github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-20 21:34:12 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update README.md

Browse source
This commit is contained in:
dpeca 2019-08-21 00:03:35 +02:00 committed by GitHub
commit a0f940da35
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -11,12 +11,12 @@ MyVesta Control Panel
Features
==================================================
+ Support for Debian 10
+ Support for Debian 10 (previous releases are also supported)
+ You can totally "lock" VestsCP so it can be accessed only via https://serverhost:8083/?MY-SECRET-URL
+ After MyVesta installation just execute:
+ `echo "<?php \$login_url='MY-SECRET-URL';" > /usr/local/vesta/web/inc/login_url.php`
+ Literally no PHP scripts will be alive (won't be able to get executed), unless you access the URL with that parameter. Thus, when it happens that, let's say, some zero-day exploit pops up - hacker will not be able to access it without knowing your secret URL. PHP scripts from VestaCP will be simply dead - noone will be able to interact with your panel unless he has the secret URL.
+ Literally no PHP scripts will be alive (won't be able to get executed), unless you access the URL with that parameter. Thus, when it happens that, let's say, some zero-day exploit pops up - hacker will not be able to access it without knowing your secret URL. PHP scripts from VestaCP will be simply dead - no one will be able to interact with your panel unless he has the secret URL.
+ You can see for yourself how mechanism was built by looking at:
+ https://github.com/myvesta/vesta/blob/master/src/deb/for-download/php/php.ini#L496
+ https://github.com/myvesta/vesta/blob/master/web/inc/secure_login.php