security

Dear Friend, This is my First Post about OpenLiteSpeed's Issue. I want my Website Pages Open or Unlimited, Only limit Web Socket Proxy can pass by the appointed IP . My Web Socket Proxy of Virtual Host is like this: And it work well. May I know how to Access Control the traffic of Web...

I see in WebAdmin Settings -> General -> Users ... there is a place to change the User Name (admin). Is there any reason not to do so? Thanks, -- Dave

I followed this tutorial: Installing and Configuring the OpenLiteSpeed ModSecurity Module • OpenLiteSpeed to install OWASP CRS. Tested with malicious URL like: - http://localhost:8003/attack.php?q=<script>alert(document.cookie)</script> - http://localhost:8003/attack.php?q=/bin/bash all works...

So I run a security scan on my website from intruder.io it has come back with below error message: The version of PHP in use contains a number of known security vulnerabilities which could be used to compromise the system or affect its availability. PHP is a scripting language usually used for...

I didn't think this was possible, but hackers had enough access to upload a backdoor .php file to various websites hosted via OpenLiteSpeed. They exploited some WordPress vulnerability and uploaded a .php file somewhere containing a backdoor. This file was a backdoor that allowed you to...

Hello! I'm trying to make my webadmin console available over ssl on a subdomain. However, if I set admin listener port to 443, lsws crashes saying it can't set it to 443. This is rather inconvenient, as I usually restrict access to anything webserver related to cloudfalre IPs since I'm behind...

Hi, Is there any way that I can add 2FA to my openitespeed dashboard? Thanks

Hi, I'm a user of WHM/cPanel for years but I starting to love OLS, however, i have just been hacked in less than a week, http://prntscr.com/l6vu6h anyway, it happens, however, in whm I used to use CSF and I was reading https://download.configserver.com/csf/readme.txt and i see there is...

I am trying to add some CSP headers via .htaccess, and they don't seem to be working. Header set X-Frame-Options "SAMEORIGIN" Header set X-Content-Type-Options "nosniff" Header set X-XSS-Protection "1; mode=block" Header set Strict-Transport-Security "max-age=631138519; includeSubDomains" when...