Plesk - Nimbusec Webhosting Security

This how-to guide describes the usage of the Nimbusec Webhosting Security Plugin for Plesk.

Installation & Uninstallation

There are two ways on how the manage the installation and uninstallation of the Plesk plugin.

Manage through Plesk extension store

For installation, please refer to the official Plesk plugin / extension store where the plugin is categorized under Security for easier search. To uninstall the plugin, click on the plugin and select the option uninstall.

Manage via Command-Line

This approach is not adviced for regular non-technical customers and should only be used under consideration of the risks. In order to manage the plugin via the Plesk command line, please refer to the detailed instruction page on the official Github repository: https://github.com/nimbusec-oss/nimbusec-plesk.

Usage

Setup

After successfully installing the Nimbusec Plesk Extension, an initial licence screen is presented as below.

Licence Screen

In order to gain access to the plugin, one must select either of two options and obtain the necessary permissions correspondingly.

Get a Licence

A licence containing the required permissions alongs with valid access credentials can be purchased through the official Plesk extensions store: https://www.plesk.com/extensions/nimbusec-agent-integration/. After receiving the licence, the correct option in the licence screen must be selected to active the extension and download the Nimbusec Agent.

Enter API credentials

Please enter your API Key and Secret and click on "Download Server Agent" to intiate the activation. If you don't have API credentials yet, get in contact with plesk@nimbusec.com or issue a support ticket on the official website nimbusec.com for purchase or trial subscriptions.

Settings

The settings screens allow for various configuations the extension:

Register and unregister Plesk domains in the Nimbusec Portal
View the Nimbusec Agent Configuration
Configure schedule and advanced options for the Nimbusec Agent
Activate the Nimbusec Agent

Register and unregister Plesk domains

Domains Settings

The register view shows all domains which are available within your Plesk installation. In order to allow the Nimbusec Agent to scan your domains you must first register them with a plan (e.g link them). To conduct this, select one or more domain you want to register, select the wished plan and click on "Register the selected domains".

The domains will be registered and are moved below the correct plan. From there it is possible to unregister the domains.

In the unregister view you see all domains which are already registered with Nimbusec and grouped by their corresponding plan. In case you want the Nimbusec Agent to stop scanning your domains, select the domains you wish to unregister and click on "Unregister the selected domains".

View the Nimbusec Agent Configuration

The Agent Congfiguration view shows you the current configuration file which is used by the Nimbusec Agent every time it starts scanning. This will give you the possibility of verifying the Agent's functionality. For more information about the agent configuration file, please refer to: https://kb.nimbusec.com/Server Agent/agent-configuration.

Agent Settings

Set Run Settings for the Nimbusec Agent

In order to start the Nimbusec Agent's scanning process, it must be activated. This can be done by checking the "Status" checkbox and clicking on "Save settings" afterwards.

Additionally, the Nimbusec Agent must be set to a specific schedule interval. This means basically how often the Nimbusec Agent should scan every day. For that you can choose between one, two, three or four times a day. Again, save the settings afterwards by clicking the "Save settings" button.

Update Agent

This screen gives you an overview about your current Nimbusec Agent installation. The extension will check for an updated version in the background and will show a green/success or yellow/warning message on top of the page in case of an available update. Please check back to this page from time to time.

Dashboard

The Dashboard is very new and shows the issues found on your monitored websites. From there you have the option to

view the possible malicious files,
move them to quarantine
remove from quarantine back to their origin
- this is much likely the case, if a file was moved that is crucial for the website to run

Dashboard

License Key for Support

Sometimes you'll want to ask our support team questions about your Plesk installation. In that case it helps if you also provide the License Key / Subscription ID to us. Because of the General Data Privacy Regulations (GDPR) we do not get any personal / contact data from Plesk, and every entry is pseudonymisied. Only the subscription ID is provided which we use for invoicing Plesk and also provide support if needed.

So here's how to get this information:

API Documentation

FQL Documentation

Installation on Linux

Installation on Windows

Agent Configuration

Docker Image

Configuration

Reputation

Transport Layer Security (TLS)

Verifying PDF Integrity

Compliance Monitoring Issues

Security Header Ratings

Two factor authentication

What is Discovery?

What is Nimbusec?

Alert actions

Blacklist alerts

Content alerts

Fading out results

Server side alerts

Reputation Alerts

Issue and Event overview

Incident Response - Website Cleanup

Sync domains in a hosting environment automatically

Nimbusec WSM - Available Data

Discovery Webhooks

Nimbusec Webhooks

Plesk - Nimbusec Webhosting Security

Plesk - Nimbusec Webhosting Security

Installation & Uninstallation

Manage through Plesk extension store

Manage via Command-Line

Usage

Setup

Get a Licence

Enter API credentials

Settings

Register and unregister Plesk domains

View the Nimbusec Agent Configuration

Set Run Settings for the Nimbusec Agent

Update Agent

Dashboard

License Key for Support

No Comments