How to add security to ispconfig login ?

Hi there,

I have a debian with ISPconfig 3.0.1.6 installed.
I can imagine that a cracker who has the ispconfig access could do anything he wants on the server. Do you have tips to add more security to this web login ? I'm searching for something more friendly than a .htaccess (or maybe you think that's THE solution ?).

Thanks you for your advise.

 

I have good passwords, but as I can hear about you : There's nothing to do to add more security ?

I think about the script-kiddies which try some files, etc... If everybody tell me that they don't do anything more to protect the ispconfig interface, I can trust you. But, in my case, a friend of mine (co-"admin") is afraid about the security of this such software and I don't know if he's right or not and how ton convince him !

 

Its not going to be any safer with a commercial software, in fact with commercial software you dont know the code, with open source you do!

Just make sure you use Strong passwords.

 

The comparaison was not done with commercial softwares, but now, it's more understood from me... It seems that nobody seems to put an htaccess on the ispconfig interface...

Thanks !

 

I'm with you yoplait. After a recent experience with my current web host (and my reason for moving to a colo solution), I would love to see a hosting control panel that takes an online banking security approach to panel security. I had a VERY STRONG password, yet the offenders still managed to get in somehow. They sure didn't get the password from malware on my computer or anything like that.

Chris

 

Hum ... just to be exact, I don't critiquize anything about ispconfig security ... I'm really not an expert in this domain : It was just for information .

 

You can always use ssl to encrypt the https traffic and as suggested use strong passwords.

 

already done .