Arend

My feedback

  1. 483 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    61 comments  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →

    We have serious doubts this function can really increase server security:
    1) Plesk has built-in protection against brute-force on login – it will lock the login form. So no one can try multiple attempts
    2) Arbitrary login name adds very little guess-complexity to a proper password. If you have concerns for your login brute-forced – add another 5-7 characters into your password and feel safe.

    As changed login name is still very likely to be some sort of vocabulary word or derived from your other account name – this function would only give a false sense of better security. Your security strength is in complex password, not in a complex login name. If you have one good password, you don’t need to treat login as your “second password” – one good password is enough.

    As for concerns that default password requirement is set in “weak”, that fail2ban module is not…

    An error occurred while saving the comment
    Arend commented  · 

    Perhaps Plesk can make it that you can login by e-mailadres instead of a username. After all, the e-mailadress is already required.

    Arend supported this idea  · 
  2. 529 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    50 comments  ·  Feature Suggestions » Web  ·  Flag idea as inappropriate…  ·  Admin →
    Arend supported this idea  · 
  3. 68 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    open discussion  ·  13 comments  ·  Feature Suggestions » Plesk (general)  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Arend commented  · 

    ConfigServer Security & Firewall (csf) is a Stateful Packet Inspection (SPI) firewall, Login/Intrusion detector and Security application for Linux servers. Even more, it's available free of charge at https://configserver.com/cp/csf.html

    It's a solid application I have been working with for many years and has on-going support and updates. It has a user interface available for cPanel, DirectAdmin and Webmin, but sadly not for Plesk (although it can be managed via the console).

    I hope the Plesk team can consider adding CSF as firewall option. If not, it would be nice that we at least have a user interface available to manage it, when installed manually.

    Thanks for your consideration.

    Arend supported this idea  · 

Feedback and Knowledge Base