This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

2-factor authentication - How can this be implemented?
#1
2-factor authentication - How can this be implemented?
As of today I have now had 3 sites on my cpanel server compromised. All 3 sites where compromised in different ways.

1. too easy of an email password
2. setup email through cpanel even though client was using google apps
3. logged into cpanel with client password and added addon sites that were phishing attempts that pointed to google drive pages.

These are just three examples that happened to my clients in just the past 4 weeks. I'm a bit stressed out over it too. No one wants to be losing clients.

How do I or is there a way to add 2-factor authentication to zpanel/sentora logins? Changing passwords does me no good if the client's email account is compromised and the passwords are sitting in it.

I didn't post this under support because to my knowledge this is not a built in option.
Reply
Thanks given by:
#2
RE: 2-factor authentication - How can this be implemented?
The simplest way would be to notes the IP addresses. So if the user tries to login with an IP address they have not used before then it sends a text message to their phone with a second compulsory password.

Do able but i cant see us doing that for this current version. Deferentially in the next version though Smile

If you really want it you could hire some one i guess :p
Reply
Thanks given by:
#3
RE: 2-factor authentication - How can this be implemented?
Another solution would be to lock access only for one IP you have on another server.

Then setup on this server OPEN VPN or such VPN services ( you can use a cheap VPS ). Any customer need to login to VPN so he can access control panel.

That would offer 2 security layers BUT it's not 2 factor authentification like with phones. Easier to implement and may work with many services and stop bots.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask

200$ free to start your VPS 60 days credit
Reply
Thanks given by:
#4
RE: 2-factor authentication - How can this be implemented?
Thanks for the replies and while the ideas could help I have a list of reasons why locking down by IP or using a VPN wouldn't work for my situation.
Reply
Thanks given by:
#5
RE: 2-factor authentication - How can this be implemented?
(09-04-2014, 10:00 PM)Me.B Wrote: Another solution would be to lock access only for one IP you have on another server.

Then setup on this server OPEN VPN or such VPN services ( you can use a cheap VPS ). Any customer need to login to VPN so he can access control panel.

That would offer 2 security layers BUT it's not 2 factor authentification like with phones. Easier to implement and may work with many services and stop bots.

M B

I got to add another hacked client to my list this past Thursday. Cpanel password compromised and then used to send spam. Needless to say I reset all passwords for everyone.
Reply
Thanks given by:
#6
RE: 2-factor authentication - How can this be implemented?
One of the future improvement we might add here is limiting SMTP sending per user. That would render any hacking to spam contained and would raise alerts quickly. But require some changes in mail stack and a lot of time.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask

200$ free to start your VPS 60 days credit
Reply
Thanks given by:


Forum Jump:


Users browsing this thread: 4 Guest(s)