How to Fix the Recent Plesk Security Vulnerability

All versions of Plesk released before September of 2011 are vulnerable to a security issue which can compromise your server. Codero has seen hundreds of Plesk servers compromised through this security vulnerability,  so we recommend that you take immediate action to resolve this.

Note:  If you are a managed server customer, Codero  has already patched your server(s) and no action is needed on your part.  If you are not a managed server customer, patching your server is your responsibility.  If you need assistance, Codero staff can patch your server(s) for you at our Advanced Support rate of $99/hour.  Please login to ServerPortal.com and submit a support ticket if you wish Codero to patch your server for you.

You can check if you are vulnerable by running this script from Parallels. If the script says “Plesk is up to date” or “The patch has been successfully applied” you do not need to do anything further.

If you receive the message “The patch has not been applied” you need to update Plesk to a newer, more secure version.

You need to know what major version of Plesk you are on to update. Instructions for finding your version of Plesk. An example version is “9.2.1 CentOS 5 92090422.13″. This server is on major version 9, minor version 2.1, with microupdate #13.

The official Parallels directions on how to run the autoinstaller to apply updates are here.

If you are on major version 8, you need to update to 8.6.0. If you are already on 8.6.0, you may need to run the autoinstaller twice to upgrade the autoinstaller itself to be able to receive microupdates. 8.6.0 with microupdate #2 is the first safe version.

If you are on major version 9.x, run the autoinstaller and select version 9.5.4. 9.5.4 with microupdate #11 is the first safe version.

If you are on major version 10.x, upgrade to at least 10.3.3 and install all microupdates through the autoinstaller.

Once you are done upgrading, please run the vulnerability checker again to verify you have fixed the issue. If you are not able to perform the update for any reason, please open a ticket through Server Portal.

Please note, if your server becomes compromised due to this vulnerability and you did not patch despite the multiple notices from Codero, the Server Protection Plan will not be in effect for the compromise. 

Updates

  • There are currently no updates. Please subscribe for updates or check back soon.

PHX Network Issue under investigation

We are currently investigating a network issue with one of our upstream providers which is affecting the ability of some clients in PHX from accessing their servers.  We have shut the provider down and are monitoring the situation.  Updates to follow.

Updates

  • Codero NOC says:

    We have shutdown our Highwinds circuit in PHX. Traffic issues are resolved.

  • Codero NOC says:

    Problem should be resolved. Engineering was on it ASAP. This was a network issue & we switched providers immediately.

Network Issue Under Investigation

An outbound network attack is affecting some clients on our network.  Currently, engineers have blocked the affected site and are shutting down attacking servers — which seem to have a commonality of running Parallels Plesk on a Windows server.  If your server is unreachable now, and does not have Plesk and Windows, please contact support.  Our Above.net traffic routing has been ceased to improve the issue for other customers.

 

Updates

  • Codero NOC says:

    We have shutdown our Highwinds circuit in PHX. Traffic issues are resolved.

  • Codero NOC says:

    Problem should be resolved. Engineering was on it ASAP. This was a network issue & we switched providers immediately.

Phoenix Network Issue Being Investigated

Our network engineering team is currently investigating some intermittent network issues within our PHX data center.  We will update this status page and our @CoderoNOC twitter account with information as it becomes available.

Updates

  • Codero NOC says:

    We have shutdown our Highwinds circuit in PHX. Traffic issues are resolved.

  • Codero NOC says:

    Problem should be resolved. Engineering was on it ASAP. This was a network issue & we switched providers immediately.

Maintenance Window : Cloud [07.09.2011]

On Saturday, July 9, 2011, the Codero team will be performing maintenance to the Codero Cloud Management Systems. These functions will be performed during a five-hour maintenance window listed below.

 

MAINTENANCE WINDOW:

DATE:                    Saturday, July 9, 2011
START:                  12:00 AM EDT (05:00 UTC)
END:                      05:00 AM EDT (07:00 UTC)

 

You are receiving this notification to alert you that during this time access to the Codero Cloud Portal and the ability to manage your virtual machine(s) will not be available. This includes starting, stopping, rebooting, upgrading or downgrading of virtual machines. Any scheduled snapshots during this time will also not occur.

 

Be sure to follow @CoderoNOC on Twitter and monitor our status page (www.codero.com/status) for updates and service impacting information.

Regards,
Codero Operations

 

NOTE:  To contact us regarding this maintenance window, please submit a Support ticket via ServerPortal.com.

 

Updates

  • There are currently no updates. Please subscribe for updates or check back soon.

Power Maintenance Window : 6.5.2011

On Sunday, June 5, 2011, Codero and our electrical contractors will be performing preventative maintenance to a portion of our power systems in our Phoenix Data Center. These functions will be performed during a four-hour maintenance window listed below. Electrical contractors will be onsite performing updates on the electrical equipment.

MAINTENANCE WINDOW:

DATE:                    Sunday, June 5, 2011
START:                 01:00 AM EDT (05:00 UTC)
END:                      04:00 AM EDT (07:00 UTC)
SERVERS:             Check ServerPortal.com messages to see if one of your servers is involved

You are  receiving this notification to alert you that your server(s) will experience a four-hour or less downtime as power will have to be shut down to the portion of the data center receiving these updates.  Should this timeframe not be convenient for you, please open a ticket via ServerPortal.com to propose an alternate time prior to May 27, 2011. Codero will then move your server(s) to another location within the data center to prevent downtime during the maintenance window on June 5, 2011.

IMPORTANT NOTES:

Please immediately take this time to update your administrator/root password for the above servers in ServerPortal.com. Codero will make every attempt to carefully shutdown these servers at the beginning of the maintenance window.  If your password is incorrect, we will be forced to hard-power down your server, which could result in data or hardware loss.

We encourage you to make a backup of your data prior to this maintenance window because Codero is not responsible for any data loss resulting from actions performed during this maintenance window.

 

Be sure to follow @CoderoNOC on Twitter and monitor our status page (www.codero.com/status) for updates and service impacting information.

Thank you in advance for your prompt attention to updating your passwords and making data backups.

Regards,
Codero Operations

 

Updates

  • There are currently no updates. Please subscribe for updates or check back soon.

Brief DDoS Attack

Today April the 1st 2011, from approximately 11:37 am CDT till 11:57 am CDT, Codero’s Phoenix facility experienced a brief DDoS attack. Network operations did not completely cease however high network latency was experienced. This issue has been resolved. If you are still experiencing issues, please contact customer support by submitting a ticket via https://serverportal.com/.

Updates

  • There are currently no updates. Please subscribe for updates or check back soon.

MAINTENANCE WINDOW: April 3rd 02:00 to 04:00 EDT – UPS & Generator Testing

On Sunday, April 3, 2011, we will be performing full load testing of our UPS and backup generator power systems in our Phoenix Data Center. During this maintenance window, no service interruption is anticipated. These functions will be performed during a two-hour maintenance window listed below, and will involve multiple electrical contractors onsite performing tests on the electrical equipment.

MAINTENANCE WINDOW:

DATE:                    Sunday, April 3, 2011
START:                 02:00 AM EDT (06:00 UTC)
END:                      04:00 AM EDT (08:00 UTC)

You are receiving this notification as a courtesy as your servers(s) should experience no downtime as power interruptions are not anticipated.

IMPORTANT NOTES:

o   Please take this time to update your administrator/root password for the above servers in ServerPortal.com.  In the event of a problem, Codero will make every attempt to carefully shut down these servers should it be required.  If your password is incorrect, we will be forced to hard-power down your server, which could result in data or hardware loss.  But please note that service interruption is not anticipated.

o   We encourage you to make a backup of your data prior to this maintenance window because Codero is not responsible for any data loss resulting from actions performed during this maintenance window.

 

Be sure to follow @CoderoNOC on Twitter and monitor our status page (www.codero.com/status) for updates and service impacting information.

Thank you in advance for your prompt attention to updating your passwords and making data backups.
Regards,

Codero Operations

Updates

  • Codero NOC says:

    We have shutdown our Highwinds circuit in PHX. Traffic issues are resolved.

  • Codero NOC says:

    Problem should be resolved. Engineering was on it ASAP. This was a network issue & we switched providers immediately.

MAINTENANCE WINDOW: April 3rd 01:00 to 03:00 EDT – Power Systems Update

On Sunday, April 3, 2011, Codero and multiple contractors will be performing preventative maintenance to a portion of our power systems in our Phoenix Data Center. These functions will be performed during a two-hour maintenance window listed below. Multiple electrical contractors will be onsite performing updates on the electrical equipment.

MAINTENANCE WINDOW:

DATE:              Sunday, April 3, 2011
START:            01:00 AM EDT (05:00 UTC)
END:                03:00 AM EDT (07:00 UTC)

This maintenance window has limited impact and affected customers have received direct notification via the phone number and email listed on file.  Should this time frame not be convenient for you, please open a ticket via ServerPortal.com to propose an alternate time prior to April 2nd. Codero will then move your server(s) to another location within the data center to prevent downtime at this specific time interval on April 3, 2011.

IMPORTANT NOTES:

o   Please take this time to update your administrator/root password for the above servers in ServerPortal.com. Codero will make every attempt to carefully shutdown these servers at the beginning of the maintenance window.  If your password is incorrect, we will be forced to hard-power down your server, which could result in data or hardware loss.

o   We encourage you to make a backup of your data prior to this maintenance window because Codero is not responsible for any data loss resulting from actions performed during this maintenance window.
Be sure to follow @CoderoNOC on Twitter and monitor our status page (www.codero.com/status) for updates and service impacting information.

Thank you in advance for your prompt attention to updating your passwords and making data backups.

Regards,

Codero Operations

Updates

  • Codero NOC says:

    We have shutdown our Highwinds circuit in PHX. Traffic issues are resolved.

  • Codero NOC says:

    Problem should be resolved. Engineering was on it ASAP. This was a network issue & we switched providers immediately.

Packet Loss

This evening at approximately 10:43 PM Central Time on 3/14/2011, our Phoenix facility experienced a brief DDoS attack taking down a small portion of our inbound traffic.

When the attack began, our network engineering team immediately implemented our DDoS recovery Standard Operating Procedures (SOP).  These procedures include:

a)  investigating the nature and type of the attack;
b)  communicating with our upstream providers in an effort to thwart the attack; and
c)  implementing network routing rules and other preventative measures within our infrastructure.

The attack lasted approximately 5 minutes and has been resolved.

Updates

  • There are currently no updates. Please subscribe for updates or check back soon.