Security Questions for extra layer of protection (SKINS)

Version 1.43.1


Ability to enable Security Questions where a valid login will take the client to another authentication page, asking for a valid answer to a pre-defined question. Forum: If you're using a custom skin, It's very important to update the skin to have these changes. If you enable this feature with a DA skin, then switch to an old skin without these changes, when you login, you'll get a "Document not Found" error, and won't be able to answer the question.. and you'll be locked out of DA (manual root ssh changes needed to turn it off for this User) The Security Questions page can be accessed from the "Password" icon, at the top of the page (where a DA User changes their password) Checkbox to enable/disable Security Quetions Checkbox to allow API connections to the account with this DA username with their password: if disable no CMD_API call will work for this account when accessing the accoung with the usual password, so only disable API's if you know you don't need them. This API checkbox does not apply to Login Keys.. so you can disable APIs with the password, but APIs will still work when using a Login Key (they're so long that they won't likely be guessed) There is no checkbox for Login Keys. If you don't want to allow Login Keys to access the API, don't create a Login Key. This feature is an extra layer of security, in addition to the current Brute Force Attack monitor for port 2222: #1 from this guide CMD_SECURITY_QUESTIONS CMD_API_SECURITY_QUESTIONS The list of questions is stored in: /usr/local/directadmin/data/skins/enhanced/lang/en/internal/security_questions.txt The very first line will look something like: 1=22 where index 1 will always store the number of entries in the file... in this case, the last entry is index 22=... Basically, just take the highest number at the bottom, as use that (#1 skips itself automatically). To add more entries, edit this file, and use: chattr +i security_questions.txt to lock it from update overwrites. Language changes can have their own copy, in their own language. New user.conf values: security_questions=yes - Security questions will be required, if they're present. api_with_password=yes - The API is allowed, using the current password. Login Keys and Session Keys are always allowed.. this setting does not affect them. notify_on_all_question_failures=yes - When enabled, all incorrect answers will generate a Message to the User (not to Admins). "no" will still send a message to Admin and User after <max_security_question_attempts> attempts. New directadmin.conf values, these are the internal defaults: security_questions=1 max_security_question_attempts=5 block_ip_after_failed_security_questions=0 The block_ip_after_failed_security_questions option can be set to 1, and on the last attempt, a warning will be given to the User that their IP will be blacklisted. If you set: block_ip_after_failed_security_questions=2 then no warning will be given. Of course, this requires that you have the Blacklisting turned on in your Admin Settings (if it's off, go turn it on.. now!) ------------------------------------------------ ------------------------------------------------ SKINS old: ------------------------ files_user.conf CMD_SECURITY_QUESTIONS=user/security_questions.html CMD_ASK_SECURITY_QUESTION=user/ask_security_question.html passwd.html ------------------------ ------------------------------------------------ new: ------------------------ user/ask_security_question.html user/security_questions.html lang/en/internal/security_questions.txt and many additions to: lang/en/internal/* suspension.txt user.txt command.txt

Try DirectAdmin with a 30-day money back guarantee!