1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Login plesk 'admin' lock attack possible ?

Discussion in 'Plesk for Linux - 8.x and Older' started by BoXie, Feb 1, 2006.

  1. BoXie

    BoXie Guest

    0
     
    Hi,

    Is this possible ? If yes ... please fix this a.s.a.p. !!!!

    Situation:
    -------------
    I look for a Plesk hoster find his login-screen and start a login procedure for 'admin' every 20 seconds. After X-times .. admin account will be locked for about 30 minutes.

    After that I go back and lock the admin account again (by logging in 3 times with wrong credentials.).

    This way, Plesk admin's cannot access their Plesk anymore (at least .. not that simple).

    Can Plesk hosters be harassed like this in combination with a simple script ?

    SO: is admin-locking IP-sensitive or not ?

    If not --> serious problem.
     
  2. serve-you.net

    serve-you.net Guest

    0
     
    You can lock down admin logins to use a blacklist whitelist if you go to SERVER->ACCESS. If someone were to try this, you could simply blacklist their IP, or whitelist your own range, and block everyone else. The server admin can always unlock a session by removing it from the DB as well.

    Just like any DoS attack, mitigation at the network level is key.
     
Loading...