In the sections Email and Sites, you can pick an arbitrary subdomain, of any of the domain names registered with ISPConfig, as "your" domain name and use it with priority. This just seems to be a major bug to me. E.g. customer A has registered the domain CUSTA COM and set it up with DNS and all that on ISPConfig. He reliles on the fact, that WWW CUSTA COM or ANYTHINGGOES CUSTA COM all are served by the wildcard. But instead, it is so that customer B can just come and register WWW CUSTA COM as his "domain" for emails or for his website. And the server will prioritize customer B over customer A with no sense of ownership. E.g. customer B could use the email address mike @ ACCOUNTING CUSTA COM and give off a false sense of identity. Or steal WWW CUSTA COM. I mean, this would be a nice feature for some domain that no one uses to provide free subdomains. But otherwise, it can't be good. Especially considering that my server also holds non-paying clients and people who I don't even know their real names of. And yes ... anyone can google your nameservers to get a pretty recent and accurate list of domains that run on your server. Just that easy. Sorry for the missing dots. The forum software is at fault.
As far as I can see, the domain module entirely disables the users freedom to add domains. This is not what I want at all. I want to disallow "stealing" subdomains from existing domains in the system. I have created a snippet for /usr/local/ispconfig/interface/web/sites/web_domain_edit.php and /usr/local/ispconfig/interface/web/mail/mail_domain_edit.php now: PHP: // CMPQ Domain Ownership check $this->dataRecord['domain'] = preg_replace('/[\.\ ]*$/', '', $this->dataRecord['domain']); $cmpq_tmp = array(); $cmpq_tld = preg_match_all('/[a-zA-Z0-9\-\.]+\.[a-zA-Z]+$/', $this->dataRecord['domain'], $cmpq_tmp); $this->dataRecord['domain'] = $cmpq_tmp[0][0];; // strip all weird stuff out first $cmpq_tld = preg_match_all('/[a-zA-Z0-9\-]+\.[a-zA-Z]+$/', $this->dataRecord['domain'], $cmpq_tmp); $cmpq_tld = $cmpq_tmp[0][0]; $cmpq_uid = intval($_SESSION["s"]["user"]["userid"]); $cmpq_isinsystem = false; foreach(array("dns_soa" => "origin", "mail_domain" => "domain", "web_domain" => "domain") as $cmpq_v => $cmpq_k) { $cmpq_insystem = $app->db->queryOneRecord("SELECT ".$cmpq_k." FROM ".$cmpq_v." WHERE sys_userid != ".$cmpq_uid ." AND ".$cmpq_k."='".$app->db->quote($cmpq_tld).($cmpq_k=="domain"?"":".")."';"); if(!is_bool($cmpq_insystem) && strlen($cmpq_insystem[$cmpq_k]) > 0) $cmpq_isinsystem = true; } if($cmpq_isinsystem) $app->tform->errorMessage .= "ERROR: Top Level Domain is already registered by someone else on this server.<br/>"; that goes into the function onSubmit() , into the clause if($_SESSION["s"]["user"]["typ"] != 'admin') .
