security suggestion

[redunix]

Latly alot of ftp accounts are getting hacked cause of infected computers stealing login information. I was thinking about a way that would stop this from happening.

On first login in directadmin with a user account there should be some kind of popup or first page where your ip adres gets logged. You can then only access directadmin controlpanel and ftp with this ipadress. In admin level there should be a option to put this feature off on some accounts with for example, dynamic ip.

I think this would greatly increase security. Is this even possible?

 

[scsi]

There is a enforce harder passwords thing that you can implement. The only reason your ftp would get hacked is because people are using simple passwords.

 

[floyd]

There are reports of viruses stealing stored ftp login information. Hard to guess passwords would not help in this situation.

 

[tillo]

It also doesn't help to restric access by IP.
if the password gets stolen, it's because there is a malware in the customer machine. Right now that kind of malware sends the access data home and a central server does all the work, but if we restrict access by IP the virus writer will instead let the malware agent do the work from within the customer machine.

The one real solution is to get people aware of the risks of saving a password in their personal computer.

 

[scsi]

There are reports of viruses stealing stored ftp login information. Hard to guess passwords would not help in this situation.

Yeah I guess that makes sense.

 

[scsi]

I definately do not want this. Sometimes I am on networks where I cannot access directadmin and might need to ftp in. I do not want to have to login just to be able to use the ftp.

And you say that it logs your first ip? Alot more people are going to have dynamic ips than static. Also what about people who login from different places?