how add ReCAPTCHA Google or similar to hestia login?
I was hacked somehow. ssh access open only local area network. in logs journalctl see hacker actions in control panel.
or how to improve the protection
how add ReCAPTCHA Google or similar to hestia login?
I was hacked somehow. ssh access open only local area network. in logs journalctl see hacker actions in control panel.
or how to improve the protection
There is a ZERO change to acquire more protection through ReCAPTCHA. What it does is to simply detect the activity of an user trying to login and commands him to do something. Thats it. It prevents bots and automated scripts, etc. who will be prevented to make a call to the panel scripts.
So you need to change area of trouble shooting somewhere else. First, identify how your server was hacked.
The chances are less that a hacker entered the system using Hestia panel. Check out other scripts on the system to identify and remove them.
You could install CSF for additional security and configure many things to stop a hacker making attempts in different ways and track him.
You could use Cloudflare to prevent a hacker through their free DNS + proxy system and IP firewall and use it to proxy the inbound traffic.
You could not only change the port to access Hestia but also enter your router IP in the iptables trough CSF or Hestia and block access by any hacker on that port. This solution will make Hestia 100% secure but will not help, if there are other scripts vulnerable and allows a hacker to gain root access.
Alternative, you could turn off Hestia service and accept disadvantage of all activities Hestia performs. Then, you will have to manually configure and execute these activities, when you need it to be executed.
@Deepak is right…
By default Hestia has some “security” checks:
If some body is able to bypass 1 + 2 + 3 with a reasonable strength password (8 chars containing upper and lower case letters and numbers call me. These requirements are enforced for Hestia)
Also our generated password are currently 16 chars…
To be honest for VestaCP currently the weakest spot is not the login but the password reset function.
Eirs, how about creating an optional activation and deactivation of the password reset function from CLI —> hestia.conf as an option that could only be executed by sudo root? This will not allow something like hijacking of the webmail subdomain vulnerability patched earlier.
the from @eris written issue has already been fixed in hestia, there is no additional validation or secueity function needed.
@Deepak We have all ready a option in UI to disable the in the UI.
Only for a strange reason the check doesn’t go trough the /reset/ path…
We have changed the forgot password procedure…
Oh my god, Eris! Thank you for pointing this out. Then I need to have this feature poured in my shell framework to deactivate it everywhere. I still have not visited so many areas. You guys have done such a lot of work! Just amazing.
I am so pleased to move to Hestia… No doubt that this is the best panel and the best group of developers…
Made a quick pull request
Please check
Mainly the security tab has some new options regarding security
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.