Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    CyberPanel - Control Panel Based on OpenLiteSpeed [Updated!] - Page 15
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    CyberPanel - Control Panel Based on OpenLiteSpeed [Updated!]

    11112131517

    Comments

    • AlwaysSkintAlwaysSkint Member
      edited July 5

      Playing with cyberpanel just now (amongst others) and do appreciate how light it is especially compared to the bloat of one in particular.
      A few issues:
      The annoying cron task that I can't track down (not in usual places) that sends a warning every hour. This has been pointed out in the forum and not addressed for at least a year. Why it isn't in root's cronttab beats me, where a simple "> /dev/null 2>&1" would suffice to mask the deficiencies of the python script.

      grep -r "hourlyCleanup" /

      :-1:

      Needs a CSF interface, rather than lacklustre firewalld.

      Ran an update on it this morning, which wiped the Let's Encrypt SSL, in favour of a self-signed one. Now the login just hangs, trying to negotiate TLS. :-/ This situation is unacceptable for a live installation, so I'm glad this is just testing.
      :-1:

      Report card reads, "Must Do Better". ;-)

      Support open-source, go on, you know you want to.

      Long live LowEndInfo.com

    • @hardgamers

      Yes, the lite version was requested lot, it became reality with v1.8.5.

      @AlwaysSkint

      Thanks for the feedback, I will take care of these issues in v1.8.6 (which is soon to be released with stable cPanel importer as well)

      Thanked by 1srhnyldz
    • @cyberpersons
      You might like to relocate logs to /var/log = I might have a chance to debug what has screwed up with the upgrade.
      Either that or I'm looking at a reinstall. :(

      Support open-source, go on, you know you want to.

      Long live LowEndInfo.com

    • @cyberpersons when i try to restore backup created by older version into new version of cyberpanel i got error :

      Error Message: [Errno 2] No such file or directory: '/etc/opendkim/keys/'. Not able to create Account, Databases and DNS Records, aborting. [5009]

      what should i do ?

    • yokowasisyokowasis Member

      Having a hard time getting ssl worked. The log says something about can't find file or directory.

      Also the cli / web api is very limited. I can't find create users. The interface is good and easy to navigate. Good for cPanel replacement, as long as it has decent apis.

    • @AlwaysSkint

      You can always contact our support at -> https://platform.cyberpanel.net/

      @hardgamers

      It could be due to a minimal install while creating a website do you check DKIM? Uncheck the option, because you might not have mail support enabled. Though will take care of this in v1.8.6

      @yokowasis

      SSL should work fine as long as DNS records are ok? Are you checking CyberPanel log file?

      For creating users, are you referring to creating users from cli?

      Thanked by 2AlwaysSkint srhnyldz
    • yokowasisyokowasis Member
      edited July 5

      @cyberpersons said:
      @yokowasis

      SSL should work fine as long as DNS records are ok? Are you checking CyberPanel log file?

      For creating users, are you referring to creating users from cli?

      Yes

      [04-10-31-Sat-Jul-2019] Trying to obtain SSL for: test.cbt151.id and: www.test.cbt151.id
      [04-10-31-Sat-Jul-2019] [Errno 2] No such file or directory [Failed to obtain SSL. [obtainSSLForADomain]]
      

      and Yes, I am talking about the CLI, and also the web api.

      https://docs.cyberpanel.net/doku.php?id=cli

      https://cyberpanel.docs.apiary.io/

      I can't find anything about creating users.

      also certbot is not installed, do I need to install certbot manually ?

    • @cyberpersons said:

      @hardgamers

      It could be due to a minimal install while creating a website do you check DKIM? Uncheck the option, because you might not have mail support enabled. Though will take care of this in v1.8.6

      I think it is because I restore to lite version from older version. I can't remember when I create the website in older version I check email option or not. Your restore script check for dkim. I found workaround by manually creating /etc/opendkim/keys/domain folder.. I can restore my backup.

    • srhnyldzsrhnyldz Member
      edited July 7

      @cyberpersons

      I did a clean installation two months ago. My server Centos 7.6 on DO. ( https://cyberpanel.net/docs/installing-cyberpanel/ )

      I did update yesterday. ( https://cyberpanel.net/docs/upgrading-cyberpanel/ )

      getting 503 error after update.

      sites work but panel doesn't work.

      upgrade is not successfull. i get this error when upgrading:

      ERROR: Could not find a version that satisfies the requirement IPy==0.75 (from -r /usr/local/CyberCP/requirments.txt (line 26)) (from versions: none)
      ERROR: No matching distribution found for IPy==0.75 (from -r /usr/local/CyberCP/requirments.txt (line 26))

      i try fresh install cyberpanel 1.8.5 on new Centos 7 server. But i get same error.

      i try fresh install cyberpanel 1.8.5 on new ubuntu 18.04 server. I dont get any error and upgrade is successfull.

    • @srhnyldz said:
      i try fresh install cyberpanel 1.8.5 on new Centos 7 server. But i get same error.

      Been there, got the t-shirt (from an upgrade fault mentioned above). This latest issue and the disc space used, has meant I'm now concentrating on other panels, for now.

      Good luck though - I may come back when it's lean & mean.

      Support open-source, go on, you know you want to.

      Long live LowEndInfo.com

    • andikliveandiklive Member
      edited July 8

      @cyberpersons

      look like rewrite rules not worked, should i restart service manually or it auto for openlitespeed.

      i want redirect anything url from

      http://example.com http://www.example.com https://www.example.com

      to

      https://example.com

      what i already to do is put this on rewrite rules menu.

      RewriteEngine On RewriteCond %{HTTPS} off [OR] RewriteCond %{HTTP_HOST} ^www\. [NC] RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC] RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]

      how make that work for readirection, or i should edit directly and which files. thanks you

    • @hardgamers

      Fixed, I pushed a minor package, will take an hour to sync to all servers.

      @srhnyldz

      I will investigate further.

      @AlwaysSkint

      Will fix the space calculation in case of multiple drives.

      @andiklive

      Where did you add the rules from? If you added rules from file manager then a manual restart is required, if you added from CyberPanel Rewrite Rules box, then restart is not required.

      It is also possible that OpenLiteSpeed may fail to read some rules.

      Thanked by 1andiklive
    • cybertechcybertech Member

      anyway to install 1.8.3 for now?

      relentless collector of highest clocked, highest performing KVM/NVMe/Gbit VPSes at the most competitive rates. just to hard idle them. zero knowledge on coding/programming; a mere hobbyist.

    • @cybertech

      If you are having problems with WHMCS API, try to upgrade now. If something is not working, create a ticket and we will fix it.

      Thanked by 1cybertech
    • cybertechcybertech Member

      I'm just wanting to be able to set SSH port

      relentless collector of highest clocked, highest performing KVM/NVMe/Gbit VPSes at the most competitive rates. just to hard idle them. zero knowledge on coding/programming; a mere hobbyist.

    • @cybertech

      Sorry, I will make sure to attend to this on v1.8.6.

      Do you use CSF or Firewalld?

      Thanked by 1cybertech
    • cybertechcybertech Member

      @cyberpersons said:
      @cybertech

      Sorry, I will make sure to attend to this on v1.8.6.

      Do you use CSF or Firewalld?

      Firewalld please. thanks.

      relentless collector of highest clocked, highest performing KVM/NVMe/Gbit VPSes at the most competitive rates. just to hard idle them. zero knowledge on coding/programming; a mere hobbyist.

    • andikliveandiklive Member
      edited July 8

      @cyberpersons said:
      Where did you add the rules from? If you added rules from file manager then a manual restart is required, if you added from CyberPanel Rewrite Rules box, then restart is not required.

      It is also possible that OpenLiteSpeed may fail to read some rules.

      i added it from CyberPanel Rewrite Rules box, if i want edit it directly, where is the path location. thanks


      edit:

      working after edit manually, looklike its only know thats its on public_html/ root, and my root path is public_html/public/

      looklike LE renewing not working since i edit root path of my website, i should change path first before renew my LE.

      so i have question, is i already issue LE SSL on domain and click issue LE SSL again after 2 month (in case it fails renew on the of month because i custom root path before), its will same renew the LE SSL right?

    • intovpsintovps Member, Provider

      No ORM in 2019?

                  cursor.execute("CREATE DATABASE " + dbname)
                  cursor.execute("CREATE USER '" + dbuser + "'@'localhost' IDENTIFIED BY '"+dbpassword+"'")
                  cursor.execute("GRANT ALL PRIVILEGES ON " + dbname + ".* TO '" + dbuser + "'@'localhost'")
                  connection.close()
      

      https://github.com/usmannasir/cyberpanel/blob/1.8.0/plogical/mysqlUtilities.py#L74

      You're leaving the door open. There's gonna be a party on your servers and everyone's invited.

      Thanked by 2ITLabs Kwoon
    • ITLabsITLabs Member

      @intovps said:
      No ORM in 2019?

      You're leaving the door open...

      ...for the wORMs.

      Thanked by 1intovps

      #lexit | FatPal - Official LET payment gateway

    • There was something on WHT from Patrick (Rack911) who said do not use CyberPanel at the moment but no further details given

    • MikePTMikePT Member, Provider

      @intovps said:
      No ORM in 2019?

                  cursor.execute("CREATE DATABASE " + dbname)
                  cursor.execute("CREATE USER '" + dbuser + "'@'localhost' IDENTIFIED BY '"+dbpassword+"'")
                  cursor.execute("GRANT ALL PRIVILEGES ON " + dbname + ".* TO '" + dbuser + "'@'localhost'")
                  connection.close()
      

      https://github.com/usmannasir/cyberpanel/blob/1.8.0/plogical/mysqlUtilities.py#L74

      You're leaving the door open. There's gonna be a party on your servers and everyone's invited.

      @LeonDynamic said:
      There was something on WHT from Patrick (Rack911) who said do not use CyberPanel at the moment but no further details given

      Then Steven confirmed. Not sure what they've found out but I would NOT use it as well if they are recommending not to.

      Thanked by 1intovps
    • HxxxHxxx Member
      edited July 10

      Brother... at first look you don't even have to be a developer / programmer to notice that's some serious SQL Injection vulnerability right there. I mean specially if the other parts of the code use this kind of query concatenation.

      Thanked by 1intovps
    • MikePTMikePT Member, Provider

      @Hxxx said:
      Brother... at first look you don't even have to be a developer / programmer to notice that's some serious SQL Injection vulnerability right there.

      Well, I don't code, so I'm not getting what's wrong there, I'm only able to read the code and understanding what it does, more or less.

    • HxxxHxxx Member
      edited July 10

      Yeah well maybe not specially in this code since there is not much user input there but the technique , he is concatenating the query. In Utopia he would be using parameters and prepared SQL queries/command.statements at minimum. Now what about the rest of the code... if is like this... thats a big yikes. Anyway is open source right? Anybody can put a patch.

      @MikePT said:

      @Hxxx said:
      Brother... at first look you don't even have to be a developer / programmer to notice that's some serious SQL Injection vulnerability right there.

      Well, I don't code, so I'm not getting what's wrong there, I'm only able to read the code and understanding what it does, more or less.

      Thanked by 1MikePT
    • intovpsintovps Member, Provider

      @MikePT said:

      @Hxxx said:
      Brother... at first look you don't even have to be a developer / programmer to notice that's some serious SQL Injection vulnerability right there.

      Well, I don't code, so I'm not getting what's wrong there, I'm only able to read the code and understanding what it does, more or less.

      No code should concatenate strings to form SQL queries as it's a vulnerability that can be exploited through SQL injection: https://en.wikipedia.org/wiki/SQL_injection

      In Python he should have used an ORM like https://www.sqlalchemy.org/

      Thanked by 2Hxxx MikePT
    • HxxxHxxx Member

      Yeah thats a bigggggggggggggggggggg yikes. But well maybe the other parts of the code are done correctly?

      @intovps said:

      @MikePT said:

      @Hxxx said:
      Brother... at first look you don't even have to be a developer / programmer to notice that's some serious SQL Injection vulnerability right there.

      Well, I don't code, so I'm not getting what's wrong there, I'm only able to read the code and understanding what it does, more or less.

      No code should concatenate strings to form SQL queries as it's a vulnerability that can be exploited through SQL injection: https://en.wikipedia.org/wiki/SQL_injection

      In Python he should have used an ORM like https://www.sqlalchemy.org/

      Thanked by 1MikePT
    • intovpsintovps Member, Provider
      edited July 10

      @Hxxx said:
      Yeah thats a bigggggggggggggggggggg yikes. But well maybe the other parts of the code are done correctly?

      @intovps said:

      @MikePT said:

      @Hxxx said:
      Brother... at first look you don't even have to be a developer / programmer to notice that's some serious SQL Injection vulnerability right there.

      Well, I don't code, so I'm not getting what's wrong there, I'm only able to read the code and understanding what it does, more or less.

      No code should concatenate strings to form SQL queries as it's a vulnerability that can be exploited through SQL injection: https://en.wikipedia.org/wiki/SQL_injection

      In Python he should have used an ORM like https://www.sqlalchemy.org/

      I doubt. That file is full of SQL string concatenation.

      Well, too bad. This is a sign of "less" experienced developer and it's indeed hard to put your trust in that code.

      Thanked by 2MikePT Kwoon
    • lonealonea Member, Provider
      edited July 11

      This sounds like Kloxo all over again.

      Mod edit. Removed inappropriate comment.

      Thanked by 1intovps

      BuyWebHosting - Web Hosting for $10 per year

    • @cyberpersons can you provide an update regarding the message from Rack911 and what others have said here?

      Thanked by 1PieHasBeenEaten
    • MikePTMikePT Member, Provider

      @intovps said:

      @Hxxx said:
      Yeah thats a bigggggggggggggggggggg yikes. But well maybe the other parts of the code are done correctly?

      @intovps said:

      @MikePT said:

      @Hxxx said:
      Brother... at first look you don't even have to be a developer / programmer to notice that's some serious SQL Injection vulnerability right there.

      Well, I don't code, so I'm not getting what's wrong there, I'm only able to read the code and understanding what it does, more or less.

      No code should concatenate strings to form SQL queries as it's a vulnerability that can be exploited through SQL injection: https://en.wikipedia.org/wiki/SQL_injection

      In Python he should have used an ORM like https://www.sqlalchemy.org/

      I doubt. That file is full of SQL string concatenation.

      Well, too bad. This is a sign of "less" experienced developer and it's indeed hard to put your trust in that code.

      Thanks guys, I appreciate the brief explanation. Looks bad indeed.

    • emghemgh Member

      He's doing this for free though, everyone is allowed in and fork and fix. I am impressed he's still going strong with this. And did you really think a program with one developer that's also free would be as secure as a corps software? C'mon

      Thanked by 1PhilNW
    • MikePTMikePT Member, Provider
      edited July 11

      @emgh said:
      He's doing this for free though, everyone is allowed in and fork and fix. I am impressed he's still going strong with this. And did you really think a program with one developer that's also free would be as secure as a corps software? C'mon

      Sorry but its not for free. He is part of LiteSpeed and they do charge for the Enterprise licenses. They just give the alternative to run it free of cost with OpenLiteSpeed and a free tier with the Enterprise version.
      Its a business with a free version, call it what you would like to. Offering a free version and free tier of the Enterprise version is just marketing.

      Their obligation is to keep it as secure as possible. I am not a coder at all but my understanding is that the vulnerability pointed here is really bad and no serious programmer would have done such basic mistake.

      Dont get me wrong @emgh, you may have never heard of their paid licenses and being part of LiteSpeed but it is what it is and these are just my 50cents. Yeah boy.

      Cheers

      Thanked by 1emgh
    • lonealonea Member, Provider

      Not free bro..

      https://cyberpanel.net/cyberpanel-enterprise/

      emgh said: He's doing this for free though, everyone is allowed in and fork and fix. I am impressed he's still going strong with this. And did you really think a program with one developer that's also free would be as secure as a corps software? C'mon

      BuyWebHosting - Web Hosting for $10 per year

    • emghemgh Member

      @MikePT said:

      @emgh said:
      He's doing this for free though, everyone is allowed in and fork and fix. I am impressed he's still going strong with this. And did you really think a program with one developer that's also free would be as secure as a corps software? C'mon

      Sorry but its not for free. He is part of LiteSpeed and they do charge for the Enterprise licenses. They just give the alternative to run it free of cost with OpenLiteSpeed and a free tier with the Enterprise version.
      Its a business with a free version, call it what you would like to. Offering a free version and free tier of the Enterprise version is just marketing.

      Their obligation is to keep it as secure as possible. I am not a coder at all but my understanding is that the vulnerability pointed here is really bad and no serious programmer would have done such basic mistake.

      Dont get me wrong @emgh, you may have never heard of their paid licenses and being part of LiteSpeed but it is what it is and these are just my 50cents. Yeah boy.

      Cheers

      Sure I guess you're right. I wouln't go so hard on him though this panel is probably not really anything that's profitable for them.

      Thanked by 1MikePT
    • vovlervovler Member

      It's still fine if you are the only user.
      But if you are going to use it to sell web hosting you may wanna think twice.

      Thanked by 3emgh MikePT andiklive

      "They said it's RAID 5" - geekypixal

    • MikePTMikePT Member, Provider
      edited July 11

      @emgh said:

      @MikePT said:

      @emgh said:
      He's doing this for free though, everyone is allowed in and fork and fix. I am impressed he's still going strong with this. And did you really think a program with one developer that's also free would be as secure as a corps software? C'mon

      Sorry but its not for free. He is part of LiteSpeed and they do charge for the Enterprise licenses. They just give the alternative to run it free of cost with OpenLiteSpeed and a free tier with the Enterprise version.
      Its a business with a free version, call it what you would like to. Offering a free version and free tier of the Enterprise version is just marketing.

      Their obligation is to keep it as secure as possible. I am not a coder at all but my understanding is that the vulnerability pointed here is really bad and no serious programmer would have done such basic mistake.

      Dont get me wrong @emgh, you may have never heard of their paid licenses and being part of LiteSpeed but it is what it is and these are just my 50cents. Yeah boy.

      Cheers

      Sure I guess you're right. I wouln't go so hard on him though this panel is probably not really anything that's profitable for them.

      I was very close to purchase a paid license. And close to move to CyberPanel. I am glad I did not. He needs to seek help from his colleagues to double check his code. I understand he/they may have good intentions but in the end, its for business and businesses rely on them too. Whether it is profitable or not its not our concern. At this moment it is not viable. I truly hope they figure it out as I actually like their panel and effort for building an alternative. Its such a responsibility though, even more when you are selling it.

      Thanked by 1emgh
    • HxxxHxxx Member
      edited July 11

      He'll come around with fixes. He is probably fixing that code now. Hopefully. Is not like cPanel was perfect at any time anyways, but they were given time to fix it.

    • MikePTMikePT Member, Provider
      edited July 11

      I forgot to mention their Premium Cloud link in the header. Goes to www.cyberhosting.org, what a non sense.

      You cant even advertise CyberPanel as a Panel to your clients, they might just signup with cyberhosting.
      Yeah, a total business. Not sure about the complete affiliation with LiteSpeed. I was told that was the case from a very legit source. Still, profit from LiteSpeed and CyberPanel bundles and even more from the Premium Cloud.

      Sorry but, CyberPanel guy, stop selling it, advise your Premium Cloud customers to disable it for now and fix your damn shit.

    • cyberhosting is very confusing. first they touted platform optimization, then moved it entirely to paid cyberhosting

      Thanked by 1MikePT

      relentless collector of highest clocked, highest performing KVM/NVMe/Gbit VPSes at the most competitive rates. just to hard idle them. zero knowledge on coding/programming; a mere hobbyist.

    • PieHasBeenEatenPieHasBeenEaten Member, Moderator

      @lonea I dont think that comment was called for. Suicide is not a matter to joke around with how ever way you put it.

    • MikePTMikePT Member, Provider
      edited July 11

      @cybertech said:
      cyberhosting is very confusing. first they touted platform optimization, then moved it entirely to paid cyberhosting

      Last comment here as I dont want to insist further.

      Totally agree with you.

    • lonealonea Member, Provider
      edited July 11

      Why do you think I was joking ?

      There was no LOL, hahaha.

      Stating something that happened in the past doesn't mean it's a joke.

      Out of all things that's been said on here (racist things included), you are trying to call me out?

      Give me a break.

      PieHasBeenEaten said: @lonea I dont think that comment was called for. Suicide is not a matter to joke around with how ever way you put it.

      BuyWebHosting - Web Hosting for $10 per year

    • intovpsintovps Member, Provider

      I'm just pointing some code that may put customers and businesses in danger. It's certainly a lot of work to develop a control panel. And I am not minimizing his effort.

      Thanked by 1MikePT
    • Hello

      So after the cPanel price hike, many people requested a security review of CyberPanel from Patrick (rack911labs). 2 days ago he sent us a detailed report of the issues in CyberPanel.

      So we started working on fixing them. Just to clear some confusions.

      1. Some people think that CyberPanel runs as root or sudo user because some commands use sudo in them. CyberPanel itself does not run as root or sudo user, however, since it is an old code sudo still remains as part of some commands.

      So for functions that require root escalation CyberPanel contact LSCPD daemon which runs as root (it is a modified version of OpenLiteSpeed) which then runs the commands. However some functions can be run not as root, we have reviewed and adjusted in this release. LSCPD can drop privileges to run those commands.

      For communication, UDS socket is used with an authorization token.

      1. There was input sanitization earlier as well but it turns out to be not enough. Sanitization was not at function level it was performed using DJANGO middleware. But it is much better now.

      2. We've thoroughly gone through the mentioned issues and produced quick release to address those issues. Summary of what we've done

      • All the functions available to normal users that require shell now run as that user by passing external app user to drop privileges through LSCPD.
      • Strong sanitization.
      • Some functions are further split where root escalation is required they are then called with root privileges.

      We have just released the version, due to major changes there might be minor bugs here and there, but we can quickly fix them as soon as something is pointed out.

      1. For MySQL CyberPanel uses DJANGO ORM. There are some instances where raw queries are used, but they are looked out for.

      Since this is a quick release to cover the majority of things they discovered (we are very thankful for that). We will dig deeper to do more thorough reviews. Any feedback is appreciated and we'll try to fix ASAP. Meanwhile, we encourage everyone to upgrade to this safer version.

      We also thank the great community support, that really motivates us to make CyberPanel better and more secure.

      Finally, much thanks to Rack911labs. Will further reach out to Rack911labs for further review of changes to make sure everything is in the right order.

      Thank you.

    • HxxxHxxx Member

      Look at you, good job.

    • niceboyniceboy Member

      @cyberpersons, is there any guide on how to use apache as proxy with cyberpanel? Is this exclusive to your cyberhosting hosting company?

      My list of reliable providers :
      Ramnode : HostHatch : Dediserve : Serverica : GBServe : HostDoc : OnePoundWebHosting : Vultr : Few more under testing!

    • intovpsintovps Member, Provider

      @cyberpersons great attitude. Congrats and good luck with your project!

    • @niceboy said:
      @cyberpersons, is there any guide on how to use apache as proxy with cyberpanel? Is this exclusive to your cyberhosting hosting company?

      Hi @niceboy currently we have a discussion on the forum about it, feel free to come and participate https://forums.cyberpanel.net/discussion/1485/apache-as-backend

    Sign In or Register to comment.