best WAF for my server

R

RO3B

New member
Joined
Jun 1, 2022
Messages
18
Hi guys, I do have a VPS with 4 accounts websites I'm looking for a good WAF as I do use Litespeed + 3 WordPress sites, another private coded website. Bitninja or immunity 360 is out of my budget ( as they bill you based on how many users you have) and i see them as a business solution. all of my 4 websites are mine and have no clients no friends. Is there a reasonable PAID WAF that will protect my sites and my server? Currently, I'm using CSF but i would like something else to protect my WordPress sites without the need of using plugins and use my server resources. I found cpguard or CXS. Which one is the best or is there any alternative ?!

Any advice regarding this matter ?

Thank you
 
Last edited:
Huh, I'm interested in this question. Maybe it's because I'm the only user on my VPS but I only run CSF and OWASP. I keep all the software up to date and use extremely strong passwords on all accounts. I lock down all ports using a hardware firewall, but maybe I should be more worried?
 
BillyS said:
Huh, I'm interested in this question. Maybe it's because I'm the only user on my VPS but I only run CSF and OWASP. I keep all the software up to date and use extremely strong passwords on all accounts. I lock down all ports using a hardware firewall, but maybe I should be more worried?
Click to expand...
I think you need more than just CSF, OWASP
 
RO3B said:
I think you need more than just CSF, OWASP
Click to expand...
Based on your post, I know you do. Do you have a reason or could you point me to an article that convinced you that you need AV or a better WAF than OWASP?


I am interested in what others might be deploying. I was a CPanel customer when they started with IMUNIFY 360 and all that did was waste resources. I've used ClamAV too and that did nothing over the years and based on my reading I don't need it either. I could be wrong, hopefully someone else will jump in.

I've only been hacked once in twenty years and that was before I knew anything about security. That was my host's fault too. That's why I host myself now.
 
BillyS said:
Based on your post, I know you do. Do you have a reason or could you point me to an article that convinced you that you need AV or a better WAF than OWASP?


I am interested in what others might be deploying. I was a CPanel customer when they started with IMUNIFY 360 and all that did was waste resources. I've used ClamAV too and that did nothing over the years and based on my reading I don't need it either. I could be wrong, hopefully someone else will jump in.

I've only been hacked once in twenty years and that was before I knew anything about security. That was my host's fault too. That's why I host myself now.
Click to expand...

Well let me tell YOU about my own experience
I have My Own websites none have the access to them some of them are on WordPress after two years of Using WAF csf basic staff I installed a Proper WAF within 10-15 minutes I found sleeping Worms (Malware within WordPress pages in a bizarre way if you remove the whole .php the WordPress would not work THAT WAF just cleaned the code and since then i have paranoid about this just FYI they never hacked my website or changed anything but it's like sleeping until the hacker or god knows activate it) again this is my own experience and I always update my VPS, WordPress i have few trusted plugins (PAID), PAID THEME every 3 months new update and yet this happened for 2 years without me knowing.
 
RO3B said:
THAT WAF just cleaned the code
Click to expand...
So which WAF was that? Because that sounds good but I don't see any name.

I just use CSF/LFD with clamav for both mail and to be used with Maldetect which is also installed on the server.
This can clean some php code, but not everything. It saved me several times though due to malware found in infected Wordpress addons and themes for example.
 
Richard G said:
So which WAF was that? Because that sounds good but I don't see any name.

I just use CSF/LFD with clamav for both mail and to be used with Maldetect which is also installed on the server.
This can clean some php code, but not everything. It saved me several times though due to malware found in infected Wordpress addons and themes for example.
Click to expand...

It was Imunify360 (with kernel care + backup) free trial and even the customer service helped knowing I'm just on a free trial but after the free trial, it was expensive for me 45$ per month, my server is 30$ per month so I canceled it
 
Well have you guys thought of this option its cheaper.

Instead of imunify360 get Imunifyav and let it scan the whole server and clean it out first properly as it patches and takes injected code out etc. from all sites.
Once cleaned properly then install CXS (Paid) or Maldet (free) and install free Interserver signatures into freshclam.conf.

Then just use OWASP or Comodo WAF to protect it further.

By the way I found from our many servers we have that imunify360 which we use on some doesnt always find all the malware. We have CXS running on it side by side to scan weekly and cleaned out the leftover Malware. (We find CXS seems to find older malware better, where imunify360 is focused on new ones and more common ones). Nothing is full proof so just do the best you can.

This may or may not be better - good luck :)
 
You must log in or register to reply here.
Back
Top