Could Not Login as Admin - Possible attack detected....

I could not login today as admin to ispconfig. I only got "Possible attack detected. This action has been logged.". After clearing cookies, it started login but on submit, same problem.

After searching out the forum, I found the way to whitelist the cookies in another thread and was then able to login to ispconfig again as admin afterward but am concerned that there is some problem with "mixpanel" as in the log below.

Do I need to do anything else to make sure that this is not going to keep happening? Thank you guys for your help. It seems like this is a cookie set by ispconfig in something called mixpanel whatever that is...

Richard

a few of the LOG ENTRIES from /usr/local/ispconfig/interface/temp/ids.log
----------------
any:/index.php:COOKIE.mp_26433277a36e1c21e20a91a7c2bb8f55_mixpanel
any:/index.php:COOKIE.mp_26433277a36e1c21e20a91a7c2bb8f55_mixpanel
any:/index.php:COOKIE.mp_26433277a36e1c21e20a91a7c2bb8f55_mixpanel

 

Okay! Apparently this is a bigger problem than I thought! It now affected both my servers, same problem and same log entries!

In addition, when I tried logging out and back in afterwards it had a similar problem and added the login/index URL to the ids.log:
any:/login/index.php:COOKIE.mp_26433277a36e1c21e20a91a7c2bb8f55_mixpanel

It does login without the /login/ in the URL so the whitelisting does work for now.
Richard

 

I wish i would try to help you, Sir, but do not know, what the mixpanel is and why cookies are envolved.

Some fool proofing: maybe to disable this somewhat 'mixpanel'?!

 

What also entered my mind:

• namely about possible attacks -
  
• (recommended by vulture hosting co)
  == Portmapper servers ==
  firewall rules to block port 111 on both UDP and TCP:
  

• change your ISPConfig 3 port from default 8080 to desired one