View Single Post
  #2  
Old 14th February 2013, 16:12
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,083
Thanks: 826
Thanked 5,397 Times in 4,241 Posts
Default

Quote:
One of the potential problems with that potentially somebody could brute force the admin login and then get access to everything.
You can not brute force the ispconfig admin login as ispconfig blocks IP's aftersome failed login attempts automatically. Fail2ban is not required for that.

Quote:
Either say that the admin user can only log in from a certain IP or can only log in to a certain server in the cluster, and then we'd restrict access to that server?
The ispconfig login is a normal apache vhost, so you can use all kin of restrictions that are available for apache vhosts as additional protection.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote