Huge Plesk Calamity

1 points by igtztorrero ↗ HN
My server was hacked, it uses plesk to administer domain. Last week I couldn't access plesk, so I "ssh" to my server, and used "top" command, I saw some weird processes, consuming all my cpu time ! I use "ps auxww" to detect the process and I met Medusa. What the heck is Medusa ? Why is installed in my server ? Who is using my server ? I'm part of that statistic 360,001 websites hacked! Why plesk doesn't warning me ?

http://arstechnica.com/security/2013/06/more-than-360000-apache-websites-imperiled-by-crticial-vulnerability/

1 comment

[ 3.0 ms ] story [ 11.8 ms ] thread
Just one thing to do. Reinstall Plesk on a new server and restore your data from a clean backup. I would suggest installing some sort of security enhancements in the new server. Personally I use ASL from Atomicorp which prevents most vulnerabilities.