Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 14th February 2013, 17:07
vmos vmos is offline
Member
 
Join Date: Nov 2008
Posts: 57
Thanks: 1
Thanked 0 Times in 0 Posts
Default restrict user by location?

Good morning, we use ispconfig on many of our servers, but only as standalone instances. On each of these we've restricted access to the admin interface on our firewall and also with iptables.
We're giving some thought to using a clustered setup for our DNS and/or mail and we want to open the interface to give users access to manage their own DNS and that.
One of the potential problems with that potentially somebody could brute force the admin login and then get access to everything.

Sure we can use fail2ban to reduce the likelihood of this but is there anyway to eliminate the option entirely?

Either say that the admin user can only log in from a certain IP or can only log in to a certain server in the cluster, and then we'd restrict access to that server?
Reply With Quote
Sponsored Links
  #2  
Old 14th February 2013, 17:12
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,022
Thanks: 840
Thanked 5,655 Times in 4,464 Posts
Default

Quote:
One of the potential problems with that potentially somebody could brute force the admin login and then get access to everything.
You can not brute force the ispconfig admin login as ispconfig blocks IP's aftersome failed login attempts automatically. Fail2ban is not required for that.

Quote:
Either say that the admin user can only log in from a certain IP or can only log in to a certain server in the cluster, and then we'd restrict access to that server?
The ispconfig login is a normal apache vhost, so you can use all kin of restrictions that are available for apache vhosts as additional protection.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
aangelatexaxda9431 (15th February 2013)
  #3  
Old 15th February 2013, 12:32
vmos vmos is offline
Member
 
Join Date: Nov 2008
Posts: 57
Thanks: 1
Thanked 0 Times in 0 Posts
Default

what we want is to make the login interface generally available, just not have the option to login as admin on the public interface, I'm not aware of how to do that via apache.

What method does ispconfig use to block brute force attempts other than fail2ban?
Reply With Quote
  #4  
Old 15th February 2013, 12:38
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,022
Thanks: 840
Thanked 5,655 Times in 4,464 Posts
Default

Quote:
What method does ispconfig use to block brute force attempts other than fail2ban?
It tracks and blocks logins internally.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Tags
cluster, fail2ban, ispconfig, login

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
dovecot start problem veneficus Installation/Configuration 3 10th April 2012 18:39
Auth.log question spikes Server Operation 0 12th December 2010 22:24
freebsd 7, samba 3, domain controller alexdimarco Suggest HOWTO 6 5th November 2010 17:54
The system is currently updating the configuration files. warlock General 8 21st February 2009 19:15
New user directory location xyanide Installation/Configuration 9 31st July 2007 14:39


All times are GMT +2. The time now is 06:46.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.