A full one-third of all Parallels Plesk Panel web designers and web developers switched to Plesk from cPanel. I was quite surprised to discover this preference, especially after being exposed to 10+ years of the single-panel shared hoster’s strong polarizing views and unyielding preferences towards one solution over the other.
This past week The Register reported that Google is migrating a thousand plus instances of MySQL to MariaDB. At Parallels we made the decision about six months ago to release the newest version of our popular Parallels Plesk Panel with support for MariaDB. Parallels Plesk Panel, used for web hosting and management, is now running on over 270,000 servers world-wide and the MariaDB support in Parallels Plesk Panel 11.5 has helped drive growth and adoption over the past few months. We are a strong supporter of the MariaDB Foundation and applaud Google’s move which, along with RedHat’s announcement earlier this year, further validates MariaDB market momentum. It is a healthy reaction to Oracle’s control of MySQL and the moves they have made to limit community involvement.
A variation is being reported of a previously-reported zero-day vulnerability in older versions of Parallels Plesk Panel. Since the original vulnerability was first reported, the majority of Parallels Plesk Panel customers took the necessary steps to upgrade to a non-vulnerable version of the product.
Today only 4% of servers running Parallels Plesk Panel are potentially impacted. This means 96% of Parallels Plesk Panel servers have been updated to a non-vulnerable version of Parallels Plesk Panel.
If you are still running Parallels Plesk Panel 9.0 to 9.2, please take the action to upgrade today. There are multiple version options to upgrade to in order to help you secure and protect your customers.
How to upgrade
+ The best version to upgrade to is Parallels Plesk Panel 11.0. It has been available for over a year and is the version with the highest deployment rate, lowest support cost, best performance and, of course, highest security.
+ On June 13, 2013, Parallels will launch Parallels Plesk Panel 11.5. This new version will come with additional usability, performance and security benefits.
+ If you cannot upgrade to the latest version, you can update now to Parallels Plesk Panel 9.5.4. This is a direct upgrade through the AutoInstaller. On June 13 you can then upgrade to version 11.5.
If you are unable to upgrade at this time, you can apply a script to automatically update your Parallels Plesk Panel for Linux 9.0-9.2.3 server. You can download that script (wrapper.zip) from the “Attachments” section of http://kb.parallels.com/116241.
Details about the vulnerability
This vulnerability is not new. It is a variation of the long-known CVE-2012-1823 vulnerability related to the CGI mode of PHP in selected older and end-of-life versions of Parallels Plesk Panel. The exploit for this vulnerability uses a combination of two issues:
+ PHP vulnerability CVE-2012-1823 related to CGI mode used in older versions of Parallels Plesk Panel (http://kb.parallels.com/en/113818)
+ Parallels Plesk Panel phppath script alias usage in Parallels Plesk Panel versions 9.0-9.2
All currently supported versions of Parallels Plesk Panel 9.5.4, 10.x and 11.x, as well as Parallels Plesk Automation, are NOT vulnerable. Also, Parallels Plesk Panel 8.x (now end-of-life) is NOT vulnerable.
There also are some additional resources to insure that your Parallels Plesk Panel installation is secure, and malware, if present, is removed:
+ Parallels has created a comprehensive page on securing Parallels Plesk Panel at http://kb.parallels.com/en/114396
+ Parallels has created a malware removal tool at http://kb.parallels.com/en/115025
Adam Bogobowicz, Sr. Director of Product Marketing
Parallels Plesk Panel 11 has gained strong adoption since its launch 12 months ago. Superior user experience, best in class performance further enhanced with NGINX integration and cloud friendly cloning features make it the preferred choice for service providers looking for a professional grade cloud panel solution. Parallels Plesk Panel 11 is the fastest growing panel product in the company’s history.
Recently Verio, a subsidiary of NTT Communications and a leading provider of innovative online business solutions to SMBs worldwide, became a Parallels Platinum partner. As part of the partnership, Verio gained access to the broad portfolio of Parallels products, research, training and support which allowed the company to deliver greater value to partners and customers.
Verio took advantage of the cloud features of Parallels Plesk Panel 11 and added Parallels Plesk Panel to its cloud offering.
Yesterday Verio announced an impressive 102 percent growth quarter over quarter for Verio Cloud. This service takes full advantage of both the exceptional user experience of the Parallels Plesk Panel as well its cloud features.
Parallels Plesk Panel 11 cloud support includes a panel cloning features that allows Verio to copy the same Parallels Plesk Panel instance to different virtual machines without compromising panel operability due to changing IP addresses and other unique entities. To support Virtual Private Server (VPS) cloning, Parallels Plesk Panel 11 includes tools for preparing images, automatic reconfiguration to new environments (including KVM, XEN, VMware, Hyper-V), and optional automated delivery of a license into a new environment.
The upcoming release of Parallels Plesk Panel 11.5 is now available in feature complete preview and will further improve customer experience. Parallels Plesk Panel 11.5 will be more secure, easier to adopt, easier to upsell, and will provide full control and industry-best usability for website owners, helping service providers like Verio to deliver new value to the cloud users.
Recently, a Cisco security research analyst used an old Parallels Plesk Panel vulnerability as an example of why it is important to patch servers that may be running old software. His point is valid, and Parallels agrees fully that “the active exploit of this year-old vulnerability serves as an important reminder that website operators and administrators must keep systems up-to-date.”
It turns out the exploit this researcher was referring to was (a) for Parallels Plesk Panel 9.3 and earlier – products from 2009 and earlier that are now at end-of-life, and (b) in the 3rd party Horde webmail component, not in the Parallels Plesk control panel itself. A patch was promptly issued by Parallels in February 2012.
This reported vulnerability – which certainly is not anything new (considering the patch has been out for over a year), was later confused in some subsequent blogs and comments with another vulnerability in Parallels Plesk 10.3 and earlier versions (products from summer 2011 and earlier) also discovered and fixed in February 2012. Though the current version of Parallels Plesk Panel at that time, 10.4, did not have this vulnerability, Parallels immediately issued a security advisory and patches in February 2012 for all prior impacted versions and advised partners about actions to take. Additionally, Parallels created a comprehensive page on securing Parallels Plesk Panel and a Malware Removal Tool, responding quickly and thoroughly to these exploits.
For Parallels partners who install patches and reset passwords, Parallels Plesk Panel is not subject to this vulnerability. Customers running Parallels Plesk Panel 10.4 and 11 never had this vulnerability in the first place.
Parallels agrees that the point of the Cisco researcher is still very valid: “The active exploit of this year-old vulnerability serves as an important reminder that website operators and administrators must keep systems up-to-date. This is especially urgent with vulnerabilities that are remotely detectable. This means not just the operating system, but every program and add-on for those programs also needs to be kept up-to-date. A vulnerability left unpatched in any one of them can lead to total system compromise.”
Parallels Plesk Panel 11 and the upcoming 11.5 are the most secure versions ever, and we strongly encourage our Partners and customers to upgrade to these versions. In Parallels Plesk Panel 11, all Security Updates are clearly reported in the panel. Partners can force Security Updates when they choose. The option to turn on auto-upgrades is also highly recommended for anyone on Parallels Plesk Panel 10 or above. It is the best way to keep you fully secure.
– The Parallels Plesk Panel Team
Today Parallels Plesk Panel 11.5 becomes available in a feature-complete preview. With Parallels commitment towards professional hosting, the 11.5 release is focused on professional aspects of the product, including business growth, upgrading, upsell and ease of operations, for both web hosts and website owners.
Easier to adopt and grow
Parallels Plesk Panel 11.5 makes it easier to move from previous versions of Parallels Plesk Panel, helping service providers take advantage of the latest technology and security, and rapidly grow their businesses.
We understand that professional hosters are growing and need technology solutions that will make that growth possible. In Parallels Plesk Panel 11.5, the ease of switching from other versions has been designed in, delivering a simplified and reliable transfer experience.
For example, the updated migration manager is designed to identify possible transfer limitations in advance, allowing you to configure new servers with the correct services, disk space and other resources before starting the transfer process.
During transfers, a new and streamlined process will now communicate errors in a way that is easier to identify and react to, and will help with troubleshooting by keeping all relevant logs in a single dedicated folder. For example, everything about recent transfers will be stored in /usr/local/psa/PMM/logs/migration-2013-04-10-19-39-22-557/.
At the same time, we are also enabling the transfer of sites with remote databases (avoiding “database already exists” errors) and improving backup compression by using pigz instead of gzip which reduces backup time up to 3x. (pigz = “parallel implementation of gzip” – a fully functional replacement for gzip that exploits multiple processors and multiple cores to the hilt when compressing data)
Some of our customers are running a mix of old and new panel versions because of the need to support new and old websites running with different PHP versions. With 11.5 you can mix and match PHP versions on a single server, allowing you to consolidate all websites into the latest version of the panel.
Windows hosters will find Parallels Plesk Panel 11.5 to be considerably faster on many backup and upgrade functions. Mail data is backed up and restored differently (not using slow IMAP), and MS SQL backups are sped up significantly by using native MS SQL backups. Additionally, 11.5 introduces deferred file transfer for less traffic and faster response times.
With these changes it will be easier for you to upgrade to the latest version of Parallels Plesk Panel, achieve greater security and comprehensive IPv6 support, prepare to grow into a multi-server solution someday, and deliver new services beyond shared hosting.
Easier to upsell
With Parallels Plesk Panel 11.5 you can maximize and control your upsell process with management of panel promotions, notifications, and licenses.
With previous versions of Parallels Plesk Panel you had to go outside of the panel to upgrade, upsell or communicate with your customers. With 11.5 and a new License Key Administrator interface called “KA Partner Central” (coming soon – not part of this Preview) you will be able to deliver custom notifications to your users and modify notifications in the panel. Shortly after Parallels Plesk Panel 11.5 releases, we will improve reporting and management of licenses to make it easier to track how and where your Parallels Plesk Panel licenses are used. We’ll also make it easier to add, suspend, or do other typical license operations in a clean, more modern UI.
Along with the growth of the Parallels Plesk Panel catalog of both open source and commercial applications, we have also improved the application experience by adding better search and browse capabilities and a quick unattended application installation experience. To support integration of some premium e-mail applications, such as Open-Xchange, Parallels Plesk Panel 11.5 adds support for the APS Mail Aspect.
Managing applications is also easier in Parallels Panel 11.5. You can install a specific version of an application (for example, if you expect plug-in compatibility issues), and easily keep applications up-to-date. Users get update notifications and can turn on automatic application updating. Hosting providers can turn on forced updates of all applications on the server – to guarantee security patches are loaded, for instance.
Parallels Plesk Panel 11.5 makes the most sophisticated professional web hosting features available to both Windows and Linux admins in a way that is easy to understand and use.
With older versions of Parallels Plesk Panel, some of our partners were frustrated because we did not give them enough control over the system and had to translate your sophisticated system administrative skills into a “Plesk way” of getting things done. We have addressed this concern in Parallels Plesk Panel 11.5 with many improvements for technical users. Parallels Panel 11.5 is more admin-friendly, so less training time is required. Plus, this latest version empowers webmasters to manage PHP and Web Server settings site-by-site in an SEO-safe manner – which includes appropriate configuration of redirects, domain aliases, www-prefix and appropriate suspend to keep sites showing up in search engines.
Parallels Plesk Panel 11.5 moves to well-understood, standard management practices used by Linux and Windows administrators. For Linux Admins, Parallels Plesk Panel 11.5 significantly simplifies the structure of the user’s home directory, allowing you to put your files where you need them, avoiding confusion with “strange” system folders so you can easily locate what you need. It also makes significant improvements in the CLI (command line interface) for admins who want to bypass the GUI to operate more rapidly.
Parallels Plesk Panel 11.5 makes the server administrator and infrastructure provider’s life easier with support of the well-known Atomic and Remi repositories which provide multiple 3rd party updates. To gain maximum performance, our new Hybrid Web Server can send static content and PHP scripts to nginx, while other scripts can still be executed in Apache. Plus, for convenience, database users can access multiple databases with the same credentials for all databases they have access to.
We enable multiple versions of PHP on any server, and you can define the PHP version used per website. This can be your custom PHP build or PHP downloaded from an alternative repository. Additional versions are selected per site and work with the FastCGI or CGI handlers.
Improved security is addressed through support for additional administrators on Linux (so there is no need to share passwords) and by secure FTP, so you can be PCI compliant and mitigate risks of intercepted user passwords.
Parallels Plesk Panel 11.5 is the most sophisticated and feature rich panel product on the market, delivering unparalleled control and professional grade usability and administration. Spending less time on administration and training new admins will drive increased efficiency.
With Parallels Plesk Panel 11.5, you are also only a step away from a next-level multi-server professional hosting solution, Parallels Plesk Automation. This solution is a natural evolution of Parallels Plesk Panel, and allows you to centralize mail and administration, manage Linux and Windows web hosting on the same system, and grow into VPS and services hosting over time. Only Parallels Plesk Panel gives you a clear path to growth.
Best Usability for Website Owners
Parallels Plesk Panel 11.5 lowers support and churn by delivering best-in-class usability for website owners.
Website and domain management is at the core of Parallels Plesk Panel. Although the prior version 10.x GUI looked attractive, the usability for websites and domains operations required improvement.
For Parallels Plesk Panel 11.5 we reworked the user interface to make working with sites more comfortable. Now, the Websites and Domains tab is the home screen with all domains and websites listed prominently on this screen. Our new Active List feature saves time for website owners by giving them more information about their sites and domains along with common tasks in an easy to navigate interface. We are also introducing graphical help screens, built-in operations search, entity search and training videos along with fully searchable documentation.
For email in Parallels Plesk Panel 11.5, you will have more choice of webmail clients – including Roundcube and Horde IMP 5.0.
Taken together these additions improve customer self-service and satisfaction, lowering support costs and customer churn risks for service providers.
You can download Parallels Plesk Panel 11.5 Preview here: http://www.parallels.com/download/plesk/11.5
Adam Bogobowicz, Sr. Director of Product Marketing
cPanel claims big victory, announces it is now only 3x slower than Parallels Plesk Panel
cPanel recently revealed they cut their product install time by an average of 30% and are now able to achieve install times of 50 minutes. This is still more than 3x slower than Parallels Plesk Panel. This less than impressive claim is promoted as the reason one might choose cPanel. If you use install time as a main criteria for choosing a panel you have a clear winner: Parallels Plesk Panel with 15 minutes install time.
I’ve talked to a number of hosters running both Parallels Plesk Panel and cPanel and their non-lab experience confirms these results. They are reporting cPanel 11.36 default installations taking over 2 hours and Parallels Plesk Panel 11 installations less than 18 minutes. With mirror Parallels Plesk Panel repository, local install source, they are installing Parallels Plesk Panel in under 6 minutes.
Let me know how this compares with your experience.
Adam Bogobowicz, Sr. Director of Product Marketing for Service Providers at Parallels