From: Jeff S. <ne...@si...> - 2013-08-01 19:06:33
|
On 08/01/2013 02:59 PM, Joel Davidson wrote: >> Completely agree. In my opinion the security within MH is a joke, it is >> there to prevent authorized users from accidentally ending up where they >> shouldn't be, but it does a poor job of securing against hackers. >> >> The easy solution for me was the following: >> - Apache2 server >> - ProxyForward >> - Apache Directory Authorization >> - SSL (if you are accessing MH from a public connection) >> - Fail2Ban >> >> I use the proxyforward module in apache to proxy access to the MH port >> through the regular port 80 of my web server. Access to the domain that >> directs to MH is password controlled. If you enter a bad password three >> times Fail2Ban blocks access from your IP for 15 minutes, do it again and >> you are out for 2 hours ... Escalating to a permanent ban. >> >> I would not want to be the person who tried to secure MH. Instead, I think >> we are better served relying on well established programs to maintain this >> security. I also agree about not relying on MH security. I took an entirely different approach and used VNC over SSH. Really straightforward to setup, really secure, and very generic (full remote access to anything on the network rather than just MH). Jeff |