We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
how to avoid port 8083 always redirecting?
-
- Posts: 15
- Joined: Tue Feb 05, 2019 7:10 pm
- Os: Ubuntu 17x
- Web: apache
how to avoid port 8083 always redirecting?
Hi,
¿is it possible to avoid port 8083 always redirecting to VestaCP?
I mean, every single domain pointing to the IP where VestaCP is installed will ALWAYS redirect to main VestaCP. It has no sense to do that.
1. Security Issue: every domain hosted can be easily redirected to the panel, so not only CLIENTS, but regular visitors of the websites hosted can do a easy port check to see what ports respond and when they find the vestacp port its just a matter of time to break 1 user/password
1.2 should be implemented a more severe block after 3 wrong tries, and send a email with details after each wrong try, to the CLIEND and to the HOSTER
1.3 receiving lots of emails of failed tryes can make a diference in security (we tried using +2.000 proxy brute force and nothing stops it from finding passwords, it just retry and retry and retry again and again and again because vestacp has no security measure in that sense)
1.4 i cant force my clients to use a secure password. VestaCP should implement and force to use special caracters, numbers and capital letters in passwords, or not let the CLIENT use that password. Using WHMCS we can set passwords realy realy short and weak, that is a big security problem.
2. Cant access the rest of the servers virtualized over same machine. After lots of testing port 8083 will always redirect to "srv1", leaving "srv2" innacesible in browser. srv2 can be pinged, ssh, accesed ftp, responds to dns queries, sends emails, but it cannot be administrated using Web interface if it is virtualized in same machine and using same public ip.
3. Vestacp has no reseller option, and realy few options to limit the usage of the server (you cant limit cpu usage, ram usage in a per user base), so it could be very interesting to allow the creation of virtual OS within same machine allowing this way to limit a Reseller. But reseller will need to access a Web interface to administer his service, so port 8083 must not redirect always to the first server listening in the chain)
So ¿what can we do to avoid this strange behavior?
¿is it possible to avoid port 8083 always redirecting to VestaCP?
I mean, every single domain pointing to the IP where VestaCP is installed will ALWAYS redirect to main VestaCP. It has no sense to do that.
1. Security Issue: every domain hosted can be easily redirected to the panel, so not only CLIENTS, but regular visitors of the websites hosted can do a easy port check to see what ports respond and when they find the vestacp port its just a matter of time to break 1 user/password
1.2 should be implemented a more severe block after 3 wrong tries, and send a email with details after each wrong try, to the CLIEND and to the HOSTER
1.3 receiving lots of emails of failed tryes can make a diference in security (we tried using +2.000 proxy brute force and nothing stops it from finding passwords, it just retry and retry and retry again and again and again because vestacp has no security measure in that sense)
1.4 i cant force my clients to use a secure password. VestaCP should implement and force to use special caracters, numbers and capital letters in passwords, or not let the CLIENT use that password. Using WHMCS we can set passwords realy realy short and weak, that is a big security problem.
2. Cant access the rest of the servers virtualized over same machine. After lots of testing port 8083 will always redirect to "srv1", leaving "srv2" innacesible in browser. srv2 can be pinged, ssh, accesed ftp, responds to dns queries, sends emails, but it cannot be administrated using Web interface if it is virtualized in same machine and using same public ip.
3. Vestacp has no reseller option, and realy few options to limit the usage of the server (you cant limit cpu usage, ram usage in a per user base), so it could be very interesting to allow the creation of virtual OS within same machine allowing this way to limit a Reseller. But reseller will need to access a Web interface to administer his service, so port 8083 must not redirect always to the first server listening in the chain)
So ¿what can we do to avoid this strange behavior?