Posts Tagged ‘Plesk’

Plesk for Windows – PCI Compliance

This is somewhat of a work in progress. The only thing flagged by PCI compliance scans so far is the use of SSLv2. This can be disabled in Windows 2003 by adding the following registry entry in: HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\SSL 2.0\Server create a new DWORD named Enabled with the default value Also disable weak ciphers: HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders […]

Plesk for Linux – PCI Compliance

Courier Weak SSL Ciphers and SSLv2 The most common flaw uncovered by a PCI compliance scan is that a service is allowing SSL connections using weak SSL ciphers. Disable SSLv2 in Courier by adding the following line to both /etc/courier-imap/imapd-ssl and /etc/courier-imap/pop3d-ssl: TLS_CIPHER_LIST=”HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH” After restarting Courier, test with openssl to confirm SSLv2 has been disabled […]

Resync the IIS anonymous username and password on Plesk for Windows

If the domain is prompting for a login, and then gives “HTTP Error 401.1 – Unauthorized: Access is denied due to invalid credentials”, there might be an issue with the anonymous password that Plesk is holding. First thing to check is that all directory permissions are adequate and that anonymous directory access is ticked in […]