Serious concerns with security
Posted: Wed Sep 25, 2019 4:49 am
Hello Vesta Team,
After several fresh installs over the years on my Vestacp with CentOS7 I think I am getting an expert of installing this system properly with no errors and latest versions stable versions of PHP MariaDB and others... maybe will do a guide on this one day :P however still I have several concerns on Security of the server.
Being VestaCP platform to facilitate the management of server I think the DEV team should leverage the security issue very seriously. I have made a scan on my website with detectify and surprisingly see so many security concerns.
Some of the issues are related to other websites however the main security points are CrossSite Scripting XSS
Which I have been trying to sort out however never succeeded. The information is all over and there is no guide on how to implement it to all Domains.
I did try to install Modsecurity and OWASP but there is no proper step by step guide adaptable to Vestacp configs.
What would you advise about server security?
After several fresh installs over the years on my Vestacp with CentOS7 I think I am getting an expert of installing this system properly with no errors and latest versions stable versions of PHP MariaDB and others... maybe will do a guide on this one day :P however still I have several concerns on Security of the server.
Being VestaCP platform to facilitate the management of server I think the DEV team should leverage the security issue very seriously. I have made a scan on my website with detectify and surprisingly see so many security concerns.
Some of the issues are related to other websites however the main security points are CrossSite Scripting XSS
Which I have been trying to sort out however never succeeded. The information is all over and there is no guide on how to implement it to all Domains.
I did try to install Modsecurity and OWASP but there is no proper step by step guide adaptable to Vestacp configs.
What would you advise about server security?