Hostasaurus

My feedback

  1. 22 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Feature Suggestions » Plesk (general)  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    Hostasaurus commented  · 

    Five years later, instead of caring about security, they provide a way to gain root access through the UI that you have to explicitly disable instead of enable... and still no syslog of such activity.

    An error occurred while saving the comment
    Hostasaurus commented  · 

    I'd like to see this as well. Anything that goes into Action Log should also be able to be sent to syslog, which would allow it to immediately leave the server to one or more additional destinations to ensure the logs are preserved through a server compromise or malicious Plesk 'Additional Administrator' behavior.

    I suspect this is the kind of feature that larger customers of Plesk want. I also suspect it will never get the votes necessary for Plesk to care, because this stupid way of requesting features means nothing that appeals to people managing a very large number of servers ever receives enough votes, as all the popular requests are things that appeal to people running one copy of Plesk. They're clearly headed in a direction of not placing any value on enterprise customers, because few, if any, features of the past few years seem to be of interest to that type of customer.

    Hostasaurus supported this idea  · 
  2. 1,529 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    239 comments  ·  Feature Suggestions » Plesk (general)  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We hear you and see a clear demand for this feature.

    I want to say that implementing these features requires a lot of investment, and in 2021 Plesk team keeps focusing on the delivery of other improvements (sad, but true).

    We will back to the re-evaluation of these features at the beginning of the next year.

    Please continue to share your use cases and requirements, and it would really helpful if you point to existing solutions that we can review and check before implementation.

    Your feedback is important to us. Thank you, everyone.

    AA

    An error occurred while saving the comment
    Hostasaurus commented  · 

    HA works great until your data center burns down; i.e. OVH earlier this week.

    An error occurred while saving the comment
    Hostasaurus commented  · 

    Plesk seems to be mostly interested in clients who just want to spin up a VPS and put wordpress on it for $5/month. I don't think this feature, or any other feature important to a high availability / enterprise customer, will see much development time from them these days.

    An error occurred while saving the comment
    Hostasaurus commented  · 

    "me too" - would be happy with even basic synchronization features across servers, so all the typical Plesk-managed daemons get the same configs, but with the concept of IPv4/IPv6 addresses being different across the servers, so a site would effectively be assigned a server A and server B address, then leave the responsibility to load balance across them to me, as well as providing the underlying shared filesystem for /var/www/vhosts/.

    Hostasaurus supported this idea  · 
  3. 68 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    open discussion  ·  5 comments  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    Hostasaurus commented  · 

    This can be easily accomplished with OSSEC, and in fact, you would ideally implement it with something like ossec outside of Plesk, because you don't want an unauthorized Plesk access resulting in the monitoring being disabled without your knowledge. You could even run it from a different server to ensure the agent hasn't been tampered with.

  4. 91 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    Hostasaurus commented  · 

    This would be such an incredibly useful feature. Left over temporary third party developer accounts are a constant source of website compromise. Plesk won't even show you the date the accounts were created.

    Hostasaurus supported this idea  · 
  5. 170 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    22 comments  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    Hostasaurus supported this idea  · 
  6. 6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    Hostasaurus commented  · 

    This request should extend to Event Manager events as well, and the log should reflect both what was added and what was removed. If you define an 'Additional Administrator' with the intent on not giving them root access to the server, well now they've just gained the equivalent of root access with no logging of any activities they perform. They could add an event handler called on add physical hosting, whatever command they feel like, and then just add/remove a site, to have that command run as root. Or, they can add/remove a root cron job to execute whatever command they want, with no log of what the command was. This info should really be logged to syslog as well as action log, because once someone has gained the ability to execute commands as root, having those logs go remote in real time is the only thing keeping the log history safe.

  7. 33 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    Hostasaurus commented  · 

    This really needs to be built for both the admin side and 'customer' / 'reseller' sides. Hosts deploying Plesk in a re-sold environment, where they provision it and hand it over to a customer, may need to retain access to it if it's being sold as a managed solution, and tying it into an SSO system ensures timely and secure access, not the current useless single password for the 'admin' user. On the customer side, many there also expect a higher level of security than a user/pass stored internal to Plesk; they want to tie it into their existing SSO system to gain access to policy enforcement, hardware token 2fa, etc.

    Hostasaurus supported this idea  · 

Feedback and Knowledge Base