Adonis
04-03-2009, 07:32 PM
I have been trying to get an answer for this problem from Parallels/swsoft since april 1st, but so far no answer at all.
The issue is this. On april 1st, between 9am and 10am CET, my Plesk 8.4 suddenly got updated to version 8.6. I found out near the end of the day when i found out that the whole day no one has been receiving any mail, and to make things worse, all people sending mail to domains on my server received a message that they were not allowed to send mail.
It took me around 12 hours to clean up the mess this upgrade created.
I was alsleep at the time of the upgrade, and i am the only one with root access and Plesk access. From the plesk log, i found that this came from ip 87.117.255.64, which is from eukhost.com.
Usually when someone logs in at plesk, it creates a log entry inside plesk showing the account used to login. Not here. I'll post the first two log entries below:
87.117.255.64 [2009-04-01 09:40:27] 'Plesk component upgrade' ('Plesk component name': 'psa' => 'psa')
87.117.255.64 [2009-04-01 09:40:27] 'Plesk component upgrade' ('Plesk component name': 'psa-api-rpc' => 'psa-api-rpc')
So this "person" did not login at plesk. I then proceeded to scan the server logs. No entry for that IP anywhere to be found. I did a full virus scan, which did come up empty. I also did a full backdoor check which also came up empty.
I then posted a message on the Plesk forum, no response. Emailed Parallels, no repsone. Opened a ticket at 4PSA (my plesk reseller) and they told me i need to go to Parallels for this. And parallels state on their site that i should contact the reseller. I know that obviously i have to go to Parallels... since this is not 4PSA's doing at all.
I also contacted my server provider. They didnt do it either. I also filed an abuse report at eukhost.com, but they told me a scan of the server where that IP resides on came up empty... and that i should go to parallels.
I'm all out of options now. I need to get hold of Parallels / Swsoft engineers to get into this matter, but they do not reply to my requests. I paid a lot of money for this controlpanel and receive no service at all.... not even for a matter as serious as this.
Either someone did this, or the plesk software did this on its own (which is not possible since there's no feature for that in the linux version), or there is a backdoor inside Plesk that allows someone to do this. I think it's quite important to know.. not just for me but for everyone running Plesk.
I wonder.. am i the only one who has this issue? And... is there another way to contact plesk?
The issue is this. On april 1st, between 9am and 10am CET, my Plesk 8.4 suddenly got updated to version 8.6. I found out near the end of the day when i found out that the whole day no one has been receiving any mail, and to make things worse, all people sending mail to domains on my server received a message that they were not allowed to send mail.
It took me around 12 hours to clean up the mess this upgrade created.
I was alsleep at the time of the upgrade, and i am the only one with root access and Plesk access. From the plesk log, i found that this came from ip 87.117.255.64, which is from eukhost.com.
Usually when someone logs in at plesk, it creates a log entry inside plesk showing the account used to login. Not here. I'll post the first two log entries below:
87.117.255.64 [2009-04-01 09:40:27] 'Plesk component upgrade' ('Plesk component name': 'psa' => 'psa')
87.117.255.64 [2009-04-01 09:40:27] 'Plesk component upgrade' ('Plesk component name': 'psa-api-rpc' => 'psa-api-rpc')
So this "person" did not login at plesk. I then proceeded to scan the server logs. No entry for that IP anywhere to be found. I did a full virus scan, which did come up empty. I also did a full backdoor check which also came up empty.
I then posted a message on the Plesk forum, no response. Emailed Parallels, no repsone. Opened a ticket at 4PSA (my plesk reseller) and they told me i need to go to Parallels for this. And parallels state on their site that i should contact the reseller. I know that obviously i have to go to Parallels... since this is not 4PSA's doing at all.
I also contacted my server provider. They didnt do it either. I also filed an abuse report at eukhost.com, but they told me a scan of the server where that IP resides on came up empty... and that i should go to parallels.
I'm all out of options now. I need to get hold of Parallels / Swsoft engineers to get into this matter, but they do not reply to my requests. I paid a lot of money for this controlpanel and receive no service at all.... not even for a matter as serious as this.
Either someone did this, or the plesk software did this on its own (which is not possible since there's no feature for that in the linux version), or there is a backdoor inside Plesk that allows someone to do this. I think it's quite important to know.. not just for me but for everyone running Plesk.
I wonder.. am i the only one who has this issue? And... is there another way to contact plesk?