From 197043e395e932cdbbb315021c31e56779c7088f Mon Sep 17 00:00:00 2001 From: dpeca Date: Tue, 20 Aug 2019 20:18:37 +0200 Subject: [PATCH] Update README.md --- README.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/README.md b/README.md index 4c1a1da5..aa7f264c 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,28 @@ MyVesta Control Panel * Therefore, only Debian is supported - keeping focus on ONE eco-system - not wasting energy on compatibility with other Linux distributions * It will always be synchronized with official VestaCP commits * All VestaCP commercial plugins can be purchased only on official vestacp.com - we will not take their earnings - we are not making this because of money + +Features +================================================== + +1) Apache is on mpm_event by default, PHP is running in PHP-FPM + +2) You can totally "lock" VestsCP so it can be accessed only via https://serverhost:8083/?MY-SECRET-URL + +After installation just execute: +``` +echo " /usr/local/vesta/web/inc/login_url.php +``` +Literally no one PHP script will be alive before you access that URL, so even if there is some zero-day exploit - hacker will not be able to access it without knowing your secret URL. +You can see how mechanism was built by looking at: +- https://github.com/myvesta/vesta/blob/master/src/deb/php/php.ini#L496 +- https://github.com/myvesta/vesta/blob/master/web/inc/secure_login.php + +3) We disabled dangerous PHP functions in php.ini, so even if customer's CMS was compromised, hacker will not be able to execute shell from PHP. + +About VestaCP +================================================== + * Vesta is an open source hosting control panel. * Vesta has a clean and focused interface without the clutter. * Vesta has the latest of very innovative technologies.