Plesk problem - confirmation that NoScript works against it

pleskproblem · Post by **pleskproblem** » Wed Jul 11, 2012 12:09 pm

Hello everyone.

As you might have heard, a number of websites have been this month infected after a hole was found in Plesk:
http://blog.unmaskparasites.com/2012/06 ... m-domains/

From what I understood, the malicious script, when executed, turns itself into an IFRAME with the malicious page. Can you please confirm that:

1. If I visit an infected website that is NOT on NoScript's whitelist, I'm 100% safe because the script will not run.

2. If I visit an infected website that is on NoScript's whitelist, the code will run, will be converted to an IFRAME but NoScript will block the IFRAME because it's not on the Whitelist.

Is the above correct?

Thank you.

dhouwn · Post by **dhouwn** » Wed Jul 11, 2012 1:24 pm

fixed link: http://blog.unmaskparasites.com/2012/06 ... m-domains/

pleskproblem · Post by **pleskproblem** » Wed Jul 11, 2012 1:47 pm

Very kind dhouwn, thanks!

Post by **Thrawn** » Wed Jul 11, 2012 8:03 pm

That looks nasty. However:
1. Yes, non-trusted sites are safe.
2. For trusted sites, see http://noscript.net/faq#qa1_11 (especially the section about trusted sites getting compromised).

InformAction Forums

Plesk problem - confirmation that NoScript works against it

Plesk problem - confirmation that NoScript works against it

Re: Plesk problem - confirmation that NoScript works against

Re: Plesk problem - confirmation that NoScript works against

Re: Plesk problem - confirmation that NoScript works against