Posts tagged plesk

plesk onyx phpioncube install

posted on 2016-12-13 14:35

install php7 in plesk

plesk sbin autoinstaller --select-product-id plesk --select-release-current  --install-component php7.0

get files

Copy to the server, und tar xzvf it.

copy file

cd ioncube
cp /opt/plesk/php/7.0/lib/php/modules/

link it with php

Into /opt/plesk/php/7.0/etc/php.ini put this:

(Somewhere to the other zend options.)

reload php

  plesk bin php_handler --reread


/opt/plesk/php/7.0/bin/php -v

Will show you ioncube php loader (enabled) ... so it actually works.

Now don't use the OS php version (i.e. if you already have php 7 available from ubuntu 16.04), but the plesk one from the dropdown menu in the php settings of your hosting.


If you cannot upload zip files, install php-zip from your OS's package management. (apt install php-zip -y)

plesk show mailaccounts and passwords

posted on 2016-10-13 18:08

To show all mailaccounts and the corresponding passwords, use


On older plesk installations, the file may be located differently.

Use locate mail_auth_view to find the path there.

plesk: show mailpasswords

posted on 2016-05-19 07:08

To show all passwords for all mailaccounts on a plesk installation, do this:


Plesk 12 database overview

posted on 2015-08-11 18:40:06

Ever felt the need to dig deep into plesk data model?

Starting with 12.5, there will be some official documentation on this, until it's done see here.

Plesk: mysql admin password

posted on 2015-02-25 16:36:11

To access a plesk's mysql database, you need the password plesk creates by itself.

Either get it in plaintext:

/usr/local/psa/bin/admin --show-password

Or just access the mysql db client with this line:

mysql -uadmin -p$(cat /etc/psa/.psa.shadow)

Plesk Hacker Plesk reference

posted on 2014-07-11 14:13:30

The best Plesk 11 reference you can find is here.

Plesk mail spam fixes

posted on 2014-07-09 13:46:10

mail notifying

When receiving a mail like this:

 1  Hi Abuse Team,
 3  This is an RBL nomination for the following lists of IP addresses that
 4  are in the process of being listed to the RBL as a spam source
 5  and/or is an originating spam source in progress.
 7  -- IPs listed to the RBL --
 9  -- End of IPs listed to the RBL --
11  Please refer to below information for representative spam samples.
12  Additional samples are available upon request from an authoritative
13  requestor.
15  Filename:
16  Password: novirus
18  -- Example of spam mail --
19  Spam Sample #1 - []
21  Received: from [] by <removed> via sendmail with smtp;
22  for 1 recipient; Fri, 04 Jul 2014 07:24:14 -0000
23  Received: by <removed> (Postfix, from userid 10335)
24  id 8D55D7E2640; Fri,  4 Jul 2014 09:24:15 +0200 (CEST)
25  To: <removed>
26  Subject: [20140704] Dear Customer! We received your July 1st payment of $2579 which brings
27  your balance to $0.
28  X-PHP-Originating-Script: 10335:yysfgfo.php
29  Message-Id: <removed>
30  Date: Fri,  4 Jul 2014 09:24:15 +0200 (CEST)
31  From: <removed>
33  -- End of Example of spam mail --
35  -- Network Information --
37 ...

The important information is in line 28.


$ grep 10335 /etc/passwd

which will give you the user in question.

Then clean the yysfgfo.php file from his account and the spam issue is fixed. (find <dir_of_webspace> -iname yysfgfo.php will show you where it lies.)

The UID and filename may differ, these are just examples.

Of course the site was hacked, and you/the customer still has to fix and secure it, so future hacks are prevented.

Usually setting a new password, for the users' ftp account (so new malicious scripts cannot be uploaded again) is enough. In case that you use Plesk, you might consider setting a new password for the login to the Websitepanel, too.

spamming just started

If you have not yet blacklist mail or other form of notification and the spamming takes place right at the moment, use these:

# first have a look on the current mail queue

Then you are shown the queue file id (first character sequence at the beginning of the line), sender and other information. Have a look at some of the suspicious looking emails, using the queue is and postcat:

# show mail header and body
postcat -q 252977E27B0

There you watch out for entries like X-PHP-Originating-Script like described in the beginning of the post.

brute force in case nothing helps

If the mailheader does not provide an X-...-Originating-Script entry, try this:

for i in $(find /var/www/vhosts -type f -name access_log); do COUNT=$(fgrep -c POST "$i"); if [ "$COUNT" -gt 0 ]; then echo "$i"; echo "$COUNT"; fi; done

This approach works due to the most hackers using HTTP POST request to trigger the spam dispatch.

The commands will scan the apache httpd access logs of all webhostings, and have a look at the count of POST commands of sent to a each hosting. You should then have a look at the recently changed files in the folder with the most hits. Keep in mind, that due to the I/O load this might post on the system, it might take a while until this command sequence will be finished.

To have a look on the I/O load, use top:

top - 10:20:37 up 27 days,  3:09,  2 users,  load average: 0.00, 0.01, 0.00
Tasks: 130 total,   1 running, 129 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.3%us,  0.0%sy,  0.0%ni, 99.3%id,  0.0%wa,  0.0%hi,  0.3%si,  0.0%st


The wa percentage given above is the average value of all cpu wait times for the I/O subsystem. 0.0% is no wait, if its like 40 percent or higher the command will take ages to finish.

Plesk turn php error display off

posted on 2014-07-03 13:11:21

To turn php error display off in Plesk 11, do this:

  1. Login to the panel.
  2. Open the domain in question.
  3. Tab Websites and Domains.
  4. Show 'extended options'.
  5. Open 'website-scripting and security'.
  6. Tab 'PHP settings'.
  7. Set 'display_errors' to 'off'.

This might be needed when clients do not update their web presence, using an old php version for development. On the server the php install gets an update, and lot of functions in their code are shown as deprecated at once. To have a proper viewable site, this option helps. Still the code has to be updated, in case sooner or later deprecated functions are removed from the php language. TBH I have no idea if such things happen in the php landscape, but it happens in other programming languages.

This blog covers .csv, .htaccess, .pfx, .vmx, /etc/crypttab, /etc/network/interfaces, /etc/sudoers, /proc, 10.04, 14.04, 16.04, AS, ASA, ControlPanel, DS1054Z, GPT, HWR, Hyper-V, IPSEC, KVM, LSI, LVM, LXC, MBR, MTU, MegaCli, PHP, PKI, PS1, R, RAID, S.M.A.R.T., SNMP, SSD, SSL, TLS, TRIM, VEEAM, VMware, VServer, VirtualBox, Virtuozzo, XenServer, acpi, adaptec, algorithm, ansible, apache, apache2.4, apachebench, apple, applet, arcconf, arch, architecture, areca, arping, asa, asdm, autoconf, awk, backup, bandit, bar, bash, benchmarking, binding, bitrate, blackarmor, blockdev, blowfish, bochs, bond, bonding, booknotes, bootable, bsd, btrfs, buffer, c-states, cache, caching, ccl, centos, certificate, certtool, cgdisk, cheatsheet, chrome, chroot, cisco, clamav, cli, clp, clush, cluster, cmd, coleslaw, colorscheme, common lisp, configuration management, console, container, containers, controller, cron, cryptsetup, csync2, cu, cups, cygwin, d-states, database, date, db2, dcfldd, dcim, dd, debian, debug, debugger, debugging, decimal, desktop, df, dhclient, dhcp, diff, dig, display manager, dm-crypt, dmesg, dmidecode, dns, docker, dos, drivers, dtrace, dtrace4linux, du, dynamictracing, e2fsck, eBPF, ebook, efi, egrep, emacs, encoding, env, error, ess, esx, esxcli, esxi, ethtool, evil, expect, exportfs, factory reset, factory_reset, factoryreset, fail2ban, fakeroot, fbsd, fdisk, fedora, file, files, filesystem, find, fio, firewall, firmware, fish, flashrom, forensics, free, freebsd, freedos, fritzbox, fsck, fstrim, ftp, ftps, g-states, gentoo, ghostscript, git, git-filter-branch, gitbucket, github, gitolite, global, gnutls, gradle, grep, grml, grub, grub2, guacamole, hardware, haskell, hdd, hdparm, hellowor, hex, hexdump, history, howto, htop, htpasswd, http, httpd, https, i3, icmp, ifenslave, iftop, iis, imagemagick, imap, imaps, init, innoDB, innodb, inodes, intel, ioncube, ios, iostat, ip, iperf, iphone, ipmi, ipmitool, iproute2, ipsec, iptables, ipv6, irc, irssi, iw, iwconfig, iwlist, iwlwifi, jailbreak, jails, java, javascript, javaws, js, juniper, junit, kali, kde, kemp, kernel, keyremap, kill, kpartx, krypton, lacp, lamp, languages, ldap, ldapsearch, less, leviathan, liero, lightning, links, linux, linuxin3months, lisp, list, livedisk, lmctfy, loadbalancing, locale, log, logrotate, looback, loopback, losetup, lsblk, lsi, lsof, lsusb, lsyncd, luks, lvextend, lvm, lvm2, lvreduce, lxc, lxde, macbook, macro, magento, mailclient, mailing, mailq, make-jpkg, manpages, markdown, mbr, mdadm, megacli, micro sd, microsoft, minicom, mkfs, mktemp, mod_pagespeed, mod_proxy, modbus, modprobe, mount, mouse, movement, mpstat, multitasking, myISAM, mysql, mysql 5.7, mysql workbench, mysqlcheck, mysqldump, nagios, nas, nat, nc, netfilter, networking, nfs, nginx, nmap, nocaps, nodejs, numberingsystem, numbers, od, onyx, opcode-cache, openVZ, openlierox, openssl, openvpn, openvswitch, openwrt, oracle linux, org-mode, os, oscilloscope, overview, parallel, parameter expansion, parted, partitioning, passwd, patch, pct, pdf, performance, pfsense, php, php7, phpmyadmin, pi, pidgin, pidstat, pins, pkill, plasma, plesk, plugin, posix, postfix, postfixadmin, postgres, postgresql, poudriere, powershell, preview, profiling, prompt, proxmox, ps, puppet, pv, pveam, pvecm, pvesm, pvresize, python, python3, qemu, qemu-img, qm, qmrestore, quicklisp, quickshare, r, racktables, raid, raspberry pi, raspberrypi, raspbian, rbpi, rdp, redhat, redirect, registry, requirements, resize2fs, rewrite, rewrites, rhel, rigol, roccat, routing, rs0485, rs232, rsync, s-states, s_client, samba, sar, sata, sbcl, scite, scp, screen, scripting, seafile, seagate, security, sed, serial, serial port, setup, sftp, sg300, shell, shopware, shortcuts, showmount, signals, slattach, slip, slow-query-log, smbclient, snmpget, snmpwalk, software RAID, software raid, softwareraid, sophos, spacemacs, spam, specification, speedport, spi, sqlite, squid, ssd, ssh, ssh-add, sshd, ssl, stats, storage, strace, stronswan, su, submodules, subzone, sudo, sudoers, sup, swaks, swap, switch, switching, synaptics, synergy, sysfs, systemd, systemtap, tar, tcpdump, tcsh, tee, telnet, terminal, terminator, testdisk, testing, throughput, tmux, todo, tomcat, top, tput, trafficshaping, ttl, tuning, tunnel, tunneling, typo3, uboot, ubuntu, ubuntu 16.04, ubuntu16.04, udev, uefi, ulimit, uname, unetbootin, unit testing, upstart, uptime, usb, usbstick, utf8, utm, utm 220, ux305, vcs, vgchange, vim, vimdiff, virtualbox, virtualization, visual studio code, vlan, vmstat, vmware, vnc, vncviewer, voltage, vpn, vsphere, vzdump, w, w701, wakeonlan, wargames, web, webdav, weechat, wget, whois, wicd, wifi, windowmanager, windows, wine, wireshark, wpa, wpa_passphrase, wpa_supplicant, x11vnc, x2x, xfce, xfreerdp, xmodem, xterm, xxd, yum, zones, zsh

Unless otherwise credited all material Creative Commons License by sjas