Big Security Problem

Discussion in 'General' started by vogelor, Mar 28, 2007.

  1. vogelor

    vogelor ISPConfig Developer ISPConfig Developer

    Just want to tell.
    some days ago some of the developer told me, that it is a big security-hole to store the password of the user in plaintext inside the DB.

    i think, we have a other big security-problem.
    if you send (or get) emails, the "normal" way is sending the data in plaintext. this means, if a user is the admin of the web and has a email-account, then he sends his passport every time he gets (or sends) emails.

    means if anybody can scan the "email-protokol" he can read the pwd of the admin and so connect to the server and change the files at the server (for example a php-script to get the account-data of the database used).

    it is NO problem for me to use SFTP because this is "FTP over SSH" and SSH has it's own fingerprint. but i can't generate a SSL-certificate for every customer i am hosting.

    so isn't it better, to separate the FTP from the email-user?
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Where is the security problem here? The email log does normally not store any passwords and you may use email over SSL and FTP over SSL or SCP if you want. Also you dont have to use the admin user for email if you want to have this separated.
  3. vogelor

    vogelor ISPConfig Developer ISPConfig Developer

    1) i do not mean the log. i mean the data send over "the wire". this data contains the username and the pwd used.
    2) you CAN use email over SSL but if you do this you
    a) need to know this (ask the admins of the server how many know this)
    b) need a SSL-certificate for each "mail-server" (normally every admin uses mail.<domain> means, and so on...
    so i don't think, many admins use email over SSL
    3) you don't have to use the admin user for the email but you can (and one again, i don't think, that many server-admins realize this problem!

    so what i want to say is:
    i know, that you have the possibility to make the server secure with ispconfig but i don't think, that many server-admins REALIZE this security hole and so uses this config and this means that their servers can easily be hacked!
    if you have "virtual" users -> one for ftp one for email and so on, than this is more secure because knowing the email pwd means NOT knowing the FPT-pwd! (and vice versa)

    i hope it is now easier to understand what mean.

    if not, please ask again!

  4. till

    till Super Moderator Staff Member ISPConfig Developer

    1) That's the case with all unencrypted protocols, that's why there are encrypted protocols as replacement. Do not blame ISPConfig for your personal server setup.
    2a) If you run a server, you should know this. If you dont know this, you should not run a ISP for other poeple.
    b) Thats not correct. You connect trough the central mailserver domain of the ISP and not trough personal mail domains. Thats like most ISP's are doing it.
    3) Thats your personal decision and not a problem in ISPConfig. You can also configure your linux root user without a password, is this a linux problem then? No.

    Thats not the case in my opinion. You may use separate FTP users if you want, as I posted above You can secure your connections if you want. Your customers use the login data that you send them.

    ISPConfig 3 has virtual users.

    [update] fixed a few typos.
    Last edited: Mar 29, 2007
  5. edge

    edge Active Member Moderator

    And if so....

    It's not the server that gets hacked, but the user(s) email / ftp account (it still sucks). As users do not have root access, no reall harm can be done to the server.
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Maybe a additional sidenote. I see the problem that vogelor describes, but I wont call it a big security problem in general and it affects any unencrypted email communication on the net and alsmost all users use unencrypted FTP, so it makes no difference if the cleartext password is in a FTP or smtp communication stream. If you want to read the cleartext communication, you must do a man in the middle attack. So you must either hack the client or the gateway of the client. In this case you may install a keylogger on the client as well and dont have to listen to the streams. The next possibility is that the target server is hacked, but then I dont need the client password anymore. The remaining possibility is that some of the routers are hacked, which is possible but does it really happen that often? I guess the telcos have some good security guys.
  7. vogelor

    vogelor ISPConfig Developer ISPConfig Developer

    first i don't want to blame anyone or anytinhg ISPConfig is a great tool and i am happy to have it.

    what i wanted is to tell that i think that it is a security problem having ONE pwd for several issues (especially if the pwd is sented in plain text)

    and i think it is very easy to install a net-sniffer programm. you only need (for example) a root-server - lets say at strato - to sniff the network traffic inside strato and so the "man in the middle" is no problem.

    ok it's only my opinion but i think, that many users use the admin of the web to also send and receive email and i am not really sure, if they know the problem.
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats not the case at larger hosters, they all use vlans. The computer magazine C'T has tested it in their last server provider test and all tested providers use vlans to prevent net sniffing.

    Maybe we can add some type of general setting that disables mail for all admin accounts if it is enabled in the server settings.
  9. mlz

    mlz New Member

    Actually Till, your right. Running a server is more then just putting software on a computer and thinking your the bomb. A vast amount of my time is spent working on security related issues. I wish I had a penny for everytime I hear that someone has been hacked because of the "server" No, more like the operator didn't do his job. Didn't stay aware of current security issues, didn't keep things up to date, didn't pay attention to what his clients have on the server, etc, etc, etc.

    Hosting is like any other profession. It takes time to learn, and time to become proficient. If someone out there is looking to get starting in hosting, I say grab ISPC, your favorite distro, and play with it, try to break the blasted thing, learn security issues and topics. It's by far the best way to learn. Then put it on the Public Internet and start accepting clients. Your churn rate will be lower, your stress will be lower, and you won't tick off half the people working on the Internet (the other half I firmly believe are scammers anyway! :D )

    This isn't a BIG security problem. It's a BIG education problem.

    Sorry, I'll get off my soapbox now... :D

Share This Page