Suspended domain returns 404 on non index PHP pages


New to Hestia. I noticed that if I suspend a domain, certain pages return a 404 page instead of the suspended page. I suspect this is not the intended behavior.

On a site containing the following files in the document root:

  • index.php
  • info.html
  • info.php

I get the following results:

  • → Suspended
  • → Suspended
  • → 404
  • → Suspended
  • → 404

Same results if I use an index.html instead of index.php.

HestiaCP v1.7.7 with Apache, nginx and PHP-FPM. Debian 11.7.

It probally tries the run php code as as php even if if it doesn’t really exists…

If a website is compromised a hacker can force the execution of PHP simply vñby generating visits from a botnet.

We can’t defend ourselves by suspending the website.

So, is this the intended behaviour or no? Would a bug report be in order? If I suspend a site I would expect it to indicate such regardless of path. I am not necessarily looking to defend against attacks.

There is allready a bug report about it

Here we go


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.