New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
My actions:
@Damian thank you for your fast and clear communication. Getting things sorted by receiving a email is easier than guessing what might had happen and what I might have to do.
@next_provider
You now know what you have to do if such things happen.
We get so much stick about these. Nobody seems to like them but in cases like this they can be useful.
is not it enabled by default?
They were randomized, but I don't know about complexity, as that's either a WHMCS or Solus function; I don't know where the Solus login password gets generated.
It would appear so, but changing your password is requested anyway.
It is, but I think that people can turn them off if they want to.
It is and it's important to leave it on. At least you will know if someone logs in to your account. Even if the intruder turns it off you will still get the initial login alert.
And you are able to change the email address for this notification. I have switched all solus accounts to a new email address. There might be a lot emails but you can sort them by sender and then can delete them after checking the number of logins per day/ip address.
It is all about email filters :-)
For existing accounts, The best route is to whitelist at login. Fire off a new IP confirmation email to the account email then allow the user to now login plus the option to whitelist the ip for a year. This is the perfect combo of security and convenience.
@bdtech apart from those unlucky folks who own a dynamic IP in the UK?
Or perhaps you could use a VPS as a OpenVPN connection and just tunnel, but then you have the problem of 'what if that VM goes down?' -- Having a third measure to reset the IP would have to be implemented, lots of work, and heck, it's a VM panel, honestly, I'd just change the password t o something pathetically hard to guess like
SL*£YOI"£!*(YSDJFBUBXCN$!"$
set it as that, then just reset whenever I need to login to the panel.how did you guess my password?
@eastonch it's better than getting an email for every single login. And also most dynamic ip's at home are held for weeks or months. I believe linode also uses the whitelist once method for login.
@Bogdacutuu russian swear words everytime.
@bdtech not really... lots of them release after 72 hours. Why do you need to login to your solusVM panel every day? Once it's setup, there's no need, the client area generally has all BW statistics on it anyway, and you get API key get the rest.
@24khost Russian to Polish to Base64 to Binary, works. every. time. throw a bit of welsh in there, super fun encryption
@eastonch I'll buy that for a dollar!
@24khost incoming PHP with google API translation...
Exactly. As annoying I found it at first, it's actually a really powerful feature.