I was wondering if you could move or remove the admin page from box..com/admin to a different place like box..com/adminpage, Reason being is because I think the admin page for mailinabox is real insecure
Why not address the underlying issue here? Why do you think that the admin page is real insecure?
Bruteforce attacks, Its opened to everyone (Not in a literal sense people can just view the admin panel login)
These attacks are also against the SMTP, IMAP, and POP3 logins, so blocking the dashboard doesn’t make any difference.
Fail2ban will protect against brute force attacks as long as you don’t have IPv6, which even with IPv6 it would have to be a much more sophisticated brute force attack to be successful.
If anything, the dashboard login is more protective against brute force attacks because it includes the option for two-factor authentication, which is not possible for mail-related logins.
2 Likes
Don’t forget you could always enable 2FA for the admin page as well.
1 Like