Advise to use login_pre.sh

LawsHosting

LawsHosting

Verified User
Joined
Sep 13, 2008
Messages
2,405
Location
London UK
Re: http://www.directadmin.com/features.php?id=1223

I would advise you to use this script to protect your admin login. I have had some "Forgotten your password" requests from foreign IPs (actually referred from this forum).

Of course, this will only be useful to those with static IPs.

Just wanted to give a heads up, use my advice as you may please :)

Thanks
 
I would suggest to maybe bring to John attention via email, maybe from logs he can check which user it was and do something.

Regards
 
What do you mean by from this forum? Do you mean it was a referral or link from the forum? Since the forums are open, and since by design Google and other search engines are allowed to crawl it, that doesn't mean the person is a DirectAdmin user.

Jeff
 
nobaloney said:
What do you mean by from this forum? Do you mean it was a referral or link from the forum? Since the forums are open, and since by design Google and other search engines are allowed to crawl it, that doesn't mean the person is a DirectAdmin user.
Click to expand...
I mean, someone clicked my link from my signature (hence referral). I know it is probably my fault for putting my business in my signature, but that doesn't give anyone the right to mistreat it.

The referral was from: http://www.directadmin.com/forum/showthread.php?t=37111&page=1
 
Sorry i missunderstood :) But, if you got an ip maybe John should get a match on forum logs for check if he is a real user or just a guest of the forum and in case take "action".

Regards
 
PS. I use to disable the "forgot password" link, i prefer much to get a call from customer for a password change that allow anyone to require a new pass ;)

Just a suggestion

Regards
 
SeLLeRoNe said:
PS. I use to disable the "forgot password" link, i prefer much to get a call from customer for a password change that allow anyone to require a new pass ;)
Click to expand...
I did this afterwards, but a customer complained, so had to revert back. Clearly they don't save passwords :P

FYI, the offender was from Azerbaijan (Baku)
 
Thanks for your advice.

Peter Laws said:
I would advise you to use this script to protect your admin login. I have had some "Forgotten your password" requests from foreign IPs (actually referred from this forum).
Click to expand...

And how much successful was he in retrieving your password? Does he have an access into your emailbox and can read your messages? If no, why do you worry about that then? With the same probability it could be a customer of yours... is it forbidden to use "Forgotten your password" feature with a foreign login?

Note, I don't try to classify any actions as good or bad... I just want to bring to your attention that as soon as you use common names as logins into your services there will be always someone who would try to use them to get access.
 
Some of my machines get hit continuously by bots; I think it's just the nature of the Internet these days. We've been enforcing difficult passwords for most uses these days and we've advised our clients they need to use complex passwords.

Jeff
 
You must log in or register to reply here.
Back
Top