View Single Post
  #6  
Old 12th March 2013, 14:37
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,022
Thanks: 840
Thanked 5,655 Times in 4,464 Posts
Default

Quote:
clients with multiple websites cannot understand why they need a different ftp login for each site.
Then you might want to explain to them that they will loose all sites when one of their sites get hacked. Example:

A company which is your client has several sites: a shop which accepts credit cards, a company site were they provide also sensitive data to their customers in a protected area and a company blog.

On the blog, they installed a insecure plugin in e.g. wordpress, so the site gets hacked.

a) In the way ispconfig configures websites, the hacker gets only access to the blog site as the shop and the company page are in different sites with different Linux users.

b) In the way you want to configure the system, the attacker gets access to the blog, the comapny site with sensible data and the shop with the credit cards.

In case a) There is not much damage, you restore the blog from a backup, fix the security issues in the plugin and thats it. In case b) you can have a severe damage, sensitive data gets lost and you would have to restore 3 sites instead of one site.

And such hacks occur more often then most poeple expect. While the base systems of joomla, wordpress, etc are quite secure, there are many vulnerable plugins available and its enough that your customer installs one of it to make its site vulnerable.

Also how high is the burden with multiple logins? All comon FTP clients provide options to store login details and site management software like dreamweaver handles logins per site anyway.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote