Today I would like to introduce a pre relaese of the upcoming 3.0.5.4p4 version to a broader audience. What's new in ISPConfig 3.0.5.4p4 This release introduces some interesting new security features and fixes several bugs in the remote API. Intrusion Detection System The ISPConfig interface now contains a IDS System to protect it against unknown threats and vulnerabilitys. The IDS System consists of a scan engine for POST, GET, COOKIE and SESSION variables based on PHPIDS and a SQL query scanner to detect SQL injection attacks. The IDS system does not replace any of the input and variable checks that are implemented in ISPConfig, the IDS adds a more generic check for all incoming variables in ISPConfig to build a second defense line. For now, the IDS system is configured to add warnings in the ISPConfig System log only and not to block attacks. If you like to block attacks in this version, set ids_block_level to a value between 5 and 20 in the security_settings.ini file. The checks are quite strict and we will probably have to whitelist some addditional variables to avoid false positive warnings to customers. Therefore I would like to ask you to help us to complete the whitelist. How whitelisting works: The IDS writes all alerts in whitelst file format to the file /usr/local/ispconfig/interface/temp/ids.log and the full warning message to the ispconfig system log in the interface. If you find that a alert is a false positive, then please post the alert message and line from ids.log here in the forum so we can check that and add it to the official whitelist. You can find a detailed description on the IDS settings in the security README file in the /usr/local/ispconfig/security/ folder. Note: This pre release reports itsellf still as 3.0.5.4p3, so dont be worried if you dont see a new version number. Detailed Changelog http://bugtracker.ispconfig.org/index.php?do=index&tasks=&project=3&due=82&status[]= Download http://www.ispconfig.org/downloads/ISPConfig-3.0.5.4p4-beta1.tar.gz Update instructions Code: cd /tmp rm -rf /tmp/ispconfig3_install wget http://www.ispconfig.org/downloads/ISPConfig-3.0.5.4p4-beta1.tar.gz tar xvfz ISPConfig-3.0.5-rc2.tar.gz cd ispconfig3_install/install php -q update.php
Hi and thanks for this update. I did a fresh install on a new server. Got the login page and logged in as admin/admin. Here is what I got : Any help ?
Thats a issue with the new security system whih seems to have a conflict with the rss feed that is aved in the sessions. As workarounf please edit: /usr/local/ispconfig/security/security_settings.ini and set the isd block level to e.g. 900
Thanks. I could login, but the whole thing is awfully slow. Is is related to the security stuff too ?
this might be. I dont have any delays here but I have a fast test server.you can try to turn off the ids completely in securiyt settings .ini file.
That was definitely it : everything is blazing fast after commenting these lines : ... but I understand it's a security risk, right ?
f you want to disable it, set: ids_enabled=no instead of commenting out lines. Yes. Not sure if I would call it as security risk as this function is just an additional security layer, so basically your system just dont use this additional protection then. The IDS is scanning all incoming variables so there it will take some additional ressources, but I will try to see if it can be further optimized.
problem thats i cannot acces is here too. If changing the security setting to 900 then its very slow. Now i've disabled ids.
Smallbug in bind_plugin.inc.php Hy there, there is a small bug for gentoo-users in the bind_plugin.inc.php (located in /ispconfig3_install/server/plugins_available/bind_plugin.inc.php) Line 120: ['bind_zonefiles_dir'].'/pri.' should be ['bind_zonefiles_dir'].'/pri/' the same bug in Line 154 ['bind_zonefiles_dir'].'/pri.' should be ['bind_zonefiles_dir'].'/pri/' please correct this, we are using ispconfig on a gentoo machine, and at the moment we correct it manualy .. thanks and best regards pp2000
