If you’re a Plesk user running the Plesk Onyx control panel, your server might be vulnerable to a malicious technique known as clickjacking. For those unfamiliar with the term, clickjacking (also known as a “UI redress attack”) is a technique involving transparent overlays where a user is tricked into clicking something different than they perceive. By placing these transparent overlays over images, links, or buttons online, malicious actors can gain access to your server, allowing them to execute harmful commands or extract data. When Plesk is opened within a frame (or separate area of a webpage), it leaves users vulnerable to this type of attack.
So how can you protect yourself from clickjacking? Luckily, you can prevent your server from being clickjacked using the sameOriginOnly setting in the panel.ini file.
*NOTE: This solution works by preventing Plesk pages from opening within frames on any website. This includes all domains and is not exclusive to sites that may be malicious in origin.
Enabling Clickjacking Protection in Plesk
To protect your server from clickjacking, just follow these 5 steps:
- For Linux, you’ll first need to log in to your Plesk Onyx server as the root user using your preferred ssh client.
- Next, edit the file panel.ini located at /usr/local/psa/admin/conf using the command:
- If the file does not already exist, create it using the touch command.
- Within the /conf file, add the following lines:
sameOriginOnly = true
- Finally, just save the file and you are done.
And there you have it! Your server is now protected from clickjacking.
- How to Fix Invalid cPanel License Error When the IP is In Fact Licensed
- How to Increase PHP Upload Limit on a cPanel Server
- How to Add a Subdomain in Plesk 12
Don’t see what you’re looking for? Use the search bar at the top to search our entire Knowledge Base.
The Hivelocity Difference
With best-in-class customer service, affordable pricing, a wide-range of fully-customizable options, and a network like no other, Hivelocity is the hosting solution you’ve been waiting for.