14 DAY TRIAL // Experts are seeing thousands of websites being hacked each day and some believe that the phenomenon may have something to do with a zero-day vulnerability that affects Parallels’ Plesk Panel.
According to Brian Krebs, the exploit, which works for sites running Plesk 10.4.4 and earlier versions, is sold on underground hacking forums for the price of $8,000 (6,300 EUR) by a member that’s known for providing reliable “products.”
The author, who even made available a point-and-click tool, claims that the exploit can be successfully utilized to obtain administrator password.
A few days ago, SC Magazin cited Sucuri Malware Lab experts who uncovered that around 50,000 websites had been breached. Since many of them were using Plesk, it’s possible that the attackers leveraged this flaw to hack them.
Furthermore, the recent attacks that involved pseudo-randomly generated domains, might have had something to do with the security hole in Plesk Panel, as Denis Sinegubko explains on the Unmask Parasites blog.
In the meantime, Parallels’ representatives have received a lot of complaints regarding a possible new vulnerability in Plesk 10.4 and earlier versions.
“We are currently investigating this new reported vulnerability on Plesk 10.4 and earlier. At this time the claims are unsubstantiated. We have not received any claims to confirm this vulnerability,” reads the security advisory published by the company.
On the other hand, their forums are full of users who state that their sites have been hacked even with all the patches applied.
“We had changed all the passwords as per the KB, and in less than 24 hours they were back in again with the new passwords. They hacked Plesk again using all the newly generated passwords,” one user wrote.
Until new information regarding this potential zero-day becomes available, Parallels’ recommends user to update their installations to Plesk Panel 11, which comes with numerous improvements in the security section.