Alert: Security alert from server?

Discussion in 'General' started by ang3lx, Aug 21, 2014.

  1. ang3lx

    ang3lx Member

    this night I received 2 mail

    body is:

    The number of ISPConfig administrator users has changed. Old: 0 New: 1


    The number of ISPConfig administrator users has changed. Old: 1 New: 0

    what means this "automatic" change? :confused:

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Most likely a false positive caused by a mysql connection error. I'am currently improving the check to avoid that.
  3. Nap

    Nap Member

    @till, the same happened to me today (0->2/2->0). I noticed that at the same time I could not connect to MySQL, so I rebooted the server and everything's fine. I have 2 users defined as administrators.
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats a false positive due to the MySQL unavailability. I guess i have to add an additional check so that a 0 result is not counted when mysql goes offline while the script runs.
  5. cbj4074

    cbj4074 Member

    Hi, Till,

    Just ran into this myself, and as you suggested, it's a false-positive that results from intermittent database connectivity.

    Unfortunately, I'm unable to hit from my current connection (due to firewall rules); otherwise, I'd check to see if there is an existing issue on the tracker (and create one if not).

    I suppose I will check when I get home in a couple hours. It'd be great to see this fixed. :)
  6. Nap

    Nap Member

    Though its described as a 'false positive', in my case, due to memory issues, mysql was shutdown. ISPConfig runs a security check every minute through CRON.

    This is not a bug in ISPConfig. The issue is to determine and fix the reason for losing connectivity to the database.

    Hope this helps,
  7. cbj4074

    cbj4074 Member

    Hi, Nap. Thanks for the follow-up.

    Respectfully, I must disagree that this is not a bug in ISPConfig. The behavior should be exactly as Till describes above: a connection failure to MySQL when attempting to check the number of administrators should not trigger a change in the reported value.

    In my particular case, I stopped MySQL intentionally. There are plenty of valid reasons for which one may wish to stop MySQL, and very few of them, if any, warrant a security-related warning from ISPConfig.

    This feature's intention is to check the number of ISPConfig administrators on the system and warn the system administrator if the number changes. If ISPConfig cannot connect to MySQL, it cannot possibly know if that number has changed, as the value is stored in the database. Consequently, this is a bug and the behavior should be modified to account for the possibility that the database is unreachable.

    And for the record, this isn't a case of "haters gonna hate!" I love ISPConfig and devote a lot of my time to its improvement. :)
  8. cbj4074

    cbj4074 Member

Share This Page