View Single Post
Old 1st January 2013, 18:36
till till is offline
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,037
Thanks: 841
Thanked 5,658 Times in 4,466 Posts

-Check if the mail you want use is not already used by another
-Secure domain-management, because right now we can use any domain name that is well configured or not and the most important is that you can use the domain name of the other clients, even that is the domain of the host causing a problem with the security (easy Fishing for every one !)
This is a configuration issue in your install and not a security issue as ispconfig has functions to protect you against this. The function is named domain limit. Go to System > Interface > Main config and enable the checkbox "Use the domain limits in client module to add new domains" to enable the domain limit function.

The domain limit function is visible then in the left menu of the client module.

-So there is a very big problem: If a client makes a false certificate SS ... all the server (apache) crash! and without exception! Without exception!
This problem existed in as apache is not able to skip malformed ssl certificates. It has been solved in 3.0.5 by including the ssl configuration part into the config rollback, so a client can not crahs apache anymore as ispconfig will use the last working configuration or ssl certificate.
Till Brehm
Get ISPConfig support and the ISPConfig 3 manual from
Reply With Quote