Is exposing the default plesk page on an IP dangerous? I can imagine it is somehow usable for fingerprinting a version maybe. But is it dangerous anyhow?
Asked
Active
Viewed 207 times
0
-
1Having Plesk itself is dangerous. – André Borie Jun 30 '16 at 20:57
-
@AndréBorie can you explain why? – Bob Ortiz Mar 18 '17 at 19:11
2 Answers
2
Well, it tells people you don't really know what you're doing, in that it reveals that you use Plesk (or any web hosting panel in general).
Whether disclosing this information publicly is "dangerous" or not is debatable and down to definitions, but I can tell you that if I were scanning for something to hack, seeing a web control panel like Plesk would tell me that I've found something that's likely to be poorly configured and insecure, but also likely to be a low value target. (The typical server running Plesk is a cheap VPS with minimal resources and no professional administrator.)
At the same time, I suspect it would be almost trivial to suss out that information anyway, with or without the presence of that parking page. So, I'd say that the dangerous thing here is using a web control panel at all, as opposed to understanding and properly administrating your web server.
HopelessN00b
- 3,385
- 19
- 27
0
Based on the image you provide, it doesn't show any version information. It merely tells the user that there is no website at that address.
Note that it is possible to change the default website templates in Plesk. Consult its manual for more details.
Julie Pelletier
- 1,919
- 10
- 18
-
3At the risk of splitting hairs version numbers can also be obtained from the source as well, so despite the fact it may not be visible in this shot it doesn't mean it's not available. – DKNUCKLES Jun 30 '16 at 19:42
-
@DKNUCKLES: I agree and that could also be changed in the templates. – Julie Pelletier Jun 30 '16 at 19:53