-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Increasing security measurements across the service #10
Comments
This is a follow-up update. As situation has been cooling down for weeks, so it's time to relax some rules regarding to firewall. As of today, we have bring improvements to portal, especially the deployment feature. It is now possible to disable PHP execution and firewall, like this: features:
- firewall: off
nginx:
fastcgi: off Unlike the past, we now allow all host turn off firewall explicitly, but with either condition is satisfied:
Why the conditions? We learn that most of attack is in websites with weak admin password and with application script files exposed to public root, like WordPress. So using nested root public folder WordPress users may be affected the most, but I believe those who don't implement proper security also probably doesn't even know that they're under active firewall, as wordpress.org and other common APIs that required to run WordPress already on the whitelist. On the side note, we have improved common functionalities like DNS and NGINX config checker, also added firewall check. And now you can also see deployment progress while it runs (no longer need to wait until it finished). I will close this issue in later time, this issue isn't quite the right to post updates, actually. |
Now security is explained in the docs: https://domcloud.co/docs/features/security https://domcloud.co/docs/intro/security |
Recently I got a report that DOM Cloud servers were used for malicious purposes.
Along with #9 we decided to take important security measurements today:
The text was updated successfully, but these errors were encountered: