Protecting Against Clickjacking¶
Clickjacking (also known as a “UI redress attack”), a malicious technique, involves an attacker covering a button, a link, or a picture you intend to click with an overlay (transparent or opaque). The aim of the attack is to trick you into clicking the overlay instead of the desired webpage object. This can lead to harmful commands being executed or confidential information being compromised. Plesk users can be vulnerable to clickjacking when Plesk is opened within iframes on a malicious website.
To protect Plesk from clickjacking:
Add the following lines to the panel.ini file:
[security]
sameOriginOnly = true
Enabling the sameOriginOnly
setting prevents Plesk pages from
opening within iframes on other websites. Note that this will also
prevent Plesk pages from opening within iframes on websites that are not
malicious.