Results 1 to 6 of 6

Thread: 100% scoring on internet.nl and Mozilla Observatory for demo install

  1. #1
    Join Date
    May 2017
    Posts
    5

    100% scoring on internet.nl and Mozilla Observatory for demo install

    The current demo (demo.directadmin.com) isn't installed in a way that it shows it's full potential.

    Failed : Not reachable via modern internet address, or improvement possible (IPv6)
    Failed : Domain name not signed (DNSSEC)
    Failed : Connection not or insufficiently secured (HTTPS)

    and

    Content Security Policy: Content Security Policy (CSP) header not implemented
    HTTP Strict Transport Security: HTTP Strict Transport Security (HSTS) header not implemented
    Referrer Policy: Referrer-Policy header not implemented (optional)
    X-Content-Type-Options: X-Content-Type-Options header not implemented
    X-Frame-Options: X-Frame-Options (XFO) header not implemented
    X-XSS-Protection: X-XSS-Protection header not implemented

    More info: https://en.internet.nl/site/demo.dir...in.com/156836/ and https://observatory.mozilla.org/anal...irectadmin.com

    Wouldn't it be great if the demo install would just score 100% and 'A'?

  2. #2
    Join Date
    Aug 2015
    Posts
    302
    What is your point?
    It is just a demo.
    Some other control panels (Plesk) doesn´t have a official demo.
    Cpanel have a online demo and score is also "bad" https://en.internet.nl/site/demo.cpanel.net/156847/, but again it has nothing to do with the potential of a control panel.

    When you use DirectAdmin it is up to you to install it and get a 100% score on your domain/the domain you use for your panel.
    Kind regards, Fred

    Alentejo Webdesign
    Webdesign with Passion is what we do
    Web development, Hosting, Speed Optimizing & More......

  3. #3
    Join Date
    May 2017
    Posts
    5
    Some items, like good DKIM, DANE etc. are quite hard. Configuring the demo site correctly can illustrate how you can actually achieve it, as in the demo all settings are also visible.

    Never measure yourself on the badness of others, just do it better so they can measure themselfs to you.

  4. #4
    Join Date
    May 2014
    Location
    Netherlands Germany
    Posts
    344
    Quote Originally Posted by William View Post
    Some items, like good DKIM, DANE etc. are quite hard. Configuring the demo site correctly can illustrate how you can actually achieve it, as in the demo all settings are also visible.

    Never measure yourself on the badness of others, just do it better so they can measure themselfs to you.
    You mean in Combi with a kind of howto documentation?

    But these could be for a lot of sites / cms very different! ( not directly DA related)

    Content Security Policy: Content Security Policy (CSP) header not implemented
    HTTP Strict Transport Security: HTTP Strict Transport Security (HSTS) header not implemented
    Referrer Policy: Referrer-Policy header not implemented (optional)
    X-Content-Type-Options: X-Content-Type-Options header not implemented
    X-Frame-Options: X-Frame-Options (XFO) header not implemented
    X-XSS-Protection: X-XSS-Protection header not implemented
    Therefore https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

    IPv6 is very Hosting depended
    DNSSEC also.
    Last edited by ikkeben; 02-13-2018 at 11:35 AM.
    DUTCH GERMAN, GERMAN DUTCH

  5. #5
    Join Date
    May 2017
    Posts
    5
    Quote Originally Posted by ikkeben View Post
    You mean in Combi with a kind of howto documentation?

    But these could be for a lot of sites / cms very different! ( not directly DA related)
    Yup.

    And some stuff isn't by default correct yet, such as Let's encrypt certificates of the mailserver-SSL.
    (wishful thinking) If the demo is made 100% all these items will get noticed and fixed.

  6. #6
    Join Date
    May 2014
    Location
    Netherlands Germany
    Posts
    344
    Quote Originally Posted by William View Post
    Yup.

    And some stuff isn't by default correct yet, such as Let's encrypt certificates of the mailserver-SSL.
    (wishful thinking)
    Depends of settings the real mailserver is normally your server / hostname.
    And how you name that mailserver/hostname mx records and so on, that also depend on Hoster what for posssible options and DNS options they have or not have.


    But not everyone is using this real mailserver / hostname in mailsettings.

    I think it should while this is how it really is all other is "virtual" ... and wishfull thinking yes for that domain holder/user i have my own mailserver....

    That is how i see that part, yes you can get some dovecot sni, exim and other setting a kind of virtual for the domain itself but the box ( mail hostname) that is handling with needed reverse ptr ipv4 and ipv6 is the real one

    There is no ( only 1 right) default for that only maybe more to choose from defaults, you have to sett yourself then with option choose and or dropdowns...


    So more example with different configs and settings could be right or even wrong on that intenet.nl, a lot of "government"and big company sites are not even close of 100%

    I myself don't want have 100% there while dnssec s...cks to much risk someone make a mistake somewhere on the web and ....
    https://ianix.com/pub/dnssec-outages.html be4 very very carefull with that and with wich company's and technologys you are working with dnssec overall....

    Even this site has now 14-02-2018 a 503 error don't know this is related but that guys are...
    https://dnssec-name-and-shame.com/
    Service Unavailable

    The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
    The said before of this own site
    Known good examples https://dnssec-name-and-shame.com/

    The organizations and companies working with DNSSEC are of course signed - follow their example!
    As you can read even they did had real problems outage as specialists..
    https://ianix.com/pub/dnssec-outages...sec-tools.org/
    This page gives some details on the dnssec-tools.org DNSSEC outage from January 25 to January 26, 2018.
    Last edited by ikkeben; 02-14-2018 at 09:11 AM.
    DUTCH GERMAN, GERMAN DUTCH

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •