security

  1. T

    2fa feature for OLS Webadmin Console

    Doesn’t OLS Webadmin Console have 2fa feature? I think it is better to configure the 2fa feature for it, which will be safer. Or is there any way we can configure it ourselves?
  2. T

    How to redirect “http:// serverip:8090” to “https://hostname :8090”

    Hello everyone, As we all know, we have 2 ways to access cyberpanel, server ip and hostname. Since the url "http://serverip:8090" is not safe, I worry someone will use it to do bad things. So, I would like to redirect “http://serverip:8090” to "https://hostname :8090”. Can any friend...
  3. lslisa

    OpenLiteSpeed is NOT vulnerable to Rapid Reset

    The details about the recent HTTP/2 CVE, and why you can rest easy with LiteSpeed Enterprise Web Server, LiteSpeed Web ADC, and OpenLiteSpeed: https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/
  4. S

    SecRule not working

    I want to set SecRule on /webmail I am using the below SecRule this is added in the server conf modsecurity on modsecurity_rules ` SecDebugLogLevel 0 SecAuditEngine on SecRuleEngine On SecRule REQUEST_URI "^/webmail" "id:99999,phase:1,deny,status:403" ` modsecurity_rules_file /conf/path but...
  5. Jacky Zhang

    How to do Access Control of Virtual Host ' Web Socket Proxy

    Dear Friend, This is my First Post about OpenLiteSpeed's Issue. I want my Website Pages Open or Unlimited, Only limit Web Socket Proxy can pass by the appointed IP . My Web Socket Proxy of Virtual Host is like this: And it work well. May I know how to Access Control the traffic of Web...
  6. Davi8r

    Any reason to not change WebAdmin username?

    I see in WebAdmin Settings -> General -> Users ... there is a place to change the User Name (admin). Is there any reason not to do so? Thanks, -- Dave
  7. B

    OWASP CRS ModSecurity rules not blocking malicious request body in OpenLiteSpeed

    I followed this tutorial: Installing and Configuring the OpenLiteSpeed ModSecurity Module • OpenLiteSpeed to install OWASP CRS. Tested with malicious URL like: - http://localhost:8003/attack.php?q=<script>alert(document.cookie)</script> - http://localhost:8003/attack.php?q=/bin/bash all works...
  8. scottnzuk

    PHP Version In Use Contains Known Vulnerabilities v5.6 php - ADMIN PORTAL ONLY.

    So I run a security scan on my website from intruder.io it has come back with below error message: The version of PHP in use contains a number of known security vulnerabilities which could be used to compromise the system or affect its availability. PHP is a scripting language usually used for...
  9. slowaways

    PHP Backdoor - My WordPress websites was hacked

    I didn't think this was possible, but hackers had enough access to upload a backdoor .php file to various websites hosted via OpenLiteSpeed. They exploited some WordPress vulnerability and uploaded a .php file somewhere containing a backdoor. This file was a backdoor that allowed you to...
  10. U

    Can't set WebAdmin to port 443

    Hello! I'm trying to make my webadmin console available over ssl on a subdomain. However, if I set admin listener port to 443, lsws crashes saying it can't set it to 443. This is rather inconvenient, as I usually restrict access to anything webserver related to cloudfalre IPs since I'm behind...
  11. D

    Add two-factor authentication to my openlitespeed dashboard

    Hi, Is there any way that I can add 2FA to my openitespeed dashboard? Thanks
  12. Ivan Rojas

    Security & Firewall (csf)

    Hi, I'm a user of WHM/cPanel for years but I starting to love OLS, however, i have just been hacked in less than a week, http://prntscr.com/l6vu6h anyway, it happens, however, in whm I used to use CSF and I was reading https://download.configserver.com/csf/readme.txt and i see there is...
  13. S

    CSP Headers aren't being sent

    I am trying to add some CSP headers via .htaccess, and they don't seem to be working. Header set X-Frame-Options "SAMEORIGIN" Header set X-Content-Type-Options "nosniff" Header set X-XSS-Protection "1; mode=block" Header set Strict-Transport-Security "max-age=631138519; includeSubDomains" when...
Top