Closed testt23 closed 5 years ago
nadar
commented
5 years ago Thinking of making LUYA more safe is welcome. I am note sure if firewall settings should be done on application level, this should be done on server level, but what could do? Whats is helpful? Please make a more concret example of what we might implement.
testt23
commented
5 years ago When the system detects security vulnerabilities, the client (user) of the system or its support will be able to alert the hosting company of this potential vulnerability. I think that would give Luya a good name in the hosting industry.
I and my company, are experts in cyber security, we can help her with the development - you may just have to "deploy" the right way. I think the Luya system is extremely good in development - we've been working with it almost since its inception. As you can see, we almost always come up with ideas.
So, protect your website from SQLi Attacks (SQL Injections), XSS Vulnerabilities, Proxy Visitors, VPN Visitors, TOR Visitors, Spam, Malicious Files (Viruses) and many other types of threats.
it would be nice for the system to make recommendations, such as. if the administrator has not changed his password for more than 30days to do it, it is also nice to have her log of actions ie. who uploaded a file or who edited it, who changed its password when, from whom and address.
for this purpose (sqli, xss) logs will detect who used the input data to overcome it respectively WAF to block them for a time interval. Luya uses correctly spelled input - which is great.
testt23
commented
5 years ago SQLi Protection Protection from SQL Injections (SQLi) and XSS Vulnerabilities (Cross-Site Scripting).
Proxy Protection Protection from Proxy, VPN and TOR Visitors or so-called people hiding behind proxies.
Spam Protection Protection from Spammers and Spam Bots that aim to spam your website.
Malware Scanner Antivirus Scanner that will scan your website for malicious files and will notify you if any are detected.
Input Sanitization Protection Module that automatically sanitizes all incoming and outgoing requests and responses. Real-time scanning of all requests.
DNSBL Integration Integration with some of the best Spam Databases (DNSBL) to protect your website from Bad Visitors.
Detailed Logs The logs contain many information about the Threat / Attack like Browser, Operating System, Country, State, City, User Agent, Location and other useful information.
IP Lookup You can investigate IP Address and check if it is present in the script’s database
E-Mail Notifications You will receive an E-Mail Notifications when attack or threat is detected.
nadar
commented
5 years ago i still believe its the wrong place to implement those security features ;-) The malware scanner is something we could do, but there is already an issue about that. Blocking IP Adresse would also be something we could implement, but then you also need a tool to monitor that.
I and my company, are experts in cyber security
Then you should understand my concerns about that the php application is the wrong stack to fix those problems. 😄
false login attempt
Yes i agree on this, we could add more of those informations, that should be "easy" and also makes sense as the php application is the only owner of that informations.
nadar
commented
5 years ago Currently we don't have a "user notifications" system, therefore we can not display login attempts. Adding firewall stuff on application level makes no sense for me, unless someone likes to send PR's and work on this. The LUYA team won't work on such things. Feel free to send a PR, so i will close this issue.
what would you say about a similar system that displays attack statistics, false login attempts, which reminds you at intervals of changing your password (to you or your clients) an analysis of attempts to prevent it from hacking through SQLi, xss, RFI, LFI, shell upload and others? Example