Dimitris

My feedback

  1. 360 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    44 comments  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →

    We have serious doubts this function can really increase server security:
    1) Plesk has built-in protection against brute-force on login – it will lock the login form. So no one can try multiple attempts
    2) Arbitrary login name adds very little guess-complexity to a proper password. If you have concerns for your login brute-forced – add another 5-7 characters into your password and feel safe.

    As changed login name is still very likely to be some sort of vocabulary word or derived from your other account name – this function would only give a false sense of better security. Your security strength is in complex password, not in a complex login name. If you have one good password, you don’t need to treat login as your “second password” – one good password is enough.

    As for concerns that default password requirement is set in “weak”, that fail2ban module is not…

    Dimitris commented  · 

    The usual suspect admin user names (admin/sa/root etc) are a common attack vector (especially for distributed attacks) and every half competent admin ought to restrict, disable or delete them. Even better, they present a wonderful opportunity to flag malicious people and direct them to some separate functionality that acts like a black hole to let them spin their wheels without endangering the server in any way.

    Dimitris supported this idea  · 
  2. 387 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    open discussion  ·  58 comments  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →
    Dimitris commented  · 

    Maintaining lists of IPs or even subnets by hand on multiple servers is neither practical nor secure enough. There are already projects that maintain such lists (honeypot, ip2location etc).

    Dimitris supported this idea  · 
  3. 772 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    open discussion  ·  144 comments  ·  Feature Suggestions » Mail  ·  Flag idea as inappropriate…  ·  Admin →
    Dimitris commented  · 

    Any news on this? It's been almost two years since the last update and the feature is still on top ten after 6 years.
    If I have to pay 450 euros per year to secure a mail server, I would rather give it for something like iredmail pro that comes with many many more features.

    Dimitris supported this idea  · 

Feedback and Knowledge Base