New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
you can even have cloudflare in cPanel frontend UI, definitely supports.
Wouldn't that mean that customers' login details would be passed via a third party?
FULL SSL should do the work , aint?
Mhm
Yes, I've heard of people doing this with SSL cpanel login so I'm pretty sure it's possible.
Thanks We shall see..
Not really, no.
Because the SSL is terminated on the Cloudflare server and then another SSL session is created to your server, so Cloudflare processes unencrypted data.
Well hm. What about STRICT SSL? I got a valid cert. Cloudflare website says thats the most secure option. What do you think?
It's the most secure option but it's not really secure for the reasons @Clouvider gave you.
Then all website who use cloudflare free ssl , actually not secure? If they use strict or full.
They are not secure from CF spying even if they use the Enterprise Keyless SSL. CF insists on MITM capability, apparently.
Of course, there's a decently good reason for this, without MITM there can be no caching either. So it would make no sense whatsoever to use CF other than inflating bandwidth bills.
Well i thought CF is safe to use , and better to use then a simple valid ssl cert. I thought cloudflare + valid cert = Better protection.
Well you were wrong then, weren't you?
CF (and anyone who can break CF's security) can always spy and inject data into HTTPS pages.
Well. I will rethink then. But for now i use CF with STRICT..
Login details is nothing. I've seen several hosts taking card payments through CF. How they file in their PCI DSS self-assessment or how they pass their audits - I don't know.
So for login detals are okay? I dont think card payments are could be secure with cloudflare...
Only one that can spy on you is CF. Whether they get hacked, by their own will or a request from NSA or whatever authority.... Otherwise you're secure.
Or someone who can maliciously access their servers and steal the data. No system is perfect.
@ZweiTiger I wouldn't trust anyone with mine. My Client handed me the details, it's my responsibility to protect them.
Is there anything in there precludes use of CF?
verify that cardholder data is encrypted during transit -- CHECK
Verify that only trusted keys and/or certificates are accepted -- CHECK
For SSL/TLS implementations:
Verify that HTTPS appears as a part of the browser Universal
Record Locator (URL) -- CHECK
Verify that no cardholder data is required when HTTPS does
not appear in the URL -- CHECK
I don't see the point, cPanel includes it's own brute force protection and the connecting IP's will show as cloudflare IP's
however, cPanel brute force protection always detect false positives and lock you out
Actually.. i want to try this cloudflare protection for Directadmin login page.
Yes ..
You have the settings wrong then, change the number of brute force attempts for account lockout to 9999999 if you are using cphulk and don't use an easy to guess (root) username for WHM
Ha, worst idea cPanel ever had... "I know, if root gets brute force attacked 15 times by anyone, lock out EVERYONE!"
Would love to see stats on ticket volumes around the industry before and after.
It's crazy, after tons of cpanel installs it still gets me nearly every time when i come back the next day and didn't set SSH keys...
I've switched to csf and things are great @linuxthefish
Are you guys talking about that NSA-sponsored global MITM proxy??
@linuxthefish @jar @century1stop
Got one idea. Seems not the worst but who know. Give me a reason if this could work or nope.
-Will it work? As i know cloudflare open cPanel ports , (and 443 for phpmyadmin) , but i think this shoud be good.
Hm?
Why worry about that? You have a long, randomly-generated password, right?
@ZweiTiger
all these questions are worrying me considering you are a provider.