ispconfig admin security

Discussion in 'ISPConfig 3 Priority Support' started by tr909192, Mar 3, 2023.

  1. tr909192

    tr909192 Member HowtoForge Supporter

    hi,
    is there any way to increase the security of the admin account/interface? Something like restricting the IPs that can be used to login with admin accounts, 2fa, etc.
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Surely! You can enable 2FA for the admin account by logging in as admin and going to the Tools module. 2FA codes are send to the email address that is set in System > Main config > Mail > Administrator's e-mail.

    You can also whitelist just some IP's for the admin login by putting those IP's in this file: /usr/local/ispconfig/security/admin_ip.whitelist
     
    tr909192 likes this.
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Beside the things that @Th0m mentioned, the ISPConfig login is automatically protected against brute force password attacks and if you like, you can also change the name of the admin user to a different name by editing the users under System > CP users. But take care to only change the name of that user there and not any other settings to not break your system.
     
    tr909192 likes this.

Share This Page