Plesk - Nimbusec Webhosting Security
This how-to guide describes the usage of the Nimbusec Webhosting Security Plugin for Plesk.
Installation & Uninstallation
There are two ways on how the manage the installation and uninstallation of the Plesk plugin.
Manage through Plesk extension store
For installation, please refer to the official Plesk plugin / extension store where the plugin is categorized under
Security for easier search. To uninstall the plugin, click on the plugin and select the option
Manage via Command-Line
This approach is not adviced for regular non-technical customers and should only be used under consideration of the risks. In order to manage the plugin via the Plesk command line, please refer to the detailed instruction page on the official Github repository: https://github.com/nimbusec-oss/nimbusec-plesk.
After successfully installing the Nimbusec Plesk Extension, an initial licence screen is presented as below.
In order to gain access to the plugin, one must select either of two options and obtain the necessary permissions correspondingly.
Get a Licence
A licence containing the required permissions alongs with valid access credentials can be purchased through the official Plesk extensions store: https://www.plesk.com/extensions/nimbusec-agent-integration/. After receiving the licence, the correct option in the licence screen must be selected to active the extension and download the Nimbusec Agent.
Enter API credentials
Please enter your API Key and Secret and click on "Download Server Agent" to intiate the activation. If you don't have API credentials yet, get in contact with firstname.lastname@example.org or issue a support ticket on the official website nimbusec.com for purchase or trial subscriptions.
The settings screens allow for various configuations the extension:
- Register and unregister Plesk domains in the Nimbusec Portal
- View the Nimbusec Agent Configuration
- Configure schedule and advanced options for the Nimbusec Agent
- Activate the Nimbusec Agent
Register and unregister Plesk domains
The register view shows all domains which are available within your Plesk installation. In order to allow the Nimbusec Agent to scan your domains you must first register them with a plan (e.g link them). To conduct this, select one or more domain you want to register, select the wished plan and click on "Register the selected domains".
The domains will be registered and are moved below the correct plan. From there it is possible to unregister the domains.
In the unregister view you see all domains which are already registered with Nimbusec and grouped by their corresponding plan. In case you want the Nimbusec Agent to stop scanning your domains, select the domains you wish to unregister and click on "Unregister the selected domains".
View the Nimbusec Agent Configuration
The Agent Congfiguration view shows you the current configuration file which is used by the Nimbusec Agent every time it starts scanning. This will give you the possibility of verifying the Agent's functionality. For more information about the agent configuration file, please refer to: https://kb.nimbusec.com/Server Agent/agent-configuration.
Set Run Settings for the Nimbusec Agent
In order to start the Nimbusec Agent's scanning process, it must be activated. This can be done by checking the "Status" checkbox and clicking on "Save settings" afterwards.
Additionally, the Nimbusec Agent must be set to a specific schedule interval. This means basically how often the Nimbusec Agent should scan every day. For that you can choose between one, two, three or four times a day. Again, save the settings afterwards by clicking the "Save settings" button.
This screen gives you an overview about your current Nimbusec Agent installation. The extension will check for an updated version in the background and will show a green/success or yellow/warning message on top of the page in case of an available update. Please check back to this page from time to time.
The Dashboard is very new and shows the issues found on your monitored websites. From there you have the option to
- view the possible malicious files,
- move them to quarantine
- remove from quarantine back to their origin
- this is much likely the case, if a file was moved that is crucial for the website to run
License Key for Support
Sometimes you'll want to ask our support team questions about your Plesk installation. In that case it helps if you also provide the License Key / Subscription ID to us. Because of the General Data Privacy Regulations (GDPR) we do not get any personal / contact data from Plesk, and every entry is pseudonymisied. Only the subscription ID is provided which we use for invoicing Plesk and also provide support if needed.
So here's how to get this information:
- Login to Plesk as admin
- Go to: Tool&Settings > License Management > Additional license key
- Find by “Key name” needed license
- Copy the content of column “Key number” for this license