General questions about VestaCP
5 posts • Page 1 of 1
NoThe VestaCP dont have any default security against this types of threats?
You need so-called WAF. It is firewall working in the application level. It analyzes potentially dangerous things like cookies, GET and POST parameters and so on.What is the best option to protect sites under VESTACP with APACHE+NGINX against attacks xss, sql injection, etc...
But the best option is to way correct code with input checking (filtering) that doesn't rely on correctness of user's input.
i created a script since im using joomla to change my file permissions basicly if i get injected it will only work while im editing the site, otherwise you only have permissions to read (not even able to login to /administrator tab)