If you’re a Plesk user running the Plesk Onyx control panel, your server might be vulnerable to a malicious technique known as clickjacking. For those unfamiliar with the term, clickjacking (also known as a “UI redress attack”) is a technique involving transparent overlays where a user is tricked into clicking something different than they perceive. By placing these transparent overlays over images, links, or buttons online, malicious actors can gain access to your server, allowing them to execute harmful commands or extract data. When Plesk is opened within a frame (or separate area of a webpage), it leaves users vulnerable to this type of attack.
So how can you protect yourself from clickjacking? Luckily, you can prevent your server from being clickjacked using the sameOriginOnly setting in the panel.ini file.
*NOTE: This solution works by preventing Plesk pages from opening within frames on any website. This includes all domains and is not exclusive to sites that may be malicious in origin.
Enabling Clickjacking Protection in Plesk
To protect your server from clickjacking, just follow these 5 steps:
- For Linux, you’ll first need to log in to your Plesk Onyx server as the root user using your preferred ssh client.
- Next, edit the file panel.ini located at /usr/local/psa/admin/conf using the command:
nano /usr/local/psa/admin/conf/panel.ini
- If the file does not already exist, create it using the touch command.
- Within the /conf file, add the following lines:
[security]
sameOriginOnly = true
- Finally, just save the file and you are done.
And there you have it! Your server is now protected from clickjacking.
Popular Links
Looking for more information on Plesk? Search our Knowledge Base!
Interested in more articles about Control Panels? Navigate to our Categories page using the bar on the left or check out these popular articles:
- How to Fix Invalid cPanel License Error When the IP is In Fact Licensed
- How to Increase PHP Upload Limit on a cPanel Server
- How to Add a Subdomain in Plesk 12
Popular tags within this category include: cPanel, WHM, Plesk, DirectAdmin, and more.
Don’t see what you’re looking for? Use the search bar at the top to search our entire Knowledge Base.
The Hivelocity Difference
Seeking a better Dedicated Server solution? In the market for Private Cloud or Colocation services? Check out Hivelocity’s extensive list of products for great deals and offers.
With best-in-class customer service, affordable pricing, a wide-range of fully-customizable options, and a network like no other, Hivelocity is the hosting solution you’ve been waiting for.
Unsure which of our services is best for your particular needs? Call or live chat with one of our sales agents today and see the difference Hivelocity can make for you.