• Firewall (apf/csf and bfd)
• Secure tmp partition (noexec)
• rootkit scanning
• PHP hardening
• Apache hardening
• Mod-security
• Shell login notification

I just read this one from SWsoft forum.

There is a SQL injection vulnerable security hole exists on Plesk 8.x.x. Yes, it’s even on 8.2.0, which is the latest stable version.

It’s /usr/local/psa/admin/plib/class.Session.php.

Here’s the fix.