WebSite X5Help Center

 
Axel  
Axel  
User

To provide more security to the admin panel access which is poor with that !  en

Author: Axel  
Visited 1212, Followers 1, Shared 0  

Hello Incomedia,

Today all software and application send an email to the administrator when someone is connected on the admin panel of the application.

But WSX5 does not sent anythingyell, and it should be urgent to add this security checking to avoid some bad connections on the admin panel.

And like the admin panel is always based on same structure like www.domain.com/admin any WSX5 user can try to do an access to other WSX5 user website !!!!! ... Not very secure too surprised 

So a very best solution should be to have possibility to customize the directory for the admin panel like:
www.domain.com/mypersonalpanel_01/admin 

And in this case the access security should be more enforced and secured

Hope to see these features before 10 years because it is really actual !foot-in-mouth

Enjoy!
Axel

Posted on the
4 ANSWERS
Claudio D.
Claudio D.
Moderator
Best User of the month IT

Ciao Axel !

Premesso che per accedere al pannello di controllo si dovrebbe conoscere sia la mail dell'admin che la sua password..., anche se , ovviamente, potrebbero essere entrambe intercettate da keylogger ; l'attacco brute-force lo escluderei a priori per questioni di tempo...

..penso che, fare per fare, sia meglio avere l'autenticazione a 2 fattori (2FA) tramite token a tempo (OTP) , che non una semplice mail di avviso; questo si, aumenterebbe realmente la sicurezza, 

se poi aggiungono anche la notifica via mail... ben venga.

...parere personale... 

buona giornata

Claudio.

Read more
Posted on the from Claudio D.
Axel  
Axel  
User
Author

@Claudio,

Brute force attack is easy because there is not alert after x bad logins... So you can spend a long time with a robot/script to do that.

This alerting could be also added by Incomedia, to block the login after 3 errors for 3 mn by example for each bad login and this delay is added to the previous: 3 mn + 3 mn + 3mn ... very efficient too.

And agree with the 2FA authentication.

Enjoy!
Axel

Read more
Posted on the from Axel  
X5 Croatia
X5 Croatia
User

Axel great advice to Incomedia... I have also problem with X5 micro cms for clients... Somethimes work login sometime not... Bugi...

Read more
Posted on the from X5 Croatia
Incomedia
Elisa B.
Incomedia

Hi!

I confirm I have reported your suggestion. 

Thanks! Kind regards.

Read more
Posted on the from Elisa B.