New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
SolusVM using API only
How about using create your own frontend of control panel. Using API to command SolusVM to actually do the work. So that whatever exploits can be block by firewall. Only authorized IPs can contact master server. Here is one example:
https://github.com/site5/solusvm
Comments
I'm sure there will be a lot more providers who will either be doing something like this or just completely making their own control panel after the recent string of exploits.
Already working a 'full featured' replacement for the 'basic' Solus module provided for WHMCS.
Anyone who's seen me say that we intentionally separated VPS control from billing, well, prepare for it to end.
This would be pointless, solus should fix the issues and you can use it, if you can't trust the script and try to use it for a backend but no frontend, your just avoiding the issue at hand.
In the past, I send mail to soluslabs, but they told me had left whmcs module design
The SolusVM module from ModulesGarden is almost done. I'm using a functioning beta that I just pushed live to production for all of my existing clients.
Unfortunately, I need a viable solution immediately. Can't really keep punishing customers by taking Solus offline due to skids finding code exploits.
So far I recieved around 10 mails from hosts about taking solusVM offline and ONE about removing direct access to SolusVM but keeping it connected to WHMCS with basic VPS management panel in "My Services" client area. Not that I need it but some may find it useful.
Some things are not possible via the API, like the serial console.
Develop a frontend only system is faster, easier and cheaper than redo the whole system.
Leaseweb doesn't have a control panel for a long time. Need submit ticket to re-install. And no serial console until recently. And they still do a pretty good business.
Yes, but your avoiding the issue at hand, one way or another, it will bite you in the ass.
Maybe or maybe not @AlexanderM
@dnwk said Leaseweb doesn't have a control panel for a long time. Need submit ticket to re-install. And no serial console until recently. And they still do a pretty good business.
Lowend market requires more features than the normal market
I'd be happy if I could take the existing SolusVM WHMCS control panel and put it on the front of my custom WHMCS page instead of having it buried in the productdetails page. I'm finding I cannot even do that. If anyone has figured out a trick to do that I would be interested to hear how.
Even better solution would be not using SolusVM, but keeping the API alive would be nice. Maybe firewall off SolusVM Master so only your WHMCS and admins can connect?
Problem is, are we sure only the front end has issues? Are we sure the backend / API doesn't have exploits too? Solus needs to come out with findings / reports etc.
I think leaseweb do offer lowend price that fit under the rule of <$7
@concerto49
It doesn't matter if API/backend has exploit, as long as you firewall it off to public access. If your frontend has exploit, it's your own fault.
This is not going to help you at all.
Solusvm exploit can't work through API website? (Eg: You will allow your customer to access "xyz.com" and only "xyz.com" can access solusvm master so customer can't send code through xyz.com?
@DewlanceVPS
Your a fucking idiot. If you are building a frontend on the API, you can do your own validation.
Also, your post makes no sense at all.
you nonsense, How can you stop exploit by validation?
You don't have a brain? If you can secure your software through API then why not everyone use API????
I'll stand by what @BenND said, you have no clue what you're talking about @DewlanceVPS.
You are really work in VPS company?
Instead of being so irritable you should admit when you don't understand something. @BenND's entire point was that properly written code is hard / impossible to exploit. You kind of made a big deal out of it.
For validation,etc you can put your own code in encrypted solusvm files.
Encrypt your validation code, put in solusvm encrypted files, Many of peoples think it can't work but currently I am using this method.
We are doing exactly the same thing at the moment - blocked everyone out of solusvm, except the whmcs and the admins. Works fine for now.
I wonder if there are any exploits, accessible through the API or the actual whmcs module.
@DewlanceVPS
The admin API will be blocked off to everyone but the front end code
The front end code validates the forms before submitting the data to the API
Problem solved.