How to add security to ispconfig login ?

Discussion in 'Tips/Tricks/Mods' started by yoplait, Jan 10, 2010.

  1. yoplait

    yoplait Member

    Hi there,

    I have a debian with ISPconfig 3.0.1.6 installed.
    I can imagine that a cracker who has the ispconfig access could do anything he wants on the server. Do you have tips to add more security to this web login ? I'm searching for something more friendly than a .htaccess (or maybe you think that's THE solution ?).

    Thanks you for your advise.
     
  2. till

    till Super Moderator

    The ispconfig login is already secured against brute force attacks and uses salted password, just use a safe password.
     
  3. yoplait

    yoplait Member

    I have good passwords, but as I can hear about you : There's nothing to do to add more security ?

    I think about the script-kiddies which try some files, etc... If everybody tell me that they don't do anything more to protect the ispconfig interface, I can trust you. But, in my case, a friend of mine (co-"admin") is afraid about the security of this such software and I don't know if he's right or not and how ton convince him ! :p
     
  4. bluebirdnet

    bluebirdnet New Member

    Its not going to be any safer with a commercial software, in fact with commercial software you dont know the code, with open source you do!

    Just make sure you use Strong passwords.
     
  5. yoplait

    yoplait Member

    The comparaison was not done with commercial softwares, but now, it's more understood from me... It seems that nobody seems to put an htaccess on the ispconfig interface...

    Thanks !
     
  6. N9XCR

    N9XCR New Member

    I'm with you yoplait. After a recent experience with my current web host (and my reason for moving to a colo solution), I would love to see a hosting control panel that takes an online banking security approach to panel security. I had a VERY STRONG password, yet the offenders still managed to get in somehow. They sure didn't get the password from malware on my computer or anything like that.

    Chris
     
  7. till

    till Super Moderator

    So, which exact problem do you have with ISPConfig security? If you find a way to login to ispconfig without knowing the correct password, let me know and we will fix it. But I'am not aware of such a problem and there has be no such problem reported in ISPConfig till now.
     
  8. yoplait

    yoplait Member

    Hum ... just to be exact, I don't critiquize anything about ispconfig security ... I'm really not an expert in this domain : It was just for information ;) .
     
  9. damir

    damir New Member

    You can always use ssl to encrypt the https traffic and as suggested use strong passwords.
     
  10. yoplait

    yoplait Member

    already done ;) .
     

Share This Page