New to Hestia. I noticed that if I suspend a domain, certain pages return a 404 page instead of the suspended page. I suspect this is not the intended behavior.
On a site containing the following files in the document root:
I get the following results:
http://example.com → Suspended
http://example.com/index.html → Suspended
http://example.com/index.php → 404
http://example.com/info.html → Suspended
http://example.com/info.php → 404
Same results if I use an
index.html instead of
HestiaCP v1.7.7 with Apache, nginx and PHP-FPM. Debian 11.7.
It probally tries the run php code as as php even if if it doesn’t really exists…
If a website is compromised a hacker can force the execution of PHP simply vñby generating visits from a botnet.
We can’t defend ourselves by suspending the website.
So, is this the intended behaviour or no? Would a bug report be in order? If I suspend a site I would expect it to indicate such regardless of path. I am not necessarily looking to defend against attacks.
01:50PM - 24 Jun 22 UTC
### Describe the bug
If you suspend a web domain, some urls are stil visible in
There is allready a bug report about it
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.