We’ve had requests for additional security and notification options for the Linode Manager, and recently we’ve noticed an upward trend in Linode Manager brute force attempts, so we decided to tackle a couple related features on our long and ever-growing feature request list (keep them coming).
Login IP Whitelisting and Notification Feature
You’ll receive a notification via email if someone attempts to log into the Linode Manager as your username from an IP not on your whitelist. The email contains instructions for adding that IP to your whitelist. IPs not on your whitelist are denied access.
Passwords are required to be more complex
Passwords must contain characters from three out of four sets: lower case, upper case, numbers, and punctuation, in addition to the old requirement of being a minimum of 6 characters long.
DNS Manager zone AXFR control
You can now specify whether a zone can be AXFRed from our nameservers. Right now it’s an on/off thing, but we’ll soon be adding support for specifying ranges and/or specific IPs that can transfer the zone.
We’ve also laid the groundwork for passwords with an expiration date (we’re now keeping track of when a password was set). Some other ideas are still on the table, like only allowing a few failed log in attempts within a short time span, to reduce the possibility of brute forcing accounts that may not have the IP whitelisting feature enabled…
Security can be a pain, but it’s a necessary evil. It’s a compromise between security and convenience, and we hope we’ve struck a fair balance.