I am renting an "out-of-the-box" shared hosting solution and installed ownCloud via Installatron.
I keep receiving the following security warnings: Transactional file locking should be configured to use memory-based locking, not the default slow database-based locking. See the documentation :arrowupper_right: for more information._ /dev/urandom is not readable by PHP which is highly discouraged for security reasons. Further information can be found in our documentation. The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our security tips. No memory cache has been configured. To enhance your performance please configure a memcache if available. Further information can be found in our documentation.
Having read ownCloud's documentation, I am none the wiser since the documentation seems to presuppose control over the server via a shell. I am nothing more than a rookie and am left with the feeling that my ownCloud installation is unsafe and haven't got a clue how to secure the server.
Does anyone know how I can secure my server? Any help would be appreciated!
While redirecting all traffic to HTTPS is good, it may not completely prevent man-in-the-middle attacks. Thus administrators are encouraged to set the HTTP Strict Transport Security header, which instructs browsers to not allow any connection to the ownCloud instance using HTTP, and it attempts to prevent site visitors from bypassing invalid certificate warnings.
You can significantly improve ownCloud server performance by using memory caching. This is the process of storing frequently-requested objects in-memory for faster retrieval later. There are two types of memory caching available