where is a manual of ispconfig 3? and what is a first step after install ispconfig 3 ? and i will setting perfectly with protection my ISP server help me thx
i have follow this link for installation http://www.howtoforge.com/perfect-server-debian-lenny-ispconfig3 and the installation is perfect, but i have configure postfix, clamav more particularity and more protection
You dont have to configure anything manually, it is all configured automatically by the ispconfig installer.
and after installation ispconfig3 the my server is ready for put online SERVER ISP? i have a fear the attack of the hacker noo?
Dude What are you on about?? Dude What are you worried about?? What security issues did you fix? The ISPconfig installer configures the mail server, and it is secure. Tell me exactly what security holes there are in a default setup. if you have to change things, install ISPconfig first, then make changes. And by the way, no product manual is going to tell you what to do after you mess up the mailserver installation.
if you go to http://your_ispconfig_ip/domain/ You shouldn't have access to there right? Can be that called a vulnerability
Tested on my server Debian lenny, ISPConfig 3.0.1 and I get a access forbidden (403). ISPconfig adds rules to protect these directories from being accessed directly for every site created in ispconfig. for example: <Directory /var/www/test.int> AllowOverride None Order Deny,Allow Deny from all </Directory> If this is not added in your configuration then you do not use ISPConfig 3.0.1 or you have modified the vhost templates. If you want to protect also directories not created or maintained by ispconfig, simply disable the debian default vhost.
I'm using 3.0.1 and I didn't modified the vhost templates. Where ispconfig adds the deny rules like <Directory /var/www/test.int> AllowOverride None Order Deny,Allow Deny from all </Directory> in test.int.vhost?
Yes, right at the beginning of the file before the vhost definition so that the definition is valid globally for all requests.
I found if I modify the site cfg, ispc adds that rule, I think it's because those sites were created with the previous version of ispconfig. Maybe the update tool should rewrites all the .vhost files.
yes i'm using 3.0.1 stable. after installing my server isp is ready for go? or after installing i must configura a single demon? for the best protection and functionally after installation in http://mtISP_domain:8080 which the first step ? add a user? add a client? add a domain? add a email?
Yes. Depends on what you want to do. Normally, you create a client first, and then you can create email addresses, web sites, etc.
