132 results found
Plesk has fail2ban but seems to have no port scan protection, Something like PSAD or Portsentry would be good to be included to allow blocking and reporting on portscans making plesk more secure for everyone.22 votes
Add Spamhaus DROP LIST integration to the firewall with update schedule16 votes
Plesk has support for Google Authenticator and Clef, could an Extension/Module be written to support the authentication through Duo Security?27 votes
It would be great to have ftp account with an expire date.
A sort of temporary ftp accounts.
This becomes really usefull when you need to share your ftp details temporary with a webdeveloper, or somebody else to maintain of check an website.
I always make a new FTP account for this sort of events, but then forget to delete them. It would be real nice if you could set a expire date that the account automaticly blocks itself after that date is past.109 votes
Thank you for your input. We will consider the possibility of implementing this feature in upcoming releases.
Expand 2FA options: Yubikey, WebAuthn (FIDO, FIDO2, U2F), also HOTP counter-code for existing Google Authenticator
Add two-factor-auth for YubiKey.225 votes
Thank you for your input. We will explore the possibility of implementing YubiKey in upcoming releases.
Plesk need to Support chacha20_poly1305 or QUIC better both
It's faster than the normal https Socket and more Secure, QUIC can used in https also http and safer as SPDY15 votes
is better if such as "wordpress toolkit" you implement this software in plesk https://www.rfxn.com/projects/linux-malware-detect/ + ClamAV (is more faster the maildect search).
With this way, anyone can scan our website from malware. And after scan, the user need to have an notify via email or directly into plesk. This inscrease the security of website and also increase the plesk security.
I use it somethimes for scan all website into our web hosting, and I found it very usefull for prevent serius problem of botnet, hacked website etc.
I hope that you can consider to implement this function.
The new security option for plesk 12 is Fail2Ban, but it is only for Linux version.
There is an opensorce for windows.
I suggest to Parallels Team include this.130 votes
Attacks to web servers are in increasing. All modern Linux distribution come with SELinux. SELinux is a perfect way to avoid an attacker to get privileged access to the OS. Currently, Plesk is not supporting SELinux.
Support should be added. A policy should be provided to configure SELinux to support all PLESK relevant actions on the server.11 votes
In Fail2ban (great idea to include it in plesk!) settings you can set "Time interval for detection of subsequent attacks" (findtime) in general. But it would be interesting this setting per Jail.
you could have 2 jail with same filter but different findtime. Example:
Jail 1) 5 failures in 600 seconds: 1800 seconds ban
Jail 2) 30 failures in 86400 seconds: 604800 seconds ban
There are bots that detect if you have some protection fail2ban or similar and it will adapt, login attempt every 300 seconds for example. Jail 1 no detect this attack, but Jail 2 yes.64 votes
Let Plesk on every night optionally create/compare md5-hashes from all files in the domains storage-space (web,httpdoc,ftp) and update this in a simple list (database), sortable by date of last change, size, number of changes. Indicating "changed files in the last xx days" to have a time-window to drill down.
In addition, accumulate all vhosts together into a seperate "Admin-View", where ALL domains are put together alphabetically.
Add an additional button "snapshot", so one could create a list of all webfiles on request. For example, when an incident has been cleaned, then click "snapshot" and then wait some time to see…70 votes
Naxsi is an open source, high performance, low rules maintenance, Web Application Firewall module for Nginx43 votes
Thank you for your input. We will review this nginx module to see if we should support it out of the box
- Don't see your idea?