2015:17:55:11 +0200] "GET /hello.html HTTP/1.1" 404 1208 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
2001:8d8:8b3:6000::4e:c5a0 - - [29/Jun/2015:17:54:52 +0200] "GET /hello.html HTTP/1.1" 200 361 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.16.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2"
Still not able to get /hello.html. This is a problem for me because I can't share anything on facebook, since their bot can't find anything on my site.
I've already configured ipv6 for my domain.
Plesk Firewall has no effect on IPv6?
I am writing today regarding the Plesk Firewall. It seemed to be pretty handy for quickly blocking troublesome users from *replace-with-whatever-IP-block-is-giving-you-trouble*. Yet I am unable to block IPv6 addresses, and the fire wall seems to let some blocked IPv4s right in. I did not see any distinction as to v4 or v6 in the Firewall dialog for adding custom rules, so...
The question is...
(1) Is the Plesk Firewall *supposed* to apply rules to IPv6 by default?
If yes...
(2) Is there a setting or a switch that has to be configured for this to work?
If yes...
(3) Where are said configuration options located?
Okay, when I run /sbin/ip6tables -L (CentOS) I get output that resembles the iptables (no 6) output, only... what, converted to IP6? Not sure. Example output:
DROP tcp ::ffff:31.0.0.0/104 ::/0 tcp dpts:1:10000
In that particular instance I added a drop for the 31.0.0.0/8 block (using the Plesk Firewall interface), in order to create the script that's loaded into iptables (and ip6tables as well, apparently) when one elects to "Apply Configuration". It worked great, executed perfectly, and the iptables output list output looked to be (and remember, I have grossly insufficient background knowledge in this area) accurate.
Yet at the time of this writing I can see via live traffic monitor that an address in the 31.0.0.0/8 block (IPv4) is pounding away at a website. This is curious, as the live traffic monitor indicates an IPv4 address. So... can an IPv4 address be detected and recorded from a host that is only able to connect via IPv6? While an interesting question, I was more concerned with just blocking the IPv6 address and get more academic with it later.
But this raises another question; why would Plesk populate ip6tables and not provide an interface to actually submit IPv6 addresses.
I added a AAAA ipv6 zone to my dns the idea was to run the SPF validation by google (who checked the ipv6 and not ipv4 (??) )Out today I have a client who called me and because it can no longer connect to my site...I take his computer in hand by teamviewer and actually the ping of my domain solves the ipv6 not ipv4 in the management of IP in plesk I
Mask IP address subnet Retailer Sites Interface
178.xx.xxx.xxx (shared) 255.255.255.0 eth0 0187
2001: xxxx: x: xxxx :: 1 (dedicated) 64 0 0 eth0
therefore 187 sites under the ipv4 and ipv6 0 on..I actually do not care about ipv6, it's just for spf..I lack some knowledge with dns I think...must I do something on dns to indicate that ipv4 is that actually hosts the site? or at plesk for all requests to be redirected to the ipv6 on ipv4?
I've discovered an annoying problem in Plesk 11.
When you register a .fr domain name, you need to have a Success ZoneCheck at [URL] ....
The test fail because the server didn't answer to ICMP IPv6 requests.
Error: The server does not listen to or does not answer in UDP on the port 53 (on the IpV6)
My question is: How to open port 53 on IPv6 for ICMP requests ?
This is functional with IPv4 But not IPv6.
There are some rules in the Plesk Firewall, but it seems not working at all.
I have several clients still using WinXP. How do I disable SNI for SSL certificates ( and just use old IP way )?
View 18 Replies View RelatedI already posted this as a bug report and now wanted to inform other users.
Starting with Plesk 11.5, the file "/opt/psa/var/modules/firewall/firewall-emergency.sh" contains the following line:
Code:
rm -f /opt/psa/var/modules/firewall/active.flag
That line stems from updating
Code:
Preparing to replace psa-firewall 11.0.9-debian6.0.build110120608.16 (using .../psa-firewall_11.5.30-debian6.0.build115130819.13_amd64.deb) ...
Unpacking replacement psa-firewall ...
Now, when you stop the firewall, you cannot start it again, cause deleting the active.flag disables the firewall:
Code:
# ll /opt/psa/var/modules/firewall/active.flag
-rw-r--r-- 1 root root 0 2013-11-26 09:22 /opt/psa/var/modules/firewall/active.flag
# /etc/init.d/psa-firewall stop
psa-firewall: firewall successfully disabled
# ll /opt/psa/var/modules/firewall/active.flag
ls: cannot access /opt/psa/var/modules/firewall/active.flag: No such file or directory
# /etc/init.d/psa-firewall start
psa-firewall: service is disabled
You then have to manually "touch" the active.flag to be able to start the firewall again. A workaround is to remove the line:
Code:
sed -i 's:rm -f /opt/psa/var/modules/firewall/active.flag::' /opt/psa/var/modules/firewall/firewall-emergency.sh'
I really hope that Parallels fixes this asap, as normally you won't notice that the firewall is not active when every works fine (nothing is blocked) and Plesk still shows all the rules.
I setup and enable fail2ban by Plesk 12 (tools and settings). What happens is, few days after i am unable to access this option again. I got time out
I've tried to disable by ssh "fail2ban-client stop" and nothing... the command become loading and never conclude,
how to remove or stop fail2ban ?
I have 2 server with CENTOS 7 and PLESK 12. In 1 server yum repository atomic is enabled, in the other is disabled. It should be enabled?
View 12 Replies View RelatedI would like my clients only to be able to access Plesk Panels from a certain domain, instead all from or with all the domains hosted on our server, is there a way to accomplish that?
View 1 Replies View RelatedI recently upgraded phones and forgot that my google authenticator keys were on my old phone. I am now unable to log in to the Plesk admin panel. I of course still have SSH access. How can I disable the Google Authenticator so I can regain access?
View 6 Replies View RelatedThe premium antivirus when enabled it automatically sends notifications to both sender and server admin. I wish to disable the the notification to the sender and also only send a summary email weekly to the admin.
View 3 Replies View RelatedI'm just wondering whether it is possible to only offer POP and disable IMAP for a particular service plan?
View 2 Replies View RelatedIs it possible disable or uninstall 'WordPress Toolkit' for Plesk 12.x?
View 2 Replies View RelatedI need to disable apache access logs. I commented out the access log path in /etc/httpd/conf/httpd.conf and restarted the server but it's still logging access.
View 3 Replies View RelatedIs it possible to disable to root login to the panel? I do not mean the SSH login.
View 4 Replies View RelatedIs it possible to control if nginx is active on a per domain basis? If so, how do we configure this. If not, how do we disable nginx completely?
View 3 Replies View RelatedSometimes my clients install untrusted scripts to their account what causes spamming, because these scripts sending high number of spam emails. Is there an automatically way to disable php mail function, or disable the account temporary?
[URL]
is there any way to disable automatic updates completely ? Because the lowest option in the panel is:
"Notify me about available updates but do not automatically install them" (Critical security updates will still be installed automatically.)
And while I can't figure out, which files are going to be updated even on this minmalistic setting, I have to disable it completely.
I have migrated User from Confixx 3.3.9 to Plesk and now it works fine.
In the Subscriptions i have disable the Feature Backup for the Costumers, but it dosent take an effect.
So i Turn it on and off again. But there was also no effect.
We run a high traffic server and the access logs get filled up very quick. I know we could implement rotation, but I would also like to prevent performance loss by having an access log, doesnt matter how marginal that would be.
View 6 Replies View RelatedI am trying to secure my VPS and one thing noted in a recent scan was SSL v2 and v3 being supported for SMTP, POP3 and IMAP. So a check of ‘Disabling SSLv3 Support on Servers’ and the Postfix configuration settings suggest:
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
# Preferred syntax with Postfix = 2.5:
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
This actually goes further than disabling SSLv2 and v3 and also excludes the use of NULL and MD5 ciphers.
The Postfix conf file, main.cf exists in two places on my VPS:
# find / -name main.cf
/usr/libexec/postfix/main.cf
/etc/postfix/main.cf
Examining both only the copy in /etc/postfix/ is configured and at the end of this file I can find all the Plesk settings, including some RBLs I’ve defined via the UI. Hence I know this is the working config as of the two, it’s the only one actually configured. Hence I add the required commands to the config:
...
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtp_tls_security_level = may
[Code] ....
I then go to the Plesk Tools & Settings > Services Management and restart:
SMTP Server (Postfix)
And for good measure:
Plesk milter (Postfix)
I then test whether SSLv2 is enabled:
# openssl s_client -connect x.x.x.x:25 -starttls smtp -ssl2
Now what I should get back is an error as the attempt to connect with SSLv2 should fail as it's an excluded protocol, but instead what I get back is the Plesk cert and a connection:
# openssl s_client -connect x.x.x.x:25 -starttls smtp -ssl2
CONNECTED(00000003)
depth=0 C = US, ST = Virginia, L = Herndon, O = Parallels, OU = Parallels Panel, CN = Parallels Panel, emailAddress = info@parallels.com
verify error:num=18:self signed certificate
...
Why? What do I need to do to have Postfix use the updated config and refuse an SSL2 connection?
I seem to have the same issue with Courier having made similar changes to the /etc/courier-imap/pop3d-ssl file:
# Iain 2014-12-12
# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
TLS_CIPHER_LIST="TLSv1:HIGH:MEDIUM:!LOW:!EXP:!NULL:!aNULL@STRENGTH"
And /etc/courier-imap/imapd-ssl file:
# Iain 2014-12-12
# TLS_PROTOCOL=SSL23
TLS_PROTOCOL=TLS1
actually, this should probably read:
# Iain 2014-12-12
# TLS_PROTOCOL=SSL23
TLS_PROTOCOL=TLS1, TLS1.1, TLD1.2
Why am I unable to disable SSL v2 and v3 for SMTP/POP3/IMAP with Postfix and Courier?
We have tested one of our CentOS 6.6 Plesk 12 servers to see if it was vulnerable to the poodle attack using the poodle.sh script from [URL] .... and found it was.
Then downloaded the special script from the same article run the script and re tested and everything was no longer vulnerable. But then started getting complaints from customers that they could not send email anymore and looking at it found errors like:
qmail: 1436280789.522657 delivery 768: deferral: TLS_connect_failed:_error:14082174:SSL_routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh_key_too_small;_connected_to
After looking in the forum found an extended cyphers list, which when used starts to allow email to be sent as normal. But then checking with the vulnerability script agian find that it has also allowed connections to ports 587 and 465 agian via SSL3v
Webmail used is Roundcube and Horde.
I have a client using a very old email client ( Eudora on Mac OS 9 ) and he cannot send email using our Plesk server.
The error reads...
I said: RSET
And then the SMTP server said: 530 5.7.0 Must issue a STARTTLS command firstClick to expand...
One failure cited by a recent PCI compliance report was that of the Plesk non-https login at port 8880. I believe we can resolve this by adding a firewall rule to block access to this port but wanted to check first if this will have any negative consequences elsewhere. Or is there a better way to achieve PCI compliance on this point?
View 2 Replies View RelatedHow can I do to send email without the security warning?
I want the clients sending mails no longer have a security warning.
I tried with SSL port 465
I tried with port 587 TLS> Mail settings for the entire server> Enable Send Message
New to Plesk in general so I don't know for sure if the "Register Domain Names" feature is part of our 'Web Pro Edition' or comes by default.
Also, is the domain registration option showing up because when installing Plesk I enabled the "Enable access to premium commercial apps"?
So my question is, can we still set it up so users have access to install applications (free and commercial), but disable the domain registration option?
I am unable to disable or modify the firewall by using the plesk firewall extention. Plesk throw the two errors below:
Code:
Error: Could not disable firewall:
util_exec(.., 'proc_open') failed: file does not exist or is not executable: /opt/psa/admin/bin/modules/firewall/register_service
Code:
Error: Could not activate firewall configuration:
util_exec(.., 'proc_open') failed: file does not exist or is not executable: /opt/psa/admin/bin/modules/firewall/safeact
I checked the symlinks, they point to the same location: /opt/psa/admin/bin/modules/firewall/mod_wrapper
-r-s--x--- 1 root root 18896 Jun 6 10:37 mod_wrapper
I have a Plesk 12 server running under Debian 7. I have a website with only mail so I disable web hosting. The problem is that the client needs to use webmail but webmail does not work (maybe because web hosting is disabled)...
View 1 Replies View RelatedI wanted to permanently get rid of xcache from my Plesk 12 as some softwares we are using crashes if xcache is installed or enabled on server.
At present I am doing yum remove to remove xcache php extension from server which is allowing our software to work but after couple of days, its coming back again.
I found traces in autoinstaller log, but I am not sure how to completely disable only xcache for all php versions installed on server i.e. PHP 5.3, 5.4, 5.5