hello
that's a problem that can happens when users are allowed to change their domain addresses:
1) you have 127.0.0.1 as a nameserver
2) user add domain directadmin.com (or whatever domain is used to get updates from)
3) he put the right files on his homedir
4) I try to update DirectAdmin and, instead, will get the files he prepared... and it can be a trojan/rootkit of course
it can happen with freebsd updates too
so I'd like to know:
1) Is it possible to not let user change their domain names?
2) Is it possible to alert the admin on domain changes?
(in case the last one isn't possible yet, is there a log file with that info so I can make a script to monitor it?)
that's a problem that can happens when users are allowed to change their domain addresses:
1) you have 127.0.0.1 as a nameserver
2) user add domain directadmin.com (or whatever domain is used to get updates from)
3) he put the right files on his homedir
4) I try to update DirectAdmin and, instead, will get the files he prepared... and it can be a trojan/rootkit of course
it can happen with freebsd updates too
so I'd like to know:
1) Is it possible to not let user change their domain names?
2) Is it possible to alert the admin on domain changes?
(in case the last one isn't possible yet, is there a log file with that info so I can make a script to monitor it?)