Is there anything listening on those redirected ports? I've got nothing, which is the cause of my "not working" issue.

I've got a case open on this and I need to send some stuff to the guys so they can investigate, which I'll do asap.

I'll wait for the resolution to your case, it could very well be that I encountered the same issue.

@breun -- not had time to send them what they wanted just yet - sorry for delay.

@Everybody -- new MUs for all: http://kb.parallels.com/en/114379

I can't make much sense of what's going on here. What I can say is that Plesk 10.4.4 MU#39 (there's no 37 or 38 for Centos 6 on Linux at least) which is the new MU clears the session tables and updates 3 or 4 important files.

And for those who worry about these things, like me, I can confirm that it does not cause problems with email/qmail-scanner or anything else and installs cleanly (for me on 4 machines).

Except that the PHP session directory permission problem is still there on Plesk 10 servers: https://www.atomicorp.com/forum/viewtop ... f=2&t=5868

So remember to run the following after installing the latest Plesk 10 micro update (Plesk 9 doesn't have this issue, I don't know about Plesk 11):

hah! I didn't check that! Well spotted I'll look and fix in the morning, I think. Time to go to bed.

Pro ftp also. But self healing fixes it.

Although on some servers the older version installed by Plesk works, so the self-healing rule doesn't get triggered and you end up with a system where RPM is saying it's running ProFTPd 1.3.4a when it's not, so I've made a habit of checking FTP after Plesk updates and reinstalling psa-proftpd manually when needed.

I have updated to the latest MU on Plesk 9.5.4 via

Afterwards I did a

because ftp clients couldnt connect.

I also applied the patches for atmail and phpmyadmin like recommended.

Mail, Web, FTP, MySQL...everything is working.

What I'm curious to know...was/is this related to vulnerability from February? Parallels is claiming that this was fixed with the MU in February. But the actual problems people have being comprimised seems very strange.
For me it seems at least that it is related to the actual problem but they don't tell.

The release notes for Plesk 10.4.4 MU#39 are here: http://download1.parallels.com/Plesk/PP ... tml#104439

Release notes for Plesk 9.5.4 MU#21 are not up yet: http://download1.parallels.com/Plesk/PP ... notes.html

ASL has a self healing rule for this which should fix this automatically. It might take a little while though, but you should see the yum command running.

HI breun,

thanks. so ASL does the yum reinstall itself?
Or is this selfhealing something different?

I just ran it to make sure it's done.
Thanks

Yes.



You can also check by connecting to the local FTP server and checking the version number:



Press ctrl+] to escape to the telnet prompt and then ctrl+d (or type 'quit' and press enter) to quit telnet.

If the version number doesn't match the output of rpm -q psa-proftpd it's probably due to Plesk replacing the binary.

You might not even get a 220 message with a version number, in which case you're probably using ASL and Plesk has replaced the proftpd binary with a version which does not support the anti-virus configuration. ASL's self healing rule should automatically reinstall the psa-proftpd package from ASL, overwriting the proftpd binary again, to fix this. If it doesn't you should report it to ASL support and you can of course run yum reinstall psa-proftpd yourself.

thanks a lot. Next time I will check whether ASL did it automatically or not.

@breun: current (3.30-0. test build of asl from testing repo fixes "nothing listening" for me -- tortixd listens on correct port, redirects added, ports opened etc and all survives a reboot. service asl-firewall restores redirect and opens ports if firewall is flushed for some reason (e.g. third party firewall used).

But in the meantime I've disabled filemanager and will probably keep it that way for some time.

If you don't follow the Parallels forums, you may not be aware that in the past day or so Parallels released some scripts that will update phpmyadmin for plesk 8.x, 9.x and 10.x.

The new phpmyadmin versions include important security updates.

It is not clear to me why these updates are not being incorporated into MUs for Plesk 8.6 and later and instead have to be manually installed, but the installation is not hard - just follow the instructions in the KB.

For Plesk 10.4.x, 10.3.x and 10.2.x see http://kb.parallels.com/114393
Links to KBs for 10.1.x. and 10.0.x plus 9.x and 8.x can be found at the bottom of the above KB.

** Please be sure to select the correct KB for your version of Plesk **
Please also note that warning in the KB - if you later upgrade your version of Plesk to anything other than 11.x then the updated phpmyadmin will be overwritten with the older version as supplied by the Plesk installer and you will need to upgrade it manually all over again.

I'm guessing they have decided that the phpmyadmin upgrade is not a critical one and so no effort is being put into updating the version that the installer installs. This may also be why it isn't being incorporated into an MU.