Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 10th January 2010, 12:11
yoplait yoplait is offline
Senior Member
 
Join Date: Dec 2009
Posts: 144
Thanks: 48
Thanked 14 Times in 11 Posts
Default How to add security to ispconfig login ?

Hi there,

I have a debian with ISPconfig 3.0.1.6 installed.
I can imagine that a cracker who has the ispconfig access could do anything he wants on the server. Do you have tips to add more security to this web login ? I'm searching for something more friendly than a .htaccess (or maybe you think that's THE solution ?).

Thanks you for your advise.
Reply With Quote
Sponsored Links
  #2  
Old 10th January 2010, 15:33
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,405
Thanks: 834
Thanked 5,496 Times in 4,326 Posts
Default

The ispconfig login is already secured against brute force attacks and uses salted password, just use a safe password.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 10th January 2010, 16:10
yoplait yoplait is offline
Senior Member
 
Join Date: Dec 2009
Posts: 144
Thanks: 48
Thanked 14 Times in 11 Posts
Default

I have good passwords, but as I can hear about you : There's nothing to do to add more security ?

I think about the script-kiddies which try some files, etc... If everybody tell me that they don't do anything more to protect the ispconfig interface, I can trust you. But, in my case, a friend of mine (co-"admin") is afraid about the security of this such software and I don't know if he's right or not and how ton convince him !
Reply With Quote
  #4  
Old 12th January 2010, 18:41
bluebirdnet bluebirdnet is offline
Member
 
Join Date: Dec 2009
Location: Montreal, Canada
Posts: 50
Thanks: 0
Thanked 5 Times in 5 Posts
Default

Quote:
Originally Posted by yoplait View Post
I have good passwords, but as I can hear about you : There's nothing to do to add more security ?

I think about the script-kiddies which try some files, etc... If everybody tell me that they don't do anything more to protect the ispconfig interface, I can trust you. But, in my case, a friend of mine (co-"admin") is afraid about the security of this such software and I don't know if he's right or not and how ton convince him !
Its not going to be any safer with a commercial software, in fact with commercial software you dont know the code, with open source you do!

Just make sure you use Strong passwords.
Reply With Quote
  #5  
Old 12th January 2010, 19:04
yoplait yoplait is offline
Senior Member
 
Join Date: Dec 2009
Posts: 144
Thanks: 48
Thanked 14 Times in 11 Posts
Default

The comparaison was not done with commercial softwares, but now, it's more understood from me... It seems that nobody seems to put an htaccess on the ispconfig interface...

Thanks !
Reply With Quote
  #6  
Old 3rd February 2010, 21:37
N9XCR N9XCR is offline
Junior Member
 
Join Date: Jul 2009
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I'm with you yoplait. After a recent experience with my current web host (and my reason for moving to a colo solution), I would love to see a hosting control panel that takes an online banking security approach to panel security. I had a VERY STRONG password, yet the offenders still managed to get in somehow. They sure didn't get the password from malware on my computer or anything like that.

Chris
Reply With Quote
  #7  
Old 3rd February 2010, 21:43
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,405
Thanks: 834
Thanked 5,496 Times in 4,326 Posts
Default

So, which exact problem do you have with ISPConfig security? If you find a way to login to ispconfig without knowing the correct password, let me know and we will fix it. But I'am not aware of such a problem and there has be no such problem reported in ISPConfig till now.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #8  
Old 3rd February 2010, 22:02
yoplait yoplait is offline
Senior Member
 
Join Date: Dec 2009
Posts: 144
Thanks: 48
Thanked 14 Times in 11 Posts
Default

Hum ... just to be exact, I don't critiquize anything about ispconfig security ... I'm really not an expert in this domain : It was just for information .
Reply With Quote
  #9  
Old 3rd February 2010, 23:17
damir damir is offline
Senior Member
 
Join Date: Jun 2006
Posts: 375
Thanks: 11
Thanked 51 Times in 42 Posts
Default

You can always use ssl to encrypt the https traffic and as suggested use strong passwords.
Reply With Quote
  #10  
Old 3rd February 2010, 23:24
yoplait yoplait is offline
Senior Member
 
Join Date: Dec 2009
Posts: 144
Thanks: 48
Thanked 14 Times in 11 Posts
 
Default

already done .
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Ftp problems timeout reny2000 General 6 23rd December 2009 11:09
squirrelmail and postfix witoszek General 12 1st December 2009 18:07
Email login problems jinxster78 Installation/Configuration 2 30th December 2008 08:59
ISPConfig security Joffar Installation/Configuration 18 4th March 2006 03:49
Total Frustration-HELP palkat Installation/Configuration 17 3rd September 2005 17:28


All times are GMT +2. The time now is 00:27.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.