AdminSergey L (Director of Program Management, Plesk International GmbH)

My feedback

  1. 627 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)

      We’ll send you updates on this idea

      open discussion  ·  85 comments  ·  Feature Suggestions  ·  Flag idea as inappropriate…  ·  Admin →

      @paedu
      Glad that you liked the joke. :)
      Last 2 years we were focused on other requests, such as DNSSEC, Lets Encrypt improvements, SSL for mail, Limiting CPU per user, etc. All highly voted as well. Fixing them, we cleared some room for new requests.

      We fully recognize volume of interest to the mailbox quota problem. Once we finish the current release, and will start planning next one - we will seriously consider this option to get included. Beyond the uservoice portal, it is in my personal list now.

      Thanks a lot for your patience.

      Sorry, but whether you can accept the argument or not - we can only sort requests by amount of votes, not by amount of "please!" or "urgent!" comments.

      Each user can allocate 1 to 3 of their votes for a request. The more people vote, the more votes they allocate in average - the higher would the rating be, the more attention request will receive.

      That's actually why we have voting here. While this request is very important to you guys, but there are 10 other requests with higher votes. Perhaps some of you even dedicated a share of your votes to those other requests as well.

    • 72 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)

        We’ll send you updates on this idea

        6 comments  ·  Feature Suggestions  ·  Flag idea as inappropriate…  ·  Admin →

        @Gary, we consider this improvement as quote meaningful, but age or complexity don't drive prioritity as much as votes do. This request is not getting in top20 yet, so while it is on our radar, we didn't started work on this yet. Once we start - you will see status changed to "planned" and then "started". We are trying to be transparent here.

        As of complexity, it is heavily driven by the list of operations required to be limited. Please everyone post which exact operations you would like to limit.

      • 512 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)

          We’ll send you updates on this idea

          98 comments  ·  Feature Suggestions  ·  Flag idea as inappropriate…  ·  Admin →

          Plesk currently offers two high-quality anti-viruses and other related services like WAF. Integrating another anti-virus solution is an expensive undertaking, so we’d like you to let us know which ClamAV features are missing in anti-viruses and services already available in Plesk. This will help us properly evaluate and prioritize this request.

          —AK

          Hi, we are updating status when there is some new information or status update from our end. Status updates are not frequent, but always meaningful.

          Unfortunately we cannot report to you any major change as of now:
          - this request is in remaining top5 (after higher priorities were delivered) and we fully recognize its priority for our customers
          - for quite a while we were seeing ClamAV as an alternative to already provided Dr.Web and Kaspersky antiviruses and honestly we considered that 2 available options should be already enough, while there were many other requests to work on. Especially given relatively easy manual integration of ClamAV by a server admin (guidelines are available online)
          - thanks to later posts of ClamAV supporters we re-evaluated ClamAV as a file scanner for web files, rather than for email. And in this context it definitely deserves more attention

          As of now we have a bunch of tasks assigned for the next release, but once we deliver the next version, we will seriously consider this item. Should there be any update on actual status, we will post it here

          We are thankful for everyones' votes and involvement

          @Anon: very good points, much appreciated!

          @Jake

          Thanks! Very good points

          @Jake,

          Well, your FTP users indeed can upload trojans or malicious code embedded in PDF files and images. But it cannot harm your server security, it will harm their site visitors, who will download those files. So I wonder how is your server impacted with these uploads?

          From server security standpoint, server admin shall probably be much more concerned for malicious HTTP uploads (not FTP), which are performed normally via a vulnerability in a hosted site and potentially can take over that site in a hidden manner or can take over a server (only in a combination with some other vulnerability, of course). mod_security shall be good solution against that, when accompanied by quality ruleset (such as the one from AtomicCorp). I don't fully understand how ClamAV is efficient here, given that it is very far from 100% efficiency and regular complete scans would likely cause huge load on a server.

          We observed a number of complains on high load from antiviruses scanning servers, but we have no positive data on their efficience. What is your experience about ClamAV file scan?

          @Jake

          How scan of ftp uploads would improve your server security?

        • 445 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)

            We’ll send you updates on this idea

            86 comments  ·  Feature Suggestions  ·  Flag idea as inappropriate…  ·  Admin →

            Happy to announce that we added backup to Cloud in Plesk Onyx 17.8 Preview (S3, Google Drive are already available; OneDrive coming soon).
            How to install Plesk Onyx 17.8 Preview https://talk.plesk.com/threads/plesk-onyx-17-8-preview.343283/

            You should install a corresponding extension to try:
            S3 – https://ext.plesk.com/packages/8762049b-870e-47cb-ba14-9f055b99b508-s3-backup
            Google Drive – https://ext.plesk.com/packages/52fd6315-22a4-48b8-959d-b2f1fd737d11-google-drive-backup

            SE

            @Rob,
            Previews are intended for early evaluation only. While technically the one might install preview and work on preview version till it becomes stable, and we have some records of people going this path previously, but it is neither officially supported nor recommended. Definitely not encouraged.

            All such attempts can only be performed at your own risk as there might be cases when further upgrade wont work and we wont be able to help you. That's a natural limitation of a preview version.

            @David, you can expect it publicly released next spring and becoming in stable by summer probably

            @Marcelo, you would need to contact ownCloud or NextCloud and see if they are interested in building an extension for Plesk. While Plesk cannot have enough hands to integrate every solution, our SDK and extensions allow every vendor to join and deliver. If you (or anyone else) would wish to integrate ownCloud or NextCloud by yourself, you are encouraged to start at https://ext.plesk.com/help and contact us for consulting if needed. We welcome independent contributors

          • 156 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)

              We’ll send you updates on this idea

              12 comments  ·  Feature Suggestions » Mail  ·  Flag idea as inappropriate…  ·  Admin →

              Hi @dieta,
              If you are willing to hire developers and make an extension, we can suggest a developing company that already delivered some extensions to us. If you are looking to build extension by yourself, feel free to start with https://ext.plesk.com/help
              We have a number of individuals already contributing extensions by themselves

              It might be considered in future, but for now we have 20+ requests here so we will focus on them for now.

              However Sogo Webmail can be integrated via Plesk SDK https://ext.plesk.com/help and we will be happy to publish this integration in our Extension Catalog

            • 4 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)

                We’ll send you updates on this idea

                4 comments  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →

                Thank for raising it. We have merged that other request in here for easy of tracking.

              • 243 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  30 comments  ·  Feature Suggestions  ·  Flag idea as inappropriate…  ·  Admin →

                  We have serious doubts this function can really increase server security:
                  1) Plesk has built-in protection against brute-force on login – it will lock the login form. So no one can try multiple attempts
                  2) Arbitrary login name adds very little guess-complexity to a proper password. If you have concerns for your login brute-forced – add another 5-7 characters into your password and feel safe.

                  As changed login name is still very likely to be some sort of vocabulary word or derived from your other account name – this function would only give a false sense of better security. Your security strength is in complex password, not in a complex login name. If you have one good password, you don’t need to treat login as your “second password” – one good password is enough.

                  As for concerns that default password requirement is set in “weak”, that fail2ban module is not…

                  @abc Good catch about root password. If you file that as a separate request, we are likely to improve it

                  Curtis,

                  I am afraid you are misinformed about locking admin or perhaps have much outdated information.

                  In case someone is trying to bruteforce your password, you remain safe:

                  - Plesk won't lock you if someone will try to bruteforce your password. Instead Plesk will add small delay on every false attempt, which doesn't make much difference for legitimate user (you), but makes any bruteforce nearly impossible as it would take too long.

                  - The Fail2ban module will lock a particular IP. So intruder will be locked, but you will be able to login safely. Except (of course), when intruder works from the same computer as you are, which could be the case when you decide to test your Plesk for bruteforce resistance (so you were the "intruder"). But in the real world it is much unlikely scenario

                  Some may also complain that bruteforcing itself can be considered DDoS attack, however different login name doesn't help here either - whether login is "admin" or not, the system will consume roughly the same resources on validating the attempt.

                  So the summary is:
                  - alternative login just cannot add more security than password already does. Adding extra symbol in password is equally effective as adding extra symbol in login name.
                  - intruders cannot lock you from logging in. They can only lock themselves

                  I can understand the fear when people see their servers are scanned, however looks like many people are looking for a false cure - scans won't disappear just because of the login changed. It doesn't take too much effort to try different login names in those bruteforce scripts.

                  Many internet services would use emails as login names. As those emails are often publicly known it should have been considered as a huge security threat, but of course everyone recognizes that it is not a weak login that compromises security - but a weak password does.

                  If you don't feel safe about your server, make sure you
                  1) have fail2ban module fully enabled. it will lock any bruteforce intruder quickly
                  2) have 2-factor auth extension installed. i.e. Clef. Here is an overview of available solutions: http://devblog.plesk.com/2015/02/passwords-in-plesk-just-say-no/
                  3) enable strong passwords in settings or just make sure your password is strong enough - not a dictionary word, not derived from a dictionary word, and includes digits and special characters.
                  Those things really improve security.

                  Hope it helps

                  Andrea, you have to watch your language here.

                  It cannot be really critical whether hacker has as login as a starting point or not - anyway they know your server IP. If your password is secure, you are safe. Add dp12kln88d as a prefix to your password and you will have those extra "497....eee..." combinations. No difference. You can add much more into your password actually.

                  Security is obtained via password, not via login.

                  For those concerned for brutefocring - just enable fail2ban in Plesk and an intruder will be blocked after first few attempts.

                • 10 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    3 comments  ·  Feature Suggestions » Extensions  ·  Flag idea as inappropriate…  ·  Admin →

                    While we wish it as much as you do, this is not possible to deliver Docker at customer level at the moment as customers can gain root-level access through the Docker CT and it will be an ultimate security breach.

                    The only generic way to deliver such function is wrapping all containers of a customer into a sort of VM similarly to Kubernetes “pods”, but Plesk itself runs in VM commonly and cannot produce extra tier of VMs. So we are very much limited by Docker itself and we are exploring how we can overcome it.
                    If you wish to continue conversation, please join talk.plesk.com
                    Thank you

                    Hello, containers don’t really need limiting by cgroups for resources, but there is no way to limit containers from security perspective once ssh access to container is granted. So it is not available to customers for security reasons

                  • 12 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      4 comments  ·  Feature Suggestions » Web / HTTP functions  ·  Flag idea as inappropriate…  ·  Admin →

                      Thank you @Gab T for explaining the usage. It really helps to understand the reason behind a request to evaluate its priority

                      We will consider this, but cannot promise quick delivery. PHP version is tightly connected to website concept.
                      However, did you consider placing scripts in different site and configuring virtual directories in .htaccess for SEO needs? Can that help?

                    • 3 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        2 comments  ·  Feature Suggestions » Mail  ·  Flag idea as inappropriate…  ·  Admin →

                        Definitely :)
                        As time goes, certain decisions are revised

                      • 65 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          11 comments  ·  Feature Suggestions » Mail  ·  Flag idea as inappropriate…  ·  Admin →

                          Hello, we might do this function later, but it is not planned yet due large number of higher rated requests in our voting system. IF there is an urgent need, the best would be to apply workaround from @Tozz below or another alternative

                        • 495 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            73 comments  ·  Feature Suggestions » Web / HTTP functions  ·  Flag idea as inappropriate…  ·  Admin →

                            Hello everyone,
                            the confusion was caused by overwriting original status rather than appending to it.

                            Notice, that the request remained opened and delivery of PageSpeed Insights didn't close it

                            However, while many of you were looking for mod_pagespeed specifically, potentially some of voters might have been interested in the PageSpeed Insights extension as well. That's why we considered appropriate to mention it here

                          • 58 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              12 comments  ·  Feature Suggestions » Databases  ·  Flag idea as inappropriate…  ·  Admin →

                              Hi, the actual status is always in the top right corner.
                              This is an interesting to us, though votes are real low yet

                            • 6 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                7 comments  ·  Feature Suggestions » DNS  ·  Flag idea as inappropriate…  ·  Admin →

                                Hi, the original poster most likely meant the solution described in here
                                https://ext.plesk.com/packages/f58eac32-6fda-4886-8d44-d3cb7b98933e-slave-dns-manager

                                Let us know if it is not what you were looking for

                              • 3 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  1 comment  ·  Feature Suggestions » Web Applications  ·  Flag idea as inappropriate…  ·  Admin →

                                  It might be impossible or dangerous technically. Home folder of each account has privileges configured in a way to prevent others from accessing them. We understand extra convenience of a global account, but wouldn't like to undermine security.

                                  But let us know if we are missing something...

                                • 18 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    planned  ·  12 comments  ·  Feature Suggestions » Plesk (general)  ·  Flag idea as inappropriate…  ·  Admin →

                                    @Azurel, very good point! Ideally passwords should be un-decryptable by design (one-way hash).

                                    I shall openly and frankly say that decryption of passwords isn't our intention at all and we will keep sticking to secure side. However we respect the pain of those who supported this request despite there are only few votes. So we are ready to listen for typical scenarios where password is needed and then consider alternative solutions for them.

                                    Don't take it wrong - we are not going to even consider decryption tool, but we are ready to consider alternative solutions for scenarios where password is needed now.

                                    For example:
                                    - we are introducing one-time login "tickets" for the case when system administrator ("root") needed Plesk CP password - it will replace exposure of real CP password https://docs.plesk.com/en-US/17.0/cli-linux/plesk-utility.75661/
                                    - for the case below (external system exposing password for its users), our recommendation is to process password in such system and then push changes into Plesk via Plesk XML API. Such external system would bear complete responsibility for password security then, but Plesk won't weaken its security.

                                    We are ready to listen further cases and provide guidelines for them at our best capacity.
                                    But there will be no built-in decryption facility

                                    Hi Dave,

                                    XML API for update is

                                    <packet version="1.6.3.0">
                                    <mail>
                                    <update>
                                    <set>
                                    <filter>
                                    <site-id>12</site-id>
                                    <mailname>
                                    <name>admin</name>
                                    <password>
                                    <value>123456</value>
                                    <type>crypt</type>
                                    </password>
                                    </mailname>
                                    </filter>
                                    </set>
                                    </update>
                                    </mail>
                                    </packet>

                                    http://download1.parallels.com/Plesk/PP11/11.5/Doc/en-US/online/plesk-api-rpc/34509.htm

                                    For event handlers catching password may be possible, please see here
                                    http://download1.parallels.com/Plesk/PP11/11.5/Doc/en-US/online/plesk-administrator-guide/67897.htm#o67974

                                    Hi Dave,

                                    Thanks for explaining your scenario in details.

                                    Specifically for email, would it work if you pass the password in XML API like in the example here?

                                    http://download1.parallels.com/Plesk/PP11/11.5/Doc/en-US/online/plesk-api-rpc/34502.htm

                                    <?xml version="1.0" encoding="UTF-8"?>
                                    <packet version="1.6.3.5">
                                    <mail>
                                    <create>
                                    <filter>
                                    <site-id>1</site-id>
                                    <mailname>
                                    <name>techdept</name>
                                    <mailbox>
                                    <enabled>true</enabled>
                                    <quota>1024000</quota>
                                    </mailbox>
                                    <password>
                                    <value>test123</value>
                                    <type>plain</type>
                                    </password>
                                    </mailname>
                                    </filter>
                                    </create>
                                    </mail>
                                    </packet>

                                    Plesk will automatically convert the password passed into crypted or hashed form depending on current implementation.

                                  • 1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      2 comments  ·  Feature Suggestions » Backup / Restore  ·  Flag idea as inappropriate…  ·  Admin →

                                      Thank you @Reboot,
                                      I think you can start with Plesk config monitoring tool which is very similar to what you were desc:
                                      https://devblog.plesk.com/2013/07/cfgmon/
                                      Lets us know if that is the thing you meant

                                    • 180 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        24 comments  ·  Feature Suggestions » Web / PHP  ·  Flag idea as inappropriate…  ·  Admin →

                                        @Andreas,

                                        Good point! PHP7 in many tests is almost same good as HHVM and in some tests even outperforms HHVM. We will keep the suggestion open for a while to explore whether demand for HHVM remains or perhaps HHVM might get additional performance boost

                                      • 13 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          7 comments  ·  Feature Suggestions » Plesk (general)  ·  Flag idea as inappropriate…  ·  Admin →

                                          No, cPanel doesn't support Phalcon, that would be quite an overstatement

                                          cPanel only provides guidelines how to download and install custom modules including Phalcon because cPanel requires PHP built right at a server. But at the same page (https://documentation.cpanel.net/display/EA/Custom+Modules) there is a clear statement saying
                                          "Warning: cPanel does not provide _support_ for custom modules."

                                          Equally you can build your own PHP with Phalcon for Plesk and then use Plesk guidelines of connecting your own PHP.

                                          There are no news yet. At some point we will explore how much it is beneficial to our web dev users, but no certain date yet.

                                        • 752 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            83 comments  ·  Feature Suggestions » Usability and UI  ·  Flag idea as inappropriate…  ·  Admin →

                                            @Ludovic,
                                            We can assure that the item is not forgotten and stays high in our backlog. But the capacity is finite and at this moment there are 4 higher ranked requests to take care about - so while I personally regret for your pain in regards of this function, we shall also respect votes of a larger group.

                                            > Why do we have uservoice if Plesk is not listening?
                                            With all due respect to your personal frustration, this statement is totally unfair: 123 requests have been delivered since the uservoice had been launched. That's something.

                                            @Anonymous

                                            Hm, which other panels you were moving domains between subscriptions? i.e. were you able to move addon domains between accounts in WHM/cPanel?

                                            Domain is a collection of files in user's account and under user's privileges. While we know docroot - we have no idea where are the other files (which are commonly placed outside). We often cannot tell for sure which database(s) are used in a site. There is also mail involved. Once moved, new privileges need to be assigned which may be quite impacting for a site. Once file locations changed, it breaks every script using absolute paths in its code (common enough for older sites). So this is not super-easy.

                                            Moving domain shall not be confused with moving complete subscription (or "account" in other panels), which is whole different story, and it is easy indeed. This function is available in Plesk for a while already.

                                            Please tell a little how you would see it working?

                                            i.e. if sites are relocated to a different folder (core limitation of a subscription), they could fail because of changed file paths and will require some fixes in site code and configuration. Would it be accepted?

                                          ← Previous 1 3

                                          Feedback and Knowledge Base