Product Improvements: Flexible
Cloudways values its customers and their feedback! You can now give us your feedback on how we can improve Cloudways services, solution and products by pitching in your ideas!
5 results found
-
telnet
i want to connect with telnet.
1 voteWe don’t have plan to support telnet.
Cloudways Team
-
Upgrade OpenSSL!
phpinfo() reports the OpenSSL version to be 1.0.1e. This is a security hole that needs to be fixed. Please update to the latest version.
1 voteHi there,
Our servers are fully and regularly patched and have all latest Debian stable (Wheezy) security updates.
The version we deploy is:
ii openssl 1.0.1e-2+deb7u13 amd64 Secure Socket Layer (SSL) binary and related cryptographic toolsAnd you can check here that this is the latest openssl release in Wheezy (stable) with the proper security patches:
https://packages.debian.org/search?keywords=opensslWe precisely chose Debian for the strong security and stability culture that the community has.
Cloudways Team
-
Option to disable MySQL manager
I now have a publicly accessible web interface to my database running om mydomain.com:8082
This is a security risk and I never use the MySQL manager so I would like to disable it. Please add this option!
1 voteMysql manager is never open to the internet. Connection is opened and only allowed from the customer IP on the fly as you activate the manager. This happens backstage when you click the mysql manager button and, of course, transparent to end users.
We take security very seriously at Cloudways and it is one key point in our network design.
Cloudways Team
-
Security flaws
When we go to each app and "reset permissions" it gives www-data group full permissions to edit/create files. It's a security leak. Our server got hacked and all sites on server got exposed. If it's not taken care of, I have to post this at various places on social media that avoid using cloudways as this can expose your clients to risk.
1 voteHi Amit,
The reset permissions button has nothing to do with the fact that your site may have been hacked. It simply sets the permissions to the default that Cloudways advises for content under the public_html folder (that is 775 for folders and 664 for files). This is the default too when installing a new application. Permissions are like this to allow different team members to work on the same application (team members userids are all part of the same group). This by itself does not constitute any flaw nor security issue and will not imply the server will be hacked. Application/server will be hacked if it is not updated, it uses old/insecure plugins …
Cloudways Team
-
Option to run apache as www-data
It would be good if there was an option not to run Apache as the same user as SSH / file owner. That way it would be possible to make files & folders read-only as far as the server / PHP is concerned.
3 votes
- Don't see your idea?