[Ft. Request]All 3rd party s/w only accessible via 2222

G

gunemalli

Verified User
Joined
Jul 22, 2009
Messages
83
Location
Sheffield, UK
Hey all,

I don't know how hard this will be, but it will certainly improve security on directadmin.

AFAIK, all DA 3rd party s/w (roundcube, phpmyadmin etc) are always accessible via /roundcube etc, which quite unsafe.

It would be great, if atleast phpMyAdmin was brought under the DA login, and disable the usual /phpMyAdmin login. So to access phpMyAdmin you have to loginto DA.

The reason is i found some traces of a script kiddie or someone like that trying access the /phpmyadmin and trying different things. Since DA doesn't monitor that login s/he's able to happily try everything.

Just my 2 cents.
 
gunemalli said:
Hey all,

I don't know how hard this will be, but it will certainly improve security on directadmin.

AFAIK, all DA 3rd party s/w (roundcube, phpmyadmin etc) are always accessible via /roundcube etc, which quite unsafe.

It would be great, if atleast phpMyAdmin was brought under the DA login, and disable the usual /phpMyAdmin login. So to access phpMyAdmin you have to loginto DA.

The reason is i found some traces of a script kiddie or someone like that trying access the /phpmyadmin and trying different things. Since DA doesn't monitor that login s/he's able to happily try everything.

Just my 2 cents.
Click to expand...
So everyone behind a corporate firewall can't read their webmail because port 2222 is blocked? :) Very handy indeed.. NOT ;)
 
Oh, i forgot that part. Cos I manage my company's firewall so didn't think about it. I'll think about some other possibilites in this regard and post again ;)
 
gunemalli said:
The reason is i found some traces of a script kiddie or someone like that trying access the /phpmyadmin and trying different things. Since DA doesn't monitor that login s/he's able to happily try everything.
Click to expand...
No reason why you can't change links in /var/www/html to do anything you want.

And of course you can monitor logs at /var/log/httpd/*log for any unusual activity.

Jeff
 
why not have the FW do this, cant anything be scanned to see where you keep things?
I'm looking at csf because it claims to watch for brute attacks on any of the services, and put a stop to the excessive tries.. :rolleyes:
As of late, seems All services are being hammered, much more than it used to be..
Jeff once said
"Hosting used to be fun" or something close lol
 
Last edited:
Hosting still is fun. Dealing with the challenges is what makes it fun. If it were easy it would not be fun.
 
DutchTSE said:
So everyone behind a corporate firewall can't read their webmail because port 2222 is blocked? :) Very handy indeed.. NOT ;)
Click to expand...
I don't see where the poster suggested that webmail required a DirectAdmin login. Am I missing something?

Jeff
 
AFAIK, all DA 3rd party s/w (roundcube, phpmyadmin etc) are always accessible via /roundcube etc, which quite unsafe.
Click to expand...

He specifically mentions /roundcube as being unsafe.

It would be great, if atleast phpMyAdmin was brought under the DA login
Click to expand...

Meaning that he would like to have at least phpmyadmin require a DA login but would like other things as well such as roundcube and other 3rd party software require a DA login.

Personally I do not know why it would be unsafe if a SSL connection was made which is a whole heck of a lot easier to do.
 
Personally I don't think that would be great. Others may certainly disagree :D.

Why should a site owner need to give complete account access to someone who only needs access to a MySQL database?

What I'd suggest is educating users to only use a secure connection to phpMyAdmin, or creating a redirect to force phpMyAdmin to use a secure connection.

Jeff
 
You must log in or register to reply here.
Back
Top