Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 28th March 2007, 14:44
vogelor vogelor is offline
ISPConfig Developer
 
Join Date: Jan 2007
Location: Wernau, Germany
Posts: 219
Thanks: 42
Thanked 34 Times in 24 Posts
Default Big Security Problem

Just want to tell.
some days ago some of the developer told me, that it is a big security-hole to store the password of the user in plaintext inside the DB.

i think, we have a other big security-problem.
if you send (or get) emails, the "normal" way is sending the data in plaintext. this means, if a user is the admin of the web and has a email-account, then he sends his passport every time he gets (or sends) emails.

means if anybody can scan the "email-protokol" he can read the pwd of the admin and so connect to the server and change the files at the server (for example a php-script to get the account-data of the database used).

it is NO problem for me to use SFTP because this is "FTP over SSH" and SSH has it's own fingerprint. but i can't generate a SSL-certificate for every customer i am hosting.

so isn't it better, to separate the FTP from the email-user?
__________________
Der neue Luxus heißt Zeit, nicht Geld!

Firma : http://www.muv.com, http://www.computerandservice.de
Privat : http://www.vogelor.de
Reply With Quote
Sponsored Links
  #2  
Old 29th March 2007, 09:32
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,405
Thanks: 834
Thanked 5,496 Times in 4,326 Posts
Default

Where is the security problem here? The email log does normally not store any passwords and you may use email over SSL and FTP over SSL or SCP if you want. Also you dont have to use the admin user for email if you want to have this separated.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 29th March 2007, 10:09
vogelor vogelor is offline
ISPConfig Developer
 
Join Date: Jan 2007
Location: Wernau, Germany
Posts: 219
Thanks: 42
Thanked 34 Times in 24 Posts
Default

Quote:
Originally Posted by till
Where is the security problem here? The email log does normally not store any passwords and you may use email over SSL and FTP over SSL or SCP if you want. Also you dont have to use the admin user for email if you want to have this separated.
1) i do not mean the log. i mean the data send over "the wire". this data contains the username and the pwd used.
2) you CAN use email over SSL but if you do this you
a) need to know this (ask the admins of the server how many know this)
b) need a SSL-certificate for each "mail-server" (normally every admin uses mail.<domain> means mail.muv.com, mail.ispconfig.org and so on...
so i don't think, many admins use email over SSL
3) you don't have to use the admin user for the email but you can (and one again, i don't think, that many server-admins realize this problem!

so what i want to say is:
i know, that you have the possibility to make the server secure with ispconfig but i don't think, that many server-admins REALIZE this security hole and so uses this config and this means that their servers can easily be hacked!
if you have "virtual" users -> one for ftp one for email and so on, than this is more secure because knowing the email pwd means NOT knowing the FPT-pwd! (and vice versa)

i hope it is now easier to understand what mean.

if not, please ask again!

Olli
__________________
Der neue Luxus heißt Zeit, nicht Geld!

Firma : http://www.muv.com, http://www.computerandservice.de
Privat : http://www.vogelor.de
Reply With Quote
  #4  
Old 29th March 2007, 10:32
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,405
Thanks: 834
Thanked 5,496 Times in 4,326 Posts
Default

1) That's the case with all unencrypted protocols, that's why there are encrypted protocols as replacement. Do not blame ISPConfig for your personal server setup.
2a) If you run a server, you should know this. If you dont know this, you should not run a ISP for other poeple.
b) Thats not correct. You connect trough the central mailserver domain of the ISP and not trough personal mail domains. Thats like most ISP's are doing it.
3) Thats your personal decision and not a problem in ISPConfig. You can also configure your linux root user without a password, is this a linux problem then? No.

Quote:
i know, that you have the possibility to make the server secure with ispconfig but i don't think, that many server-admins REALIZE this security hole and so uses this config and this means that their servers can easily be hacked!
Thats not the case in my opinion. You may use separate FTP users if you want, as I posted above You can secure your connections if you want. Your customers use the login data that you send them.

Quote:
if you have "virtual" users -> one for ftp one for email and so on, than this is more secure because knowing the email pwd means NOT knowing the FPT-pwd! (and vice versa)
ISPConfig 3 has virtual users.

[update] fixed a few typos.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.

Last edited by till; 29th March 2007 at 10:42.
Reply With Quote
  #5  
Old 29th March 2007, 10:43
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,036
Thanks: 268
Thanked 152 Times in 132 Posts
Default

And if so....

It's not the server that gets hacked, but the user(s) email / ftp account (it still sucks). As users do not have root access, no reall harm can be done to the server.
__________________
Never execute code written on a Friday or a Monday.
Reply With Quote
  #6  
Old 29th March 2007, 10:59
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,405
Thanks: 834
Thanked 5,496 Times in 4,326 Posts
Default

Maybe a additional sidenote. I see the problem that vogelor describes, but I wont call it a big security problem in general and it affects any unencrypted email communication on the net and alsmost all users use unencrypted FTP, so it makes no difference if the cleartext password is in a FTP or smtp communication stream. If you want to read the cleartext communication, you must do a man in the middle attack. So you must either hack the client or the gateway of the client. In this case you may install a keylogger on the client as well and dont have to listen to the streams. The next possibility is that the target server is hacked, but then I dont need the client password anymore. The remaining possibility is that some of the routers are hacked, which is possible but does it really happen that often? I guess the telcos have some good security guys.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 29th March 2007, 11:31
vogelor vogelor is offline
ISPConfig Developer
 
Join Date: Jan 2007
Location: Wernau, Germany
Posts: 219
Thanks: 42
Thanked 34 Times in 24 Posts
Default

first i don't want to blame anyone or anytinhg ISPConfig is a great tool and i am happy to have it.

what i wanted is to tell that i think that it is a security problem having ONE pwd for several issues (especially if the pwd is sented in plain text)

and i think it is very easy to install a net-sniffer programm. you only need (for example) a root-server - lets say at strato - to sniff the network traffic inside strato and so the "man in the middle" is no problem.

ok it's only my opinion but i think, that many users use the admin of the web to also send and receive email and i am not really sure, if they know the problem.
__________________
Der neue Luxus heißt Zeit, nicht Geld!

Firma : http://www.muv.com, http://www.computerandservice.de
Privat : http://www.vogelor.de
Reply With Quote
  #8  
Old 29th March 2007, 11:51
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,405
Thanks: 834
Thanked 5,496 Times in 4,326 Posts
Default

Quote:
and i think it is very easy to install a net-sniffer programm. you only need (for example) a root-server - lets say at strato - to sniff the network traffic inside strato and so the "man in the middle" is no problem.
Thats not the case at larger hosters, they all use vlans. The computer magazine C'T has tested it in their last server provider test and all tested providers use vlans to prevent net sniffing.

Maybe we can add some type of general setting that disables mail for all admin accounts if it is enabled in the server settings.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 29th March 2007, 17:07
mlz mlz is offline
Senior Member
 
Join Date: Dec 2006
Posts: 189
Thanks: 16
Thanked 9 Times in 9 Posts
 
Default

Actually Till, your right. Running a server is more then just putting software on a computer and thinking your the bomb. A vast amount of my time is spent working on security related issues. I wish I had a penny for everytime I hear that someone has been hacked because of the "server" No, more like the operator didn't do his job. Didn't stay aware of current security issues, didn't keep things up to date, didn't pay attention to what his clients have on the server, etc, etc, etc.

Hosting is like any other profession. It takes time to learn, and time to become proficient. If someone out there is looking to get starting in hosting, I say grab ISPC, your favorite distro, and play with it, try to break the blasted thing, learn security issues and topics. It's by far the best way to learn. Then put it on the Public Internet and start accepting clients. Your churn rate will be lower, your stress will be lower, and you won't tick off half the people working on the Internet (the other half I firmly believe are scammers anyway! )

This isn't a BIG security problem. It's a BIG education problem.

Sorry, I'll get off my soapbox now...
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sending e-mail using mail() function linuxuser1 HOWTO-Related Questions 38 21st April 2009 12:20
SE linux problem when security context is modified raj123 Technical 1 28th June 2006 08:57
ssh security problem... Jonathan Installation/Configuration 1 26th May 2006 01:59
problem with ssh security Jonathan Installation/Configuration 1 26th May 2006 01:52
Possible security problem bjmg General 2 15th March 2006 18:33


All times are GMT +2. The time now is 06:30.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.