My feedback

3 results found

1. Change admin username

   543 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   68 comments  ·  Feature Suggestions » Security  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close
   open discussion  ·  AdminSergey L (CTO, Plesk International GmbH) responded

   We have serious doubts this function can really increase server security:
   1) Plesk has built-in protection against brute-force on login – it will lock the login form. So no one can try multiple attempts
   2) Arbitrary login name adds very little guess-complexity to a proper password. If you have concerns for your login brute-forced – add another 5-7 characters into your password and feel safe.

   As changed login name is still very likely to be some sort of vocabulary word or derived from your other account name – this function would only give a false sense of better security. Your security strength is in complex password, not in a complex login name. If you have one good password, you don’t need to treat login as your “second password” – one good password is enough.

   As for concerns that default password requirement is set in “weak”, that fail2ban module is not enabled by default or may consume extra resources, etc – they are much irrelevant here. If someone is not willing investing some time into setting better password, into changing password policy or into installing/enabling server protection – changed admin name will again be only a false sense of security. If a password is “1234567”, then login doesn’t really matter.

   We have serious doubts this function can really increase server security:
   1) Plesk has built-in protection against brute-force on login – it will lock the login form. So no one can try multiple attempts
   2) Arbitrary login name adds very little guess-complexity to a proper password. If you have concerns for your login brute-forced – add another 5-7 characters into your password and feel safe.

   As changed login name is still very likely to be some sort of vocabulary word or derived from your other account name – this function would only give a false sense of better security. Your security strength is in complex password, not in a complex login name. If you have one good password, you don’t need to treat login as your “second password” – one good password is enough.

   As for concerns that default password requirement is set in “weak”, that fail2ban module is not… more

   An error occurred while saving the comment
   Arend commented  ·  October 05, 2020  ·  Edit…  ·  Delete…

   Perhaps Plesk can make it that you can login by e-mailadres instead of a username. After all, the e-mailadress is already required.

   Save Submitting...
   Arend supported this idea  ·  July 21, 2019

2. Memcached support

   573 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   50 comments  ·  Feature Suggestions » Web  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close
   open discussion  ·  AdminPlesk Staff (Community Manager, Plesk International GmbH) responded

   Since Plesk Onyx you will be able to install memcache as a Docker container and configure http(s) proxy rule for it to map to your web app.

   Docker and proxy rules are available in Plesk Onyx Preview already, you can try it here https://talk.plesk.com/threads/plesk-onyx-preview-and-feedback.337172/

   SE

   Arend supported this idea  ·  July 21, 2019

3. Add-on Modul CSF Firewall

   77 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   15 comments  ·  Feature Suggestions » Plesk (general)  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close
   started  ·  AdminPlesk Staff (Community Manager, Plesk International GmbH) responded

   We are working already to add CSF support. It will be available in the one of the nearest releases.

   
   

   SE

   An error occurred while saving the comment
   Arend commented  ·  July 21, 2019  ·  Edit…  ·  Delete…

   ConfigServer Security & Firewall (csf) is a Stateful Packet Inspection (SPI) firewall, Login/Intrusion detector and Security application for Linux servers. Even more, it's available free of charge at https://configserver.com/cp/csf.html

   It's a solid application I have been working with for many years and has on-going support and updates. It has a user interface available for cPanel, DirectAdmin and Webmin, but sadly not for Plesk (although it can be managed via the console).

   I hope the Plesk team can consider adding CSF as firewall option. If not, it would be nice that we at least have a user interface available to manage it, when installed manually.

   Thanks for your consideration.

   Save Submitting...
   Arend supported this idea  ·  July 21, 2019