Initial Plesk Security Best Practices

Initial Plesk Security Best Practices

 

Guard against weak passwords

  1. To prevent – don’t allow customers from using weak passwords, adjust the complexity requirements on:
    1. Tools & Settings > Security > Security Policy

Set to Strong or Very strong

(Do immediately after installing Plesk on the server; otherwise later it will not affect existing weak passwords leaving them vulnerable)

Protect from Security Threats

Domain name scams

  1. To Prevent - Don’t allow customers to create DNS subzones in other customers’ DNS zones
  2. Tools & Settings > Security > Restrict Creation of Subzones
  • Select checkbox ‘Forbid users to create DNS subzones in other users’ DNS superzones’

Email interception

  1. To prevent - Add all domain names that your company uses to the list of prohibited domain names.
    1. Tools & Settings > Security > Prohibited Domain Names
    2. Click ‘+ Add Domain Name’ button (use an asterisk {*.example.com}
    3. Click (Check) ‘Enable’ button

(Do immediately after installing Plesk on the server; otherwise later it will not affect existing fraudulent domains already in existence leaving them vulnerable)

Unrestricted administrative access to Plesk

  1. To prevent – Restrict the administrator’s access (Default; Access is allowed from all Networks)
    1. Tools & Settings > Security > Restrict Administrative Access
    2. Click ‘Settings’ button
    3. Click ‘+ Add Network’ button
    4. Allow access from your Corporate network and your support department’s network (any provisioning systems IP’s)
  • (Adding a home network is not recommended; Instead use a VPN)

Brute force attacks

  1. To prevent – (Only available on Linux; Enable ‘IP Address Banning (Fail2Ban) – a service that monitors other services’ log files) {If a user fails to log in to a service 3 times in 600 seconds Fail2Ban will create a firewall rule to block the remote host for the next 600 seconds}
    1. Tools & Settings > Settings
    2. Click ‘Enable Intrusion detection’ Checkbox
    3. Turn on monitoring of specific services on the ‘Jails’ tab
    4. ‘Select All’ checkbox
    5. Click ‘Enable
    6. You can further Ban / Unban and check logs

Web Application Vulnerabilities

  1. To prevent – Use a web application firewall; ModSecurity (Module for Apache web server)
    1. Tools & Setting > Web Application Firewall (ModSecurity)
    2. Click ‘On’ Radio Button – to enable
    3. To configure: Adjust Rule Sets