While I login ListMail anybody can view it on internet?

[altonsanders]

Dear ListMail Forum,

Its alton sanders here..

I ncountered a frighting discovery today.
Why is ListMail uploading openingly over the internet
once I have clicked the domain name assigned
to it so that ListMail can run on the host server?

Its confusing to me, because my understanding is
ListMail can run on my website server.
Actually, by click the domain link it forwards
over to the ListMail password box. Afterward
anybody can click the url and have 100%
access over the internet to my applications and
also capable of re-configuring my confidential data.
.
Can you assist me on this issue?
.
alton sanders

altonsanders@earthlink.net

[DW]

Alton,

You can replace index.php (or delete it and upload index.html) and browse directly to login.php to login to ListMail if you prefer.

The login box -is- open for anyone to see, but there is an admin warning (optional - Configuration page) and lengthy delay on failure to prevent brute force attacks.

The login process uses a cookie that is destroyed when you close your browser.  If you do not close your browser and browse back to ListMail you may find yourself still logged in.  Others who have not been able to set their cookie with the correct admin pass will not be logged in when they browse to this page.

Please let me know if you have further questions about this.

Regards