security

  1. Jacky Zhang

    How to do Access Control of Virtual Host ' Web Socket Proxy

    Dear Friend, This is my First Post about OpenLiteSpeed's Issue. I want my Website Pages Open or Unlimited, Only limit Web Socket Proxy can pass by the appointed IP . My Web Socket Proxy of Virtual Host is like this: And it work well. May I know how to Access Control the traffic of Web...
  2. Davi8r

    Any reason to not change WebAdmin username?

    I see in WebAdmin Settings -> General -> Users ... there is a place to change the User Name (admin). Is there any reason not to do so? Thanks, -- Dave
  3. B

    OWASP CRS ModSecurity rules not blocking malicious request body in OpenLiteSpeed

    I followed this tutorial: Installing and Configuring the OpenLiteSpeed ModSecurity Module • OpenLiteSpeed to install OWASP CRS. Tested with malicious URL like: - http://localhost:8003/attack.php?q=<script>alert(document.cookie)</script> - http://localhost:8003/attack.php?q=/bin/bash all works...
  4. scottnzuk

    PHP Version In Use Contains Known Vulnerabilities v5.6 php - ADMIN PORTAL ONLY.

    So I run a security scan on my website from intruder.io it has come back with below error message: The version of PHP in use contains a number of known security vulnerabilities which could be used to compromise the system or affect its availability. PHP is a scripting language usually used for...
  5. slowaways

    PHP Backdoor - My WordPress websites was hacked

    I didn't think this was possible, but hackers had enough access to upload a backdoor .php file to various websites hosted via OpenLiteSpeed. They exploited some WordPress vulnerability and uploaded a .php file somewhere containing a backdoor. This file was a backdoor that allowed you to...
  6. U

    Can't set WebAdmin to port 443

    Hello! I'm trying to make my webadmin console available over ssl on a subdomain. However, if I set admin listener port to 443, lsws crashes saying it can't set it to 443. This is rather inconvenient, as I usually restrict access to anything webserver related to cloudfalre IPs since I'm behind...
  7. D

    Add two-factor authentication to my openlitespeed dashboard

    Hi, Is there any way that I can add 2FA to my openitespeed dashboard? Thanks
  8. Ivan Rojas

    Security & Firewall (csf)

    Hi, I'm a user of WHM/cPanel for years but I starting to love OLS, however, i have just been hacked in less than a week, http://prntscr.com/l6vu6h anyway, it happens, however, in whm I used to use CSF and I was reading https://download.configserver.com/csf/readme.txt and i see there is...
  9. S

    CSP Headers aren't being sent

    I am trying to add some CSP headers via .htaccess, and they don't seem to be working. Header set X-Frame-Options "SAMEORIGIN" Header set X-Content-Type-Options "nosniff" Header set X-XSS-Protection "1; mode=block" Header set Strict-Transport-Security "max-age=631138519; includeSubDomains" when...
Top