I am looking to buy an ISPProtect Malware Scanner package for my server. Would you like to know about security updates, how often do they occur? I have a lot of problems with Wordpress. What is the recommended frequency to run the scanner?
I have run ISPProtect once a week. I do not know how often updates are made. It updates itself automatically so I never bothered to examine. I it is Worpress in particular, there is WordFence which is a good tool.
About WordFence it would be great, but for the price at the moment it would be unfeasible. Taking the opportunity on this security issue. I haven't accessed "Show overview" yet and an alert like: Code: [INTERFACE]: PHP IDS Alert.Total impact: 22<br/> Affected tags: xss, csrf, id, sqli, lfi<br/> <br/> Variable: COOKIE.experimentation_subject_id | Value: IjliMmUzMzZjLWFiMGYtNGU2Yy1hYjMzLWEzYTE3N2M4NDk3ZCI=--e49e64f0f0f6c5dccd15178b6e1c7553b71382b0<br/> Impact: 22 | Tags: xss, csrf, id, sqli, lfi<br/> Description: Detects common comment types | Tags: xss, csrf, id | ID 35<br/> Description: Detects MySQL comments, conditions and ch(a)r injections | Tags: sqli, id, lfi | ID 40<br/> Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID 43<br/> Description: Detects basic SQL authentication bypass attempts 2/3 | Tags: sqli, id, lfi | ID 45<br/> <br/> Is this an ISP IDS? How can I manage?
Depends a bit on which new malware is found, we process new malware daily (on weekdays) and release signatures and whitelists when there are changes. Once a day. This is an internal IDS of ISPConfig, it protects the GUI, not the hosted sites. You can find its settings and whitelist file in /usr/local/ispconfig/security/ folder. Normally there is no need to manage it or change anything.
I confess that I am tired of problems related to the invasion of sites where I work and I hope that with Ispconfig it will solve these problems a little. I was thinking of installing a reverse proxy to increase security as well. Does anyone have an opinion on?
ISPConfig uses a quite secure setup, this helps to take care that an infected site does not infect the whole server, but it can not help to prevent that the site itself gets infected. To prevent that sites wit security vulnerabilities get infected, you need a web application firewall like mod_security for apache (its available for Nginx as well under a little different name). I don't think that a reverse proxy will be of any help with that matter, except you mean with reverse proxy a web application firewall and for a web application firewall, you don't need a reverse proxy.
