Search for:

  • Article for your preferred language does not exist. Below is international version of the article.
Available article translations:

Backup signing in Plesk 11.5

Article ID: 116395, created on Jul 5, 2013, last review on Dec 2, 2014

  • Parallels Plesk 12.0 for Linux
  • Parallels Plesk 11.5 for Linux
  • Parallels Plesk 11.5 for Windows


Parallels Plesk Panel Micro-Update #3 for Plesk 11.5 introduced a new security measure: signing of backup files. This article addresses questions that may arise due to this feature and explains the customer impact.

What are backup signatures for?

Backups are signed with a server-specific key in order to ensure that the backup is made on the same server and has not been modified. This security measure protects against attempts to restore forged backups in order to increase limits or gain permissions.

When are backups signed?

Backups are signed in the following cases:

  • The backup is created in the FTP server repository. 
  • The backup is downloaded from the Parallels Plesk Panel interface.
  • The backup is created using the pleskbackup command-line utility, even if the argument for -output-file is a local file.

Backups created on the server and stored in the local repository are not signed.

When is a backup signature verified?

A backup signature is verified in the following cases:

  • The backup is uploaded through the control panel.
  • The backup is restored from FTP.
  • The backup is copied from the Personal FTP repository to the Server Repository.
  • The backup is restored from a single file using the pleskrestore command-line utility.

What happens when the server cannot verify a backup signature?

Uploading or restoring of backups with absent or incorrect signatures is not allowed for non-administrator accounts. The Plesk administrator is asked for an additional confirmation when an unsigned or unverified backup is uploaded or restored.

How will the introduction of backup signature checks impact my customers?

  1. All backups uploaded to FTP or downloaded through the control panel before 11.5 MU#3 was installed will be processed as unsigned. This means the following:

    • Non-administrators cannot restore such backups from Personal FTP Repository.
    • Non-administrators cannot upload backups downloaded before installing 11.5 MU#3 to Server Repository.
    • Non-administrators cannot restore their parts of full server backups that are not signed or have incorrect signatures (such backups may be uploaded by the administrator).
  2. The administrator has to confirm the uploading or restoring of unsigned backups or backups with incorrect signatures in the control panel interface and in the command-line utilities:

    • pleskrestore will not start to restore a backup with an incorrect signature unless you add the -ignore-sign option.
    • The I want to restore this backup despite the fact that it is modified check-box should be selected on the Backup Details  and Upload Backup File from Local Computer to Server Repository pages in an Administrator control panel session.
  3. If a backup on Remote FTP Repository has an incorrect signature, it cannot be moved to Server Repository by the Copy to Server Repository button, not even by the administrator. The product development team is working on a permanent solution for this. The current workaround is to download the backup from the FTP server and then upload it through the Plesk interface to Server Repository.

I don't need it! How can I disable this feature?

Signature checking may be turned off through the /usr/local/psa/admin/conf/panel.ini configuration file (%plesk_dir%\admin\conf\panel.ini on Windows):

[pmm] allowRestoreModifiedDumps = on

In this case, the signature will be checked, but will not block any operation.

Search words:

The source file is not a valid XML file. If you supplied an archive file containing a backup from Plesk version 9 or later, then extract the contents of this archive, and process the extracted XML file with the converter. If you want to convert a backup file from a Plesk version earlier than 9, then you first need to process it with the pre9-backup-convert utility, and then process the resulting file with the pre10-backup-convert utility.

51438e1dfe1e98e6ad3bf2ff9709bbbb 56797cefb1efc9130f7c48a7d1db0f0c c81e59b61af9dca603ba03b14aabe968 42844a8183c58f5bd71c7d59929707e6 f4c89357a6ff7298f273cb70f9d95452 1bb40a2897c5fbbe5c9bd20451105ddc 9f8baf78266b4e54525d1c6bf06305a5 824237ce663843af86f93897fbd8e2f8 b44a1557287d8f5170deff96e25c511a 16524e1e2541cde3c382708b52ad207f

Was this article helpful?
Tell us how we may improve it.
Yes No
Server Virtualization
- Odin Cloud Server
- Odin Containers for Windows 6.0
- Odin Virtuozzo Containers
- Odin Automation
- Odin Automation for Cloud Infrastructure
- Odin Business Automation Standard
- Odin Virtual Automation
- Odin Plesk Panel Suite
- Web Presence Builder
- Odin Plesk Automation
- Odin Small Business Panel
- Value-added Services for Hosters
- Odin Partner Storefront
Services & Resources
- Cloud Acceleration Services
- Professional Services
- Support Services
- Training & Certification