Overview
There was a known vulnerability in Plesk server control panel software. More information on the announcement by Parallels can be found here:
http://kb.parallels.com/en/113321.
What We Have Done
We have patched all affected servers. We have changed the Plesk Admin, Client and Domain Admin, and Customer and Subscription passwords for those affected.
What You Need to Do
We have reset the following passwords:
Plesk "admin" user
Plesk "client" and "domain" users
Plesk "subscription" and "customer" and "FTP" users
We strongly advise that you change the following passwords as well:
Email password - More information on how to change your email password can be found here:
WARNING:
Changing your email password may sever the communication between your email client (i.e. Apple Mail, Outlook, etc.) and the mail server. If you change the password, you must also update your email client's configuration with the new password.
While this event is not a result of you having set insecure passwords, we suggest that you use a strong password (lowercase, uppercase, numbers and special characters).
FAQs
Here are some questions you may be asking:
Q: What are my new passwords?
A: Because of the security risks involved with transmitting passwords in plain text, we are advising that customers simply update the passwords instead through their webmail interface.
Q: Why do I need to change all my email passwords?
A: The nature of the activity we detected suggests that your passwords were compromised. We strongly advise resetting your Plesk email passwords as well. Under no circumstances should you re-use any of your previous passwords.
Q: How deeply was my service compromised?
A: At this time, we do not suspect the impact to extend beyond retrieval of Plesk login passwords. We have not detected any malicious files having been uploaded to your server.
Q: What exactly has been compromised? Is my site hacked?
A: The term "hacked" refers to an event where a vulnerability is utilized to upload malicious code or compromising your server. While we do not detect your server to be "hacked" at this time, the password change is to prevent the attacker from returning at a later time and using any passwords they may have been able to get.
Q: How do you know this is fixed?
A: Per the announcement by Parallels, changing all passwords is highly advised after patching. In addition, we have taken the necessary steps to ensure that your server is no longer vulnerable to this issue.
