How to protect MailWizz from hackers

[Lakjin]

One thing that concerns me about using MailWizz as opposed to an external newsletter service like MailChimp is security. MailWizz has brute-force login protection enabled, but I don't feel comfortable letting unauthorized users getting that far. So I restored to protecting my MailWizz using HTACCESS; you can do the same by doing the following:

a) Create an .htaccess and put this in this:

Deny from all
Allow from xx.xx.xxx.xxx
Allow from xx.xx.xxx.xxx

The xx.xx.xxx.xxx should be the IP addresses of the users you want to allow access to MailWizz.

b) Place a copy of the .htaccess file in /path/to/mailwizz/backend and /path/to/mailwizz/customer

c) Done!

I'm sure there are more ways to secure MailWizz but this is a simple method. Please note, however, this will only work if you have specific users who you want to grant access to MailWizz. If you are using MailWizz as a backend for a web app available to the general public, this won't work.

Have any other suggestions on how to harden MailWizz? Share 'em!

 

[twisted1919]

Sidenote to the above, make sure you don't lock yourself out and make sure you don't block the frontend where the assets have to be loaded in emails.
Also, if you are lucky enough and you get ddos'ed, then the above won't help at all, just a firewall.

Another nice way to protect those areas is .htpasswd, that way you don't have to add the ip addresses and make sure they're up-to-date (think people with dynamic ips) but rather you login with a username / passwd

Thanks.

 

[Lakjin]

Sidenote to the above, make sure you don't lock yourself out and make sure you don't block the frontend where the assets have to be loaded in emails.
Also, if you are lucky enough and you get ddos'ed, then the above won't help at all, just a firewall.

Another nice way to protect those areas is .htpasswd, that way you don't have to add the ip addresses and make sure they're up-to-date (think people with dynamic ips) but rather you login with a username / passwd

Thanks.

Good points.

 

[omniknoweth]

Sidenote to the above, make sure you don't lock yourself out and make sure you don't block the frontend where the assets have to be loaded in emails.
Also, if you are lucky enough and you get ddos'ed, then the above won't help at all, just a firewall.

Another nice way to protect those areas is .htpasswd, that way you don't have to add the ip addresses and make sure they're up-to-date (think people with dynamic ips) but rather you login with a username / passwd

Thanks.

Yes! You are right twisted1919 ,

Following below screen shot, He can do that


Click on "Password Protect Directories"

Then select the Domain or subdomain where you installed "Mailwizz" app, you would see listed files and folders there, select the one you would love to protect. If you are to protect the Admin area, please select "Backend" folder but if you are to protect customer area, please select "Customerarea" and you can also protect both too , one by one.

After selecting the folder you would love to protect,
Select the Password protect this directory "small box"
Then ; Enter a name for the protected directory and click on "Save"
Now proceed to;
Create a username and a password
And click on "Add Or Modify The Authorized User"


After clicking on it, you should see something like this


After all that, try to visit the protected directory and you would be prompted to input your username and password, input it and click on "Okay"
I.e, http://www.yourdomain.com/images , depends on your path.
You are good to go

You can add multiple users, delete users also by selecting the user you want to delete and click on "Delete User" button.

Hope this helps.

Thanks

 

[twisted1919]

@Kollydaton - Thank you for taking the time to explain this

 

[Fabian Simões]

Great!

I believe that this can help too:
http://configserver.com/cp/csf.html

Very easy to config and helped to block a lot of Mot***545¨%% like:
http://who.is/whois-ip/ip-address/114.37.211.6

This thread have some more information:
http://www.webhostingtalk.com/showthread.php?t=1315182

You'll find a reply saying that CSF does not work... Well, I believe that is just a bad configuration.

Take a time to see this service (You'll get frightened...)
http://map.ipviking.com/

Almost unbelievable and give to us a wide vision/notion about all this crap...