View Single Post
  #4  
Old 29th March 2007, 10:32
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,438
Thanks: 813
Thanked 5,209 Times in 4,085 Posts
Default

1) That's the case with all unencrypted protocols, that's why there are encrypted protocols as replacement. Do not blame ISPConfig for your personal server setup.
2a) If you run a server, you should know this. If you dont know this, you should not run a ISP for other poeple.
b) Thats not correct. You connect trough the central mailserver domain of the ISP and not trough personal mail domains. Thats like most ISP's are doing it.
3) Thats your personal decision and not a problem in ISPConfig. You can also configure your linux root user without a password, is this a linux problem then? No.

Quote:
i know, that you have the possibility to make the server secure with ispconfig but i don't think, that many server-admins REALIZE this security hole and so uses this config and this means that their servers can easily be hacked!
Thats not the case in my opinion. You may use separate FTP users if you want, as I posted above You can secure your connections if you want. Your customers use the login data that you send them.

Quote:
if you have "virtual" users -> one for ftp one for email and so on, than this is more secure because knowing the email pwd means NOT knowing the FPT-pwd! (and vice versa)
ISPConfig 3 has virtual users.

[update] fixed a few typos.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.

Last edited by till; 29th March 2007 at 10:42.
Reply With Quote