Hi there, I have a debian with ISPconfig 3.0.1.6 installed. I can imagine that a cracker who has the ispconfig access could do anything he wants on the server. Do you have tips to add more security to this web login ? I'm searching for something more friendly than a .htaccess (or maybe you think that's THE solution ?). Thanks you for your advise.
The ispconfig login is already secured against brute force attacks and uses salted password, just use a safe password.
I have good passwords, but as I can hear about you : There's nothing to do to add more security ? I think about the script-kiddies which try some files, etc... If everybody tell me that they don't do anything more to protect the ispconfig interface, I can trust you. But, in my case, a friend of mine (co-"admin") is afraid about the security of this such software and I don't know if he's right or not and how ton convince him !
Its not going to be any safer with a commercial software, in fact with commercial software you dont know the code, with open source you do! Just make sure you use Strong passwords.
The comparaison was not done with commercial softwares, but now, it's more understood from me... It seems that nobody seems to put an htaccess on the ispconfig interface... Thanks !
I'm with you yoplait. After a recent experience with my current web host (and my reason for moving to a colo solution), I would love to see a hosting control panel that takes an online banking security approach to panel security. I had a VERY STRONG password, yet the offenders still managed to get in somehow. They sure didn't get the password from malware on my computer or anything like that. Chris
So, which exact problem do you have with ISPConfig security? If you find a way to login to ispconfig without knowing the correct password, let me know and we will fix it. But I'am not aware of such a problem and there has be no such problem reported in ISPConfig till now.
Hum ... just to be exact, I don't critiquize anything about ispconfig security ... I'm really not an expert in this domain : It was just for information .