Plesk control panel bug left thousands of sites exposed to Anons
A critical vulnerability in some versions of Parallels' Plesk Panel control panel software appears to have been key to the recent penetration of two servers hosting websites for the Federal Trade Commission. The vulnerability in the software, which is used for remote administration of hosted servers at a large number of Internet hosting companies, could spell bad news for hosting providers who haven't applied the latest updates, as well as their customers.
Because the vulnerability allows someone to make significant changes to the user accounts, files, and security of a targeted site, hackers who took advantage of the Plesk vulnerability may still have access to sites they have breached even after patches are applied. If your site is hosted with a provider that uses Plesk for site administration, it's worth taking a good look at the content on your server, and the accounts configured to access it—and resetting all your accounts' passwords.