disable admin-account e-mail password recovery

[Driesp]

Hello

I am concerned about the global "e-mail password recovery" feature in directadmin.
If a hacker could hack ones e-mail account,
and if the company has multiple directadmin servers with the "password recovery feature" enabled for its customers,
the hacker could gain admin access to their directadmin servers.

Maybe this could be a good feature to add
a disable "e-mail password recovery" for individual accounts only,
as for example, the "admin" account.

Kind regards
Dries

 

[LawsHosting]

Maybe a pass_recovery_pre.sh based on something like http://help.directadmin.com/item.php?id=384

 

[Driesp]

There is no 'pass_recovery_pre' thing.

What if your e-mail address is hacked.
They would have easy access to all directadmin servers.

Maybe it is handy to build in a 'disable admin password recovery'-feature.

 

[LawsHosting]

There is no 'pass_recovery_pre' thing.

I know there's not, that's why I suggested one so you can exit1 the "admin" name.

I did remove the link and template file once because of abuse, it didn't go down too well...... Seems everyone forgets passwords every day!

 

[SeLLeRoNe]

I agree with this.

+1 for this FR

Regards

 

[kevinb]

+1 As well.

The option should be to disable password recovery on all Admin level accounts.

Kevin