Tag: docker

Half of all web traffic is bots, and a growing slice are vibe-coded AI scanners written by a chatbot prompt. Here is the five-layer defense in depth that stops them: rate limiting, WAF, TLS hardening, request validation, access control, PHP and Docker hardening, plus the patching that does the most work.

Our hardened Roundcube Docker image runs as nobody, can chown nothing, and treats every request as hostile. Here is the full unprivileged + WAF security model — and why default webmail containers are a liability.

Your mailbox table deserves better than raw SQL at 02:00. ViMbAdmin — modernised for PHP 8.5 — manages Postfix + Dovecot virtual domains, mailboxes and aliases via web UI or JSON-RPC API, with TOTP, brute-force protection and a hardened Docker image.

In May 1998, Wietse Venema released the first public alpha of a mailer he’d been writing inside IBM Research and originally called…

Default Docker is barely a container at all — root, mutable, all caps, shared kernel. This is the ten-flag hardening checklist that turns it into something a real attacker has to work to break: rootless, read-only, cap-drop, no-new-privileges, distroless, secrets, segmentation, scanning. With a worked NGINX + PHP-FPM compose example.

Run your own password manager with self-hosted Vaultwarden — a tiny Docker image, full Bitwarden client compatibility, and total control over your encrypted vault.