Clickjacking (also known as a “UI redress
attack”), a malicious
technique, involves an attacker covering a button, a link, or a picture
you intend to click with an overlay (transparent or opaque). The aim of
the attack is to trick you into clicking the overlay instead of the
desired webpage object. This can lead to harmful commands being executed
or confidential information being compromised. Plesk users can be
vulnerable to clickjacking when Plesk is opened within
iframes on
a malicious website.
To protect Plesk from clickjacking:
Add the following lines to the panel.ini file:
[security]
sameOriginOnly = true
Enabling the sameOriginOnly setting prevents Plesk pages from
opening within iframes on other websites. Note that this will also
prevent Plesk pages from opening within iframes on websites that are not
malicious.