# Security
# Recommendations
- Regularly check for tracker and server update.
- Use strong passwords for the tracker and server, combining letters, numbers, special characters.
- Provide temporary access to the server via SSH or use SSH key.
- Enable Fail2ban.
- Do not upload filters, redirects, macros, or other scripts to the tracker that you do not trust. Thoroughly check the code of your landing pages, and do not allow PHP in local landings and offers unless you are the author of the code.
- Use a separate domain with Cloudflare for accessing the tracker's admin panel. Do not use this domain in advertising campaigns. For other domains, prohibit access to the admin panel.
TIP
This feature is available on expert team enterprise plans
- Close admin panel access by IP (Maintenance -> Settings) if you have a domain for the tracker's admin panel.
# Security FAQ
How to check who accessed to the control panel?
Read the log file /var/log/nginx/keitaro-admin.access.log.
You can check the log with the terminal the following way:
less /var/log/nginx/keitaro-admin.access.log
1
Or request the last logins:
tail -n 100 /var/log/nginx/keitaro-admin.access.log
1