IP Blacklist

[verruckt]

In the IP blacklist section of the admin settings, could you also add a whitelist option? So that admins could be added.

And also, in the /var/log/directadmin/security.log, could it be changed to not show passwd's in plain text?

As you can tell, I had an admin get locked out. I was a little surprised to see the passwd in plain text.

 

[floyd]

I don't see any passwords in /var/log/directadmin/security.log Under what circumstances does a password show up in it?

 

[verruckt]

I don't see any passwords in /var/log/directadmin/security.log Under what circumstances does a password show up in it?

It showed up after an admin was locked out. I have the lockout feature enabled, and set for 5 attempts. It showed the date, time, username, and passwd that they attempted. Maybe i'm being overly concerned, just struck me as being odd.

 

[nobaloney]

If it wasn't a valid password, what's wrong with you seeing the password?

Jeff

 

[verruckt]

If it wasn't a valid password, what's wrong with you seeing the password?

Jeff

Sorry for the late reply. He was fat fingering the password and was only (in this case) one character off. I suppose if someone gained enough access to the system to view that directory, then it might be enough to guess at the password. I know, it's a stretch. But i guess mostly my issue is why show any password at all?

 

[icontact]

going back to the original question, is there a whitelist option?

I seem to be getting locked out every time I use Firefox to login even if I don't get the login incorrect.

 

[scsi]

There already is a whitelist option.

http://directadmin.com/features.php?id=705