

Huge Plesk Calamity - igtztorrero

My server was hacked, it uses plesk to administer domain.
Last week I couldn&#x27;t access plesk, so I &quot;ssh&quot; to my server, and used &quot;top&quot; command, I saw some weird processes, consuming all my cpu time !
I use &quot;ps auxww&quot; to detect the process and I met Medusa.
What the heck is Medusa ?
Why is installed in my server ?
Who is using my server ?
I&#x27;m part of that statistic 360,001 websites hacked!
Why plesk doesn&#x27;t warning me ?<p>http:&#x2F;&#x2F;arstechnica.com&#x2F;security&#x2F;2013&#x2F;06&#x2F;more-than-360000-apache-websites-imperiled-by-crticial-vulnerability&#x2F;
======
biggles12
Just one thing to do. Reinstall Plesk on a new server and restore your data
from a clean backup. I would suggest installing some sort of security
enhancements in the new server. Personally I use ASL from Atomicorp which
prevents most vulnerabilities.

