View Single Post
  #20  
Old 1st January 2013, 17:36
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,405
Thanks: 834
Thanked 5,496 Times in 4,326 Posts
Default

Quote:
-Check if the mail you want use is not already used by another
-Secure domain-management, because right now we can use any domain name that is well configured or not and the most important is that you can use the domain name of the other clients, even that is the domain of the host causing a problem with the security (easy Fishing for every one !)
This is a configuration issue in your install and not a security issue as ispconfig has functions to protect you against this. The function is named domain limit. Go to System > Interface > Main config and enable the checkbox "Use the domain limits in client module to add new domains" to enable the domain limit function.

The domain limit function is visible then in the left menu of the client module.

Quote:
-So there is a very big problem: If a client makes a false certificate SS ... all the server (apache) crash! and without exception! Without exception!
This problem existed in 3.0.4.6 as apache is not able to skip malformed ssl certificates. It has been solved in 3.0.5 by including the ssl configuration part into the config rollback, so a client can not crahs apache anymore as ispconfig will use the last working configuration or ssl certificate.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote