The Plesk Onyx Security Quiz | 5 Minutes

It’s time for our second monthly edition of the Plesk quiz. Here to challenge your knowledge and see how you stack up against your peers. But mostly, to check if we’re doing alright in making sure you get the most of what we can offer. So today, we’ll be testing how much you know about Plesk Onyx Security.

Plesk Onyx Security Features and Tools

How well can you manage security of your Plesk server and protect it from common types of attacks? Maybe you know that we have an entire Security section inside our extension catalog for you to use. Including Let’s Encrypt to issue free SSL certificates and protect connections to your sites, Plesk interface, and mail server.

Plus, we’ve got robust in-built tools in order to enhance Plesk panel security. Like Web Application Firewall (ModSecurity), which protects sites and web applications from attacks.  And Fail2Ban for brute-force protection via IP address banning. Are you on top of it all? Then get ready to test your Plesk Onyx Security basics and more.

Plesk Onyx Security Quiz

Boom – 14 questions below, just for you. Select your answers to get your score (and no cheating!).

  • This field is for validation purposes and should be left unchanged.

How did you do?

Finally, how was it? Got the score you thought you would? Did you get close but aren’t quite there yet? Let us know in the comments below or on Twitter or Facebook. You’ll see how your peers found the challenge.

Think you can do better yet? Fortunately, there’s a free Plesk University course, dedicated to learning more about Plesk Onyx SecurityThere may be something you’re missing.

First, hit the button below to get the course. Then complete it for a certificate. Are you new to Plesk University? Then sign up first in a couple of clicks and hit “Get this Course”.

New Plesk Extensions on the Loose: May Edition

New Plesk Extensions

Reporting the latest additions to the Plesk extensions catalog. All the extensions you see here are available to download or purchase as of the time of writing – May 2018. Inside this month’s edition, we highlight new ways you can improve speed and security of your websites and servers. In order to give you both peace of mind and better performance out of your web domains.

Juggernaut Security and Firewall

First of all, we have the latest member of the gang – Juggernaut Security and Firewall. An all-in-one security extension that Danami designed especially for the needs of power users and server-providers. This extension adds an extra layer of security. One that goes beyond the default settings that most users usually optimize for themselves.

Offering experienced sysadmins a wider range of features and increased flexibility. These advanced features include SPI firewall, brute-force protection, real-time connection tracking, intrusion detection, dynamic block lists and geo-blocking.

Juggernaut is a paid extension. And version 2.05 is now available in the Plesk catalog. You can try it for free for 15 days. Then you’ll get two free months when you sign up for annual billing.

Speed Kit

As a result of recent studies, we know that lower page load times directly link to an increase in traffic. Not to mention lower bounce rates. And hence, higher visitor retention on your website. All these things will eventually lead to higher conversion rates.

Speed Kit promises to boost your page loading speed by 50-300%. How? By re-routing web traffic through its caching infrastructure. Even more, it takes just one click to improve your website’s performance with Speed Kit.

After you install, the extension performs an in-depth speed analysis, determining the improvements that you should implement to boost your site’s metrics. When you store a copy of your site in the accelerated framework, users can access your page in an instant from their browser. Even when they’re offline.

Sucuri Security Scanner

Seems like Sucuri Security Scanner uses the public API of Sucuri SiteCheck to detect malicious elements on your website. In an effective way. This extension will let you schedule regular scans effortlessly. Thus, helping you monitor for malware all the time and receive timely notifications about your site’s status.

Sucuri Security Scanner includes the following features:

  • Detecting website malware infections.
  • Monitoring blacklist status.
  • Setting up scans as a scheduled task.
  • Receiving email notifications for security issues.
  • Viewing website security details and information.

Nimbusec Webhosting Security

And finally, we have Nimbusec. Another security monitoring extension for websites that you can find in our catalog. It will scan your website domains over and over again. And then report any potential threats on a centralized dashboard.

Nimbusec Webhosting Security can detect the following online threats:

  • Backdoors and web shells.
  • Overdue CMS updates.
  • Malware.
  • Defacement.
  • Blacklisting.
  • SSL certificate problems.

All in all, security should be a number one priority when maintaining your servers. So if you feel overwhelmed by all our security extension options, feel free to get in touch and chat.

And that’s all the extension news this month. Stay tuned for our next overview of latest available extensions in our June edition. Meanwhile, are you curious for more? Check out the 100+ more Plesk extensions we’ve got available in our catalog.

New Plesk Extensions on the Loose: April Edition

New Plesk Extensions

Every month, we release new extensions into our Plesk catalog. Ones that let you expand the platform’s versatility and customize it according to your needs. With more tools and features, you’ll get even more help growing your business and offering a better service to your customers.

RcodeZero Anycast DNS

You can use this extension to improve your domains’ availability across the world. Want to be accessed anywhere globally? Then pick and choose the domains you want to sync to the RcodeZero Secondary-DNS.

A 24/7 operations center provides round-the-clock support. And the DNS Anycast service is available in 6 continents with more than 20 locations. With unlimited DNS queries and support for all DNS resource record types, the world is your oyster.

Throw in DDoS mitigation service and 2 independent Anycast-clouds, and you’re looking at a highly reliable, performant and extremely secure web service for your domains.

Revisium Antivirus for Websites

Revisium Antivirus for Websites

A fully-featured malware scanner, absolutely free? Yes. Then throw in premium features like scheduled check-ups and one-click automated cleanup, and you’ve got one of the best antivirus offerings on the market.

The Revisium Antivirus extension supports sites running on WordPress, Joomla!, Magento, Drupal, MODx, Bitrix, as well as any PHP-based CMS and static HTML websites. It will help keep your site safe from any type of malicious backdoors and viruses, webshells and hackers’ tools, blackhat SEO pages and phishing pages.

The premium version offers one-click automated malware cleanup, and both scheduled and on-demand website checks. Detailed reports complement the offering. Then there’s the free version of the Revisium Antivirus which packs useful aspects, including a full-feature malware scanner.

Plesk Advisor

Ok, so not exactly new, but expanded site-wide and revamped. Out with old Security Advisor and in with Plesk Advisor. Advisor is your one-stop-shop for active and passive maintenance of your server. The little owl is your virtual assistant that constantly monitors your servers and consolidates issues and recommended resolutions. All to keep your servers and hosted websites spry.

Advisor regularly rates your server for diligent maintenance. And it automatically scans your server for any issues or threats regularly, while giving you recommendations to resolve any open issues. This extension also prioritizes the most urgent actions for you. Significantly easing the burden on your decision-making.

This extension rolled out with the new Plesk Onyx version in March. See what’s new on the platform after the latest update.

SEO Toolkit

Now this is what was missing from Plesk. The features we provide in the SEO Toolkit set it apart from the competition. Not many competitors offer server-based logfile analyzer, or a free base plan to get you started on your SEO journey.

Add site audit and rank tracker features, and couple those with a dedicated SEO advisor, and you have a winning combination of SEO power tools to rocket your website to the top of SERPs. 

This major SEO extension is yet another New Plesk Onyx feature born during the March update. Find out more about how the SEO Toolkit can benefit your sites and business here.

In the meantime, that’s a wrap from us this month. Stay tuned for another extension rundown in the May edition.

What’s new on Plesk Onyx? The March 2018 Update

Have you heard? We’re coming at you with a huge update to our all-in-one platform. You spoke, we listened. So we’ve further aligned Plesk Onyx to the way web professionals work today. And the types of infrastructure hosting sites and web applications use at the minute. Hence, we focused on 5 main areas: Site Performance, SEO, WordPress, Security and Cloud integration. Check it out.

The Fast-Building Part

We’ve improved onboarding for you and your customers. Hello, simplified registration and social login! As soon as you’re on, you get the First Steps Advisor to guide you through the initial steps. Like adding a domain, creating mailboxes and of course enabling your security measures.

We made an SEO Toolkit. Now you can count on Plesk to help analyze your websites, without having to look elsewhere.

  • You’ll get Site Audit for common SEO issues and receive optimization recommendations.
  • Instantly review search engine crawler activity on your sites with Log File Analyzer. Then track your keyword ranking in order to adopt the right SEO strategy.
  • Finally, think smart and monitor your competitors. So that you can react to their and your ranking changes fast.

Consider the WP Toolkit enhanced with single-click NGINX caching and AI updates.

  1. Let’s introduce you to Smart Updates by AI. Using Deep Learning Technology, you’ll bring your WP instances, plugins and themes up to speed.
  2. Configure NGINX caching to significantly speed up every WP site. And while you’re at it configure your plugin and theme sets to come preinstalled with every new WP instance.
  3. Feel safer when updating because you can now have additional restore points before updating WP or syncing data.
  4. Speaking of safe, we’ve added pingback attack protection for extra security.
  5. With all that in place, open shop and activate your eCommerce. Choose to install WooCommerce on the new Plesk Onyx. Learn more about setting up a WooCommerce online store.
  6. You’ll also find that we’ve made WP management and UX better to accommodate more and more users.

The Tighter Security Part

Out with Security Advisor and in with the all-new Plesk Advisor. This is because we’ve expanded this system-wide. You’ll get recommendations, fixes and enhancements for security, performance, reputation, updates, backups and more.

Combine our new SSL certificate manager with the ‘Keep me secured’ feature. Breaking this down, it monitors and automatically secures Plesk, new domains, subdomains and webmail with SSL certificates. You can even choose between Let’s Encrypt or Symantec SSL certificates. Domain Validation (DV) certificates are free, but you can also choose to purchase Organization Validation (OV) or Extended Validation (EV) certificates directly from Plesk.

The Part Where You Run on Schedule

Get up close with Hyperscale Cloud services. It’s easier than ever to integrate AWS with your system using AWS toolbox (RDS, Route53). Experience an elevated backup-to-cloud experience or integrate your own cloud storage backup. We’re talking incremental, scheduled, self-restore, granular restoration for sites, files, databases, mail accounts and more. Not to mention the improved passive FTP support and Maintenance mode

We gave the Plesk Extensions Catalog a facelift. You’ll see the catalog is completely redesigned with intuitive navigation, rapid search, and fast auto-updates (within 24 hours). And let’s face it, our 100+ extension list is currently unmatched.

The repairing and monitoring tools are smarter than before. Yes, it’s possible. The self-repair tool can find resource-consuming processes without SSH and CLI. So you don’t need an expert to do the work. Detect and limit resources by subscription to ensure your infrastructure’s integrity.

Find your fit with the new Plesk Onyx 17.8

Your complete set of technical, security and automation tools – all in one place. We’re a leading WebOps and Web Hosting platform for a reason. Want to effortlessly build projects, secure against vulnerabilities and automate daily tasks – all in a day’s work? Then let us help with Plesk Onyx 17.8.

See which Plesk edition fits you best. If you’re already a Plesk user, get in touch – and see if we can offer you something better.

Plesk Multiple Server Management – How it Works

The biggest challenges we run into as system admins and web experts are multiple server managementsite management, and maintenance. If we don’t do this right, we face consequences. We waste time and resources. So it’s essential to own a web hosting control panel – making the whole thing simpler. While being able to create sites, apps, automate tasks, handle website security, and more.

Plesk Onyx is an all-around control panel and WebOps solution. Devs rely on it for its coding environment. Not to mention everyday tasks as it offers many extensions. Including Node.js, Ruby, WordPress Toolkit, Joomla Toolkit and more.

Plesk Control Panel Bonuses

Plesk supports Docker, which empowers developers to create and manage their new software. Do this by managing and deploying all Docker containers straight from the control panel. Additionally, Plesk offers GitHub integrations – deploying apps and sites quick from a Git repository, remote or local.

Plesk server management continues to add to its multiple server management capabilities. By giving absolute control of multiple accounts and subscriptions across all servers.

Multiple Server Management with One Control Panel

Plesk’s Multi Server extension lets you administrate multiple servers and routine tasks with just one control panel. Doesn’t matter if you’re a hosting provider, reseller, or manage your own hosting. Constantly switching between several hostnames, username IDs, and so on is exhausting.

Plesk designed its Multi Server extension with this in mind. For effective and secure multiple server management. With this extension, you can perform hosting actions on many servers. And manage the infrastructure with ease. This because memorizing hostnames, passwords, and login identifications become unnecessary.

It’s similar to simple web server management. However, the same scope of features is related to a number of servers. All through a single control panel.

Use Plesk WordPress Edition

Why the Multiple Server Management Extension?

You can install this extension directly from Plesk’s extension list. But note that you need to install Onyx on all your servers first. You’ll have all the features that Plesk has. But with this extension, you’ll gain additional functionalities:

  • Managing as many customer subscriptions and accounts as you want from your control panel.
  • Choosing between any billing systems you like, including yours.

It’s a very useful business-ready platform. Ideal for development studios and web designers who manage many different sites and clients.

What Plesk Multi-server management Consists of

  • At least two nodes which are all connected to each other using the SDK extension.
  • The basic two nodes include Service nodes and management nodes.
  • Plesk multi-server that will be installed on all extensions with all nodes.
  • All of the nodes that will have the same license key and configurations.

Subscriptions and Customer Account Management

So we said that this system comes with two nodes – service and management nodes. You use the service node to manage hosting. Because it has the power to host sites, system databases and emails. It also ensures quality load-balancing. This is important since it decides which node will provide hosting for the new subscription. Meanwhile, the multi-server extension has a separate API extending from Plesk’s API. Giving the power to add commands within the system.

The management node is a single Onyx server. Useful for both customers and administrators. And it servers a single point login spot. All new customer accounts go into this node too. But remember, this node has no tools for any hosting actions. So we use the management node to create accounts and the service node to manage their hosting.

Additionally, when a customer logs into the management node, they see and manage all subscriptions hosted through service nodes. You can see the following information on the subscription tab:

  • Status – a status sign that shows whether a subscription is successful or not.
  • A service node IP address that is provisioned for a certain subscription.

This is how Plesk server management can help you with web server management and multiple server management. You as an admin can rely on this comprehensive platform for its capabilities at all times.

UPDATE: Starting from Plesk Onyx 17.8 Multi Server feature is no longer available

How to add Centralized Slave DNS to Plesk Multi Server

Centralized Slave DNS and Plesk Multi Server

Hey there fellow Pleskians! Today we’ve been thinking about enhancing Plesk Multi Server with Centralized DNS support. Why? Because you’ll be able to use a single set of name servers for all the domains you host on Plesk Multi Server service nodes. And even if we’re still developing Centralized DNS further, you can still use our Slave DNS Manager extension to get this feature going in a few simple steps

The article covers:

  1. How to configure Centralized DNS on a new Plesk Multi Server installation
  2. How to do this process with existing customers and subscriptions
  3. How to troubleshoot any possible issues

What is Plesk Multi Server?

This server allows single-Plesk-interface users to run hosting services on multiple servers. This way, you’ll get two or more Plesk instances interconnected via our Extensions SDK. One of these nodes will be a “Management node”, used for managing all other nodes. Meanwhile, all the Plesk instances connected to a Management node are called “Service nodes”. Plesk Multi Server is intended for small and medium-sized shared hosting providers and web design & development studios that also host the clients’ website. Is this you? Then let’s briefly touch upon the infrastructure configuration.

Infrastructure Configuration

Plesk Multi Server 

Plesk Multi Server needs one or more service nodes installed. So here we’ll go for a clean installation – two service nodes with no subscriptions or customers. In this setup, each service node will be used as a master DNS server.

Plesk Multi Server

Slave DNS Server 

First, deploy and configure one or more DNS servers that will be used as Slave DNS. So follow these configuration steps below. In this example, we’ll be using servers with CentOS 7:

  1. Either configure SElinux…
    # sestatus 
    SELinux status:                 enabled
    # setsebool -P named_write_master_zones 1

    …or disable it completely: 

    # sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
    # sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' 
  2. Update packages and reboot the OS:
    # yum update -y; reboot
  3. Install and configure the BIND service:
    • Install it:
      yum install -y bind bind-utils
    • Allow new zones with rndc:
      sed -i 's/options {/options {\n allow-new-zones yes;/;' /etc/named.conf
    • Turn off DNS recursion: 
      # sed -i 's/recursion\ yes;/recursion\ no;/g' /etc/named.conf
    • Specify which IP addresses are allowed to query the server. We disabled this option entirely: 
      # cat /etc/named.conf | grep allow-query
      //allow-query     { localhost; };
    • Add the network interfaces the named daemon will listen on. In this example, all IP addresses are added: 
      # sed -i 's/;/any;/g' /etc/named.conf
      # systemctl restart named
    • Insert the group write privilege to /var/named, /var/named/chroot/var/named:
      # chmod g+w /var/named/ /var/named/chroot/var/named/
  4. We recommend you enable firewalld or iptables on the server. And make sure that ports 53 (DNS) and 953 (rndc) are accessible from the outside: 
    # systemctl start firewalld
    # firewall-cmd --permanent --zone=public --add-port=53/tcp
    # firewall-cmd --permanent --zone=public --add-port=53/udp
    # firewall-cmd --permanent --zone=public --add-port=953/tcp
    # firewall-cmd --reload

Slave DNS Manager on Plesk Multi Server

Installation and Configuration

  1. Go to the Extension Catalog and install the Slave DNS Manager extension. You can learn more about how this extension works in our article here.

    Slave DNS Manager at Plesk

    Install Slave DNS manager
  2. Use Tasks to make sure that the extension has been properly installed on all service nodes.
  3. Add the configured DNS server as a slave DNS to one of the service nodes.Slave DNS Manager extension
    Plesk - node selection
  4. Enter the IP address of the Slave DNS server and remember the secret key. It will be used by the rndc utility to transfer DNS zones from the master to the slave.
  5. After saving the configuration, check the status of the connected server.  You’ll probably see the following error – but don’t panic! 

    usr/sbin/rndc -b -s -p 953 -y rndc-key -c /usr/local/psa/var/modules/slave-dns-manager/slave_10.52.63.61.conf status rndc: connection to remote host closed This may indicate that * the remote server is using an older version of the command protocol, * this host is not authorized to connect, * the clocks are not synchronized, or * the key is invalid.

  6. To fix the issue, add the secret key you saved during step 4 to the named.conf configuration file on the Slave DNS server and restart the DNS server. 

    # cat /etc/named.conf | grep -A10 rndc key “rndc-key-master” { algorithm hmac-md5; secret “Y2QwZmIxZjRmN2U3NmU1YzY5MzhmOA==”; }; controls { inet * port 953 allow {;; } keys { “rndc-key-master”; }; };

  7. Click ‘Resync‘ to re-check the communication with the slave DNS server. You should see a green check mark telling you that the settings are correct.slave-dns-9-allgood
  8. Add the required number of Slave DNS servers by repeating steps 3-7.
  9. Configure the Slave DNS servers for all Plesk Multi Server service nodes.
  10. Don’t forget to add the IP addresses of the service nodes to the controls{…} section of the named.conf configuration file on each Slave DNS server.

You can learn how to install and configure the Slave DNS Manager extension on standalone Plesk servers in our documentation.

How to check if you configured Slave DNS correctly

  1. To check if your Slave DNS is good to go, you should first create a new subscription in Plesk Multi Server. In this example it’s the “testing.tld” domain name.Slave DNS check - adding your own subscription
  2. Look at the Slave DNS server:
    • You will see the following messages in /var/log/messages: 
      Aug 19 17:34:10 a10-52-63-61 named[21982]: received control channel command 'addzone testing.tld IN  { type slave; file "testing.tld"; masters {; }; };'
      Aug 19 17:34:10 a10-52-63-61 named[21982]: zone testing.tld added to view _default via addzone
      Aug 19 17:34:10 a10-52-63-61 named[21982]: zone testing.tld/IN: Transfer started.
      Aug 19 17:34:10 a10-52-63-61 named[21982]: transfer of 'testing.tld/IN' from connected using
      Aug 19 17:34:10 a10-52-63-61 named[21982]: zone testing.tld/IN: transferred serial 2017081903
      Aug 19 17:34:10 a10-52-63-61 named[21982]: transfer of 'testing.tld/IN' from Transfer completed: 1 messages, 20 records, 575 bytes, 0.002 secs (287500 bytes/sec)
      Aug 19 17:34:10 a10-52-63-61 named[21982]: zone testing.tld/IN: sending notifies (serial 2017081903)
      Aug 19 17:34:10 a10-52-63-61 named[21982]: received control channel command 'refresh testing.tld IN '
    • In the mapping file: 
      # cat /var/named/3bf305731dd26307.nzf | grep testing.tld
      zone "testing.tld" { type slave; file "testing.tld"; masters {; }; };
    • And in the domain DNS zone file: 
      # ll /var/named/ | grep testing.tld
      -rw-r--r-- 1 named named 1031 Aug 19 17:34 testing.tld
  3. Finally, request the DNS zone of a particular domain from an external server: 
    # dig testing.tld @
    testing.tld.		86400	IN	A

Add Slave DNS with existing subscriptions and domains

You can also configure Slave DNS Manager for an existing Plesk Multi Server infrastructure. It’s the same as with a clean installation. So let’s configure Centralized DNS for Plesk Multi Server with two service nodes and 500 subscriptions.

Plesk Multi Server

Perform steps 1 through 7, as for a clean installation. After the configuration is complete, click the ‘Resync‘ button so that the DNS zones of all existing domains are transferred to the DNS slave servers.

Slave DNS Manager extension - Resync option

Check the /var/log/messages log to make sure that all DNS zones have been moved. You will see messages about the successful completion of the transfer, or one of the errors described in the Troubleshooting section. You can find all transferred DNS zones in the /var/named directory: 

[[email protected] ~]# cat /var/named/3bf305731dd26307.nzf | wc -l
[[email protected] ~]# ls -la /var/named/ | wc -l

Troubleshooting: Slave DNS on Plesk Multi Server

Here’s a list of issues you may encounter while configuring the Slave DNS server, and steps to resolve them.

  1. Error: rndc: connect failed: host unreachable
    Solution: Make sure that the server is up and running.
  2. Error: rndc: connection to remote host closed

    • See that SElinux has been either disabled or properly configured.
    • Make sure that the master rndc key was added to the named.conf file.
    • Confirm that the required ports are not blocked by the firewall: 
      #firewall-cmd --get-default-zone
      # firewall-cmd --list-port
      953/tcp 53/udp 53/tcp
    • Look at the Slave DNS server configuration section for steps showing how to fix all possible issues.
  3. Error: rndc: recv failed: connection reset
    Solution: Ensure that you specified that control instructions must be accepted from the IP address of the Plesk Multi Server service node. Make sure that you configured BIND to listen on all accessible network interfaces. Check the controls{…} section in /etc/named.conf file on the Slave DNS server.
  4. Error: In /var/log/messages: named[2296]: open: 3bf305731dd26307.nzf: file not found
    Solution: Correct all the permissions on the /var/named directory.
  5. Error: In /var/log/messages:
    named[2003]: invalid command from expired
    named[2449]: invalid command from clock skew
    chronyd[473]: Forward time jump detected!

    Solution: Sync the clocks between servers.

  6. Error: In /var/log/messages: named[2253]: client (testing2.tld): query ‘testing2.tld/A/IN’ denied
    Solution: Make sure that you haven’t allowed queries for localhost only. Check the allow-query{…} section in the /etc/named.conf file.

And your Slave DNS Manager is alive!

Now you know how to set up centralized Slave DNS on both a clean Plesk Multi Server installation and one that is already in production. Plus, you’ve got pointers for any potential pitfalls you may encounter. It’s time to put this knowledge into practice – Go ahead, give it a try! 

Finally, the Slave DNS Manager extension is an open project and you can always contribute by committing to our Github repositoryMay the force be with you!

Plesk Extensions: Development Environment

Plesk Extensions: Development Environment

This article describes how to setup a development environment for creation of Plesk extensions.

Creation of a new Plesk extension can be started from generating a new stub. To do this log in to a machine with Plesk installation and type the following command:

# plesk bin extension --create my-extension

Here is an example of output:

The extension was successfully created.
The path to extension's entry points: /usr/local/psa/admin/htdocs/modules/my-extension/
The path to PHP classes: /usr/local/psa/admin/plib/modules/my-extension/
The path to installation scripts: /usr/local/psa/admin/plib/modules/my-extension/scripts/
The path to the directory with run-time data: /usr/local/psa/var/modules/my-extension/

This command will create a new extension named “my-extension”. It will also provide information about where extension parts are located on the file system.

Continue reading