Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
100 results found
-
Implement OSSEC
Implement as an add-on, or possibly through an Extension, the ability to install and configure OSSEC. An Extension GUI which provides simple, limited functionality to configure the most frequently used features of OSSEC would be an awesome addition to Plesk.
25 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
ET -
Add ipset in Firewall to increase performance
Please extend the Firewall / Concept to make the use of ipset, because it is generally the fastest solution i found so far. Chains like "f2b-recidive" can also be implemented as ipset list. This will speed up the whole process while adding or removing ips. I dont know if there is a cidr support in ipset...
For example, remove the following chain:
f2b-plesk-postfix tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587
And extend the firewall with a native DROP on the ports as described below:
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587 match-set f2b-plesk-postfix src
And then (or before?) just…
17 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
ET -
Set right ciphers by default on Windows
There is a documentation how to do it manually: https://docs.plesk.com/en-US/onyx/administrator-guide/plesk-administration/securing-plesk/pci-dss-compliance/tune-plesk-to-meet-pci-dss-on-windows.78901/
but there is no tool to do it automatically (and by default during the installation).
4 votesAFAIU, the request is about right ciphers for SSL configuration. We have a documentation how to do it manually: https://docs.plesk.com/en-US/onyx/administrator-guide/plesk-administration/securing-plesk/pci-dss-compliance/tune-plesk-to-meet-pci-dss-on-windows.78901/ but have no tool to do it automatically, so, this is a valid request, we’ll look into it.
There is no ETA at the moment, but we would really appreciate you voting for this request so that we can accurately assess its popularity relative to other features. Thanks in advance!
— rk
-
11 votes
Thank you for your input! We will consider functionality to implement ability to set TLS as required for email connections in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
Please note that STARTSSL is a service of StartCom and there are issues with them to stay in CA role http://www.pcworld.com/article/3129725/certificate-policy-violations-force-reform-at-startcom-and-wosign.html so STARTSSL support will not be implemented in Plesk.
—
ET -
Integration with firewall service on the blocked addresses. https://www.abuseipdb.com/api.html
Allowing you to see information from other participants and automatically deny access to all new locations as they are very much in a day.
AbuseIPDB
making the internet safer, one IP at a time40 votesWe will consider this functionality in upcoming releases if it will be popular. However, in part of integration with 3rd party, probably it will be faster if you create Plesk extension. Please refer to https://docs.plesk.com/en-US/17.0/extensions-guide/what-are-plesk-extensions%3F.76331/ to know how.
Everyone, please continue voting for this feature if you consider it important.
—
ET -
Description of IP in Firewall Rules to e.g. name the IP 'Office', 'Home', 'IP John'
Description of IP in Firewall Rules to e.g. name the IP 'Office', 'Home', 'IP John'
24 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.— rk
-
ProFTPd GeoIP blocking
Compile proftpd with "GeoIP"
http://www.proftpd.org/docs/contrib/mod_geoip.htmlThis would allow to block or whitelist countries - even on a per user basis.
We did research on this and most of the foreign FTP attempts are malicious.17 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.— rk
-
Make PLESK compatible with "Microsoft Security Essential" for Windows servers
Microsoft Security Essential is a free and powerful security software for windows server. I recommend make PLESK compatible with this software to have a powerful and simple security solution.
8 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
— SU -
Add SMS (text) verification as optional 2FA
sms verifying on login
9 votesThis is a valid request. Please keep voting on this if you believe it is an important feature.
-- PD
-
Secure default HTTPS settings
Set the default settings so that websites (e.g. Wordpress) created in Plesk have a good score in online scanners (are secure).
One very good scanner is https://observatory.mozilla.org/
This includes some headers to be sent, and secure TLS settings.
Mozilla also offers a guide concerning web server settings: https://wiki.mozilla.org/Security/Server_Side_TLSThe remaining things should be set in Wordpress directly directly by Plesk.
19 votesThank you for your input! We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
— ES
-
Integrate awesome Security from "Sophos Anti-Virus for Linux Free Edition"
There should be a Scanner for Malware by default.
"Wordpress" already has a super Tool but what about the the other Apps on Server ...11 votes -
Port Scan protection, PortSentry / PSAD
Plesk has fail2ban but seems to have no port scan protection, Something like PSAD or Portsentry would be good to be included to allow blocking and reporting on portscans making plesk more secure for everyone.
22 votes -
Support HPKP
I'd like to see HPKP integrated into the SSL certificate management of Plesk. This would allow, in combination with standard Nginx/Apache config, for a strongly recommended and worthwhile security element to be added to hosted sites.
Testing tool
https://securityheaders.ioMore info
https://scotthelme.co.uk/hpkp-http-public-key-pinning/57 votes -
Implement a support module for Duo Security 2FA
Plesk has support for Google Authenticator and Clef, could an Extension/Module be written to support the authentication through Duo Security?
27 votes -
Temporary FTP accounts (with expire date)
It would be great to have ftp account with an expire date.
A sort of temporary ftp accounts.This becomes really usefull when you need to share your ftp details temporary with a webdeveloper, or somebody else to maintain of check an website.
I always make a new FTP account for this sort of events, but then forget to delete them. It would be real nice if you could set a expire date that the account automaticly blocks itself after that date is past.
112 votesThank you for your input. We will consider the possibility of implementing this feature in upcoming releases.
— ES
-
Support of SELinux
Attacks to web servers are in increasing. All modern Linux distribution come with SELinux. SELinux is a perfect way to avoid an attacker to get privileged access to the OS. Currently, Plesk is not supporting SELinux.
Support should be added. A policy should be provided to configure SELinux to support all PLESK relevant actions on the server.13 votes -
Fail2ban setting findtime per Jail
In Fail2ban (great idea to include it in plesk!) settings you can set "Time interval for detection of subsequent attacks" (findtime) in general. But it would be interesting this setting per Jail.
Why?
you could have 2 jail with same filter but different findtime. Example:
Jail 1) 5 failures in 600 seconds: 1800 seconds ban
Jail 2) 30 failures in 86400 seconds: 604800 seconds banThere are bots that detect if you have some protection fail2ban or similar and it will adapt, login attempt every 300 seconds for example. Jail 1 no detect this attack, but Jail 2 yes.
66 votes -
Windows Fail2Ban
The new security option for plesk 12 is Fail2Ban, but it is only for Linux version.
There is an opensorce for windows.
http://www.digitalruby.com/securing-...icated-server/
I suggest to Parallels Team include this.
136 votes -
Create daily md5-hashes of the web-content of a domain, to quickly identify tampering or hacking.
Let Plesk on every night optionally create/compare md5-hashes from all files in the domains storage-space (web,httpdoc,ftp) and update this in a simple list (database), sortable by date of last change, size, number of changes. Indicating "changed files in the last xx days" to have a time-window to drill down.
In addition, accumulate all vhosts together into a seperate "Admin-View", where ALL domains are put together alphabetically.
Add an additional button "snapshot", so one could create a list of all webfiles on request. For example, when an incident has been cleaned, then click "snapshot" and then wait some time to see…
73 votes -
Naxsi - web application firewall for Nginx
Naxsi is an open source, high performance, low rules maintenance, Web Application Firewall module for Nginx
44 votesThank you for your input. We will review this nginx module to see if we should support it out of the box
- Don't see your idea?