Welcome Guest. Please Login or Register  
Client Area  |  Softaculous Cloud  |  Calendar  |  Quick Links  |  
   


You are here: Index > Webuzo > Suggestions > Topic : Security on Webuzo Log In to Increase



Normal Mode | Print  

 Security on Webuzo Log In to Increase (9 Replies, Read 9573 times)
peopleinside
April 14, 2016, 8:17 am
Group: Member
Post Group: Super Member
Posts: 1394
Status:

Open source, web and security passionate 		Hi,
today I was testing Wordfence plug in on my Wordpress.
In particular BAN IP function.

I have found maybe a BUG on that plug in but also issue with Webuzo.
IF I BAN manually an ip in Wordfence plug in and I have performance setup active in Wordfence ... the banned IP will not see the Wordfence ban page but are redirected I don't know where in the VPS.

The issue with Webuzo is, in my case for two website ... the banned IP is redirected to the Webuzo Default Page who give information to the BAD user about my admin panel (Webuzo) on my server so Hacker can now know I AM using Webuzo and Can see where the log in page is as is showed into the Webuzo default page.

If that Hacker made a robott guess username and password how Webuzo can defend from it?

  • I cannot BAN an IP only in the admin side BUT I have to ban in all server and website
  • I cannot ban with a custom message who says to the user to contact support for example
  • I cannot have two step verification
  • I AM not informed by email if some one have access to Webuzo Admin area.
So I think you should improve security.Also if some one try to access by guessing password are banned temporarly from Webuzo access area or can continue to guess password?



-----------------------
PeopleInside  :angel:

Web, security, open source passionate.
IP: --   


Threads
 peopleinside   Security on Webuzo Log In to Increase (9 Replies, Read 9573 times)
    |--  peopleinside   Maybe for Two...   on April 14, 2016, 11:21 am
    |--  webuzo_manager   Hi peopleinsideit ,...   on April 25, 2016, 5:44 am
    |--  peopleinside   You can set...   on April 25, 2016, 8:30 am
    |--  webuzo_manager   Hi peopleinside, Also...   on April 25, 2016, 10:22 am
    |--  peopleinside   Thanks, as for...   on April 25, 2016, 3:50 pm
    |--  fintec-mgmt   Webuzo wont even...   on May 5, 2016, 11:46 am
    |--  webuzo_manager   Hi fintec-mgmt, Webuzo...   on May 31, 2016, 6:47 am
    |--  peopleinside   Hi fintec-mgmt, Webuzo...   on May 31, 2016, 7:22 am
    |--  peopleinside   I noticed special...   on May 31, 2016, 7:37 am

« Previous    Next »

Normal Mode | Print  



Users viewing this topic
1 guests, 0 users.


All times are GMT. The time now is April 27, 2024, 8:29 pm.

  Powered By AEF 1.0.8 © 2007-2008 Electron Inc.Queries: 11  |  Page Created In:0.028