Security Flaw: I Don't think this is normal...
I followed the debian etch perfect server set up and have an updated ISPConfig running well, version 2.2.24 that is. Now I saw something I don't like while doing an FTP access...
I have like 5 domains hosted on my server with usernames and sites:
web1_user => domain1.com
web2_user => domain2.com
web3_user => domain3.com
Now here's the problem, I accidentally inputed domain1.com on cuteFTP and web3_user (notice web3_user not web1_user) as the username and put the correct password. Supposed to be it should return an error because web3_user is not the owner of domain1.com and shouldn't allow me to login, but what happened was I was able to login meaning the login info (which is wrong) was accepted. But when I was already logged in, the files which was showing was files from domain3.com.
How do I solve this so that when I FTP access domain1.com, only web1_user is allowed, using domain2.com only web2_use is allowed, and so on...?
Is this a security flaw, bug or error?