Service Improvement
Cloudways values its customers and their feedback! You can now give us your feedback on how we can improve Cloudways services, solution and products by pitching in your ideas!
109 results found
-
Check for the blacklist IP before assigning Server IP
Hello Team,
Can you please add some feature where it'll check for the blacklist before assigning server IP?
It seems like someone else was using assigned server IP before it's assigning to the user and they have abused the server so their IP is under blacklist and that blacklist server IP is not going to be useful for the new user.
4 votes -
Block other domains visibility from whois services
Hi, I'd like to suggest a new feature to server owner's security, to block other domains visibility from whois services. at the moment, anyone can go to any whois service (i.e. http://reverseip.domaintools.com) and by typing domain name, or the IP address can check what other domains are hosted on this server. i think, to privacy of users and server owners, this is a lack. it may be just an additional feature, but i'm sure people would love to see this as an option to disable this from public view.
4 votes -
4 votes
-
Integrate mod_evasive to mitigate DDoS attacks
DDoS issues are getting out of control. It would be a good idea to integrate mod_evasive apache module to mitigate them.
I was suggested by the support team to mitigate the attack using app level firewalls but that's far to be an optimal solution.
They confirmed that the current infrastructure of their servers is not ready for adding this apache module but they are open to evaluating it as an option.
4 votes -
Feature Request: Log analysis section
I made contact via suppot chat and ask if it was possible to install GoAccess on my server for a visual and accurate log view.
Since it was not possible all i can do is suggest to make a section on server panel to analyse server logs and have a clear vision of traffic and load.Gabriel G.
4 votes -
Allow disabling of weak SSH key exchange algorithms
PCI Compliance now regards weak ssh key exchange algorithms as a liability. There should be a way to disable them. It's fairly easy to set up in open-ssh: https://infosec.mozilla.org/guidelines/openssh#Configuration
4 votes -
Better whitelisting for Bot Protection
IP whitelisted via Server > Security should also whitelist IP for Bot Protection on all apps. I have had to have support reps manually whitelist my client's IP when they were blocked by Bot Protection. I couldn't find their IP to be able to whitelist it. I want to be able to manually and globally whitelist an IP and it would make sense to tie it into the Server > Security whitelist option or if that is not possible, just an easy way to do it via Bot Protection settings.
3 votes -
Improvements for Bot Protection
Your documentation about Bot Protection doesn't make sense. It says to add to whitelist click X and to remove from whitelist click the checkmark. Also, in the screens such as Traffic requests, every entry whether in Allowed or Blocked as a green arrow next to it. When hovering above the checkmark it says "Whitelist this IP". That seems backwards, and even more confusion is that these same rules apply for both Allowed and Blocked tabs. I am not even sure what actions to take and I don't want to block or allow an IP accidentally. What would make more sense…
3 votes -
Security issue-Visible passwords in Dashboard needs immediate attention
Coming from different managed hosting, I just joined cloudways, only to be surprised that sufficient security for protecting passwords is not in place. I can see the passwords are visible to me but also to the support agents that have access to the same area and hence openly visible to them. They can see Wordpress password ( which is not issue, as they told me it is default one and if changed in wordpress admin, will not be reflected here). My biggest concern is the sensitive passwords for SQL database and application credentials. The eye icon placed next to passwords…
3 votes -
Display remaining Lets encrypt SSL limit
SSL has rate limit for SSL certificates which is reset in 12hrs. This limit should be displayed on SSL page so that user can be careful.
3 votes -
Remove Server Signature for Improved Security
Provide a way to disable the server signature to improve security by not disclosing the server type and server software, along with other information, which could allow hackers to determine vulnerabilities by listing server and software specifications.
Thanks!
3 votes -
Allow closing shellinabox
The shellinabox service that runs on port 4200 is not secure enough, for a number of reasons:
* it accepts non-TLS traffic
* no multifactor authentication
* no battle-tested frontend webserver like nginx before itInstead of fixing all of these, perhaps just allow to disable this service like you allow for other services.
3 votes -
Ability to add multiple SSL certificates per application (neither wildcard nor SAN)
If we have a multisite, we need a wildcard SSL for the subdomains. However if we go further, and provide custom domain (domain mapping) the problem comes that the SSL certificate is only for our domain not the mapped. Would be great if we can (even manually) create more than one certificate. SAN certificates is not the good option, since:
- We are using the wildcard for the own subdomains.
- There is a hard limit with the 100 domains.
- All the custom domains would be listed as secondary domains in the certificate details.
3 votes -
Spectre and Meltdown
Please advise about specific measures did you take regarding Spectre and Meltdowns recent announced threats in order to give a word of trust to our final customers
3 votesAdminCloudways (Admin, Cloudways) responded
Hi Filipe:
We’ve put up an update on our blog about Meltdown and Spectre: https://www.cloudways.com/blog/protection-against-meltdown-and-spectre/
Cloudways Team
-
Please make your cloud server SOC2 compliant.
Please make your cloud server SOC2 compliant.
3 votes -
IP Ranges
Need to the ability to save IP ranges to security rather than one at a time.
3 votes -
Add the ability to lock down file write access per application (so one a compromised application cannot affect other)
Applications on the same server currently have write access to each others' files by default, which is an unnecessary security risk. For example, if you have multiple Wordpress applications on the same server and one gets compromised, the hacker could also compromise any other applications on the same server. If possible, it would be worthwhile to at least have the option to lock down file write access on a per application basis. I believe you already have apache running under separate users for each application, so this might be as simple as disabling the www-data group permissions.
3 votes -
Drupal secure on install
Please could you find a way to keep up-to-date with Drupal core security updates (eg. current 7.38 has a critical security flaw). It's a PITA to get a security email immediately on install and have to go in and update. Isn't there a way to pull the latest secure core as part of your install process?
Thanks, Neil
3 votes -
Force log out from all devices
It's a really must have option for all server owners.
2 votes -
Be able to name and order IPs
Hi !
It would be interesting to be able to create groups of IPs and name or tag these IPs in order to visually understand who has been given access to MySQL/SSH services.
Example :
External company 1: 127.0.0.1 127.0.0.2 127.0.0.3
External company 2: 172.0.0.1 172.0.0.2
Freelance dev: 120.0.0.1
My company: Ips list ....Thx
2 votes
- Don't see your idea?