From a0f940da35486399ca91c32b63ecbcdc14a6f327 Mon Sep 17 00:00:00 2001 From: dpeca Date: Wed, 21 Aug 2019 00:03:35 +0200 Subject: [PATCH] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 27344d70..be5925dd 100644 --- a/README.md +++ b/README.md @@ -11,12 +11,12 @@ MyVesta Control Panel Features ================================================== -+ Support for Debian 10 ++ Support for Debian 10 (previous releases are also supported) + You can totally "lock" VestsCP so it can be accessed only via https://serverhost:8083/?MY-SECRET-URL + After MyVesta installation just execute: + `echo " /usr/local/vesta/web/inc/login_url.php` - + Literally no PHP scripts will be alive (won't be able to get executed), unless you access the URL with that parameter. Thus, when it happens that, let's say, some zero-day exploit pops up - hacker will not be able to access it without knowing your secret URL. PHP scripts from VestaCP will be simply dead - noone will be able to interact with your panel unless he has the secret URL. + + Literally no PHP scripts will be alive (won't be able to get executed), unless you access the URL with that parameter. Thus, when it happens that, let's say, some zero-day exploit pops up - hacker will not be able to access it without knowing your secret URL. PHP scripts from VestaCP will be simply dead - no one will be able to interact with your panel unless he has the secret URL. + You can see for yourself how mechanism was built by looking at: + https://github.com/myvesta/vesta/blob/master/src/deb/for-download/php/php.ini#L496 + https://github.com/myvesta/vesta/blob/master/web/inc/secure_login.php