Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

opinions about aapanel
New on LowEndTalk? Please Register and read our Community Rules.

opinions about aapanel

donkodonko Member

I recently found about it while searching for free control panels with OpenLiteSpeed (besides cyberpanel which i don't like), anyone who have used it long time for "production" or sites with traffic can share some review?
Also i want to know if they don't usually break critical things with their updates.

Comments

  • hzrhzr Member, Moderator
    edited May 2020

    https://www.lowendtalk.com/discussion/123884/aapanel-the-preferred-panel-for-spammers-everywhere/p1

    0) their installer is still a plaintext-http pipe into root shell. (note for jsg: this is also on a cloudflare free plan, with backend connection set to flexible/http to origin)

    image

    1) you need python, openssl or other dependencies? instead of using an apt or yum repo, you get unsigned, random, untrusted downloads directly run as root:

    image

    2) hidden tracking code, not mentioned anywhere as far as I can tell

    image

    3) almost no QA, also bonus http download from a bare ip somewhere, no signatures or even a md5:

    image

    4) downloads and runs additional plaintext http bash scripts as root:

    image

    5) doesn't bother hashing or verifying packages downloaded from some random webserver, instead checks if their filesize happens to be big enough (WTF?)

    image

  • notarobonotarobo Member
    edited May 2020

    Aapanel good. Fast loading, most time stable if not always follow upgrade. Many small apps can install like fail2ban , one click migration.

    OLs is beta now but working good. Just not possible one click migrate because it detect as Apache (error). Normal nginx migrate no problem

    No problem uptime, bug just few but fixing always.

    Thanked by 1donko
  • @hzr said:
    https://www.lowendtalk.com/discussion/123884/aapanel-the-preferred-panel-for-spammers-everywhere/p1

    0) their installer is still a plaintext-http pipe into root shell. (note for jsg: this is also on a cloudflare free plan, with backend connection set to flexible/http to origin)

    image

    1) you need python, openssl or other dependencies? instead of using an apt or yum repo, you get unsigned, random, untrusted downloads directly run as root:

    image

    2) hidden tracking code, not mentioned anywhere as far as I can tell

    image

    3) almost no QA, also bonus http download from a bare ip somewhere, no signatures or even a md5:

    image

    4) downloads and runs additional plaintext http bash scripts as root:

    image

    5) doesn't bother hashing or verifying packages downloaded from some random webserver, instead checks if their filesize happens to be big enough (WTF?)

    image

    Is this real bad for user? And what is tracking about is it one time or always

  • hzrhzr Member, Moderator

    notarobo said: Is this real bad for user?

    It's either extremely incompetent or careless or intentionally insecure.

  • @hzr the last part tho -

    Thanked by 1AlwaysSkint
  • Don't, just don't.

    Then=sequence/consequence; than=compare || Brought=bring; bought=buy
    Paid=NotSkint; payed=some naval thing

  • I use it for my websites and for production, it’s a great lightweight one ☝️
    Try it, I think it’s a good free one.

    Thanked by 1donko
  • Shady owner, will create shady product.

  • ThyTeThyTe Member

    Have there ever been improvements in security and privacy?

  • donkodonko Member

    @ThyTe said:
    Have there ever been improvements in security and privacy?

    Don't know, i have been using it anyway because can use OLS with LSCache for wordpress and works ok... nothing happened and no issues.

    And i can have daily backups directly on my google drive.

  • OLS comes with a very handy control panel out-of-the-box; and if all you need is OLS + LSCache + WordPress, they have a one-click installation script that handles everything for you. Thus, I don't really see any advantage using another web panel with, as hzr mentioned in his reply, so many security flaws that brings hugh risks to your server.

    One-click CDN server installation on your own VPS: OneClickCDN
    One-click browser-accessible Desktop environment on Linux VPS: OneClickDesktop

  • donkodonko Member

    Yes i know that, but i was looking for a cyberpanel :-& alternative.
    aapanel is lightweight have a good file manager, google drive backups, ols and all with easy install and that's what i needed.

    If any of my vps get hacked or infected, i will post here crying, but meanwhile i'll take the risk (?) :>

  • @donko said:
    I recently found about it while searching for free control panels with OpenLiteSpeed (besides cyberpanel which i don't like), anyone who have used it long time for "production" or sites with traffic can share some review?
    Also i want to know if they don't usually break critical things with their updates.

    what made you want to move from cyberpanel? just recently moved to cyberpanel from vesta. I looked into aapanel too but got cold feet after reading some comments here

  • MissFortuneMissFortune Member
    edited July 2020

    aapanel is good. I am having a faster config with Nginx rather than Openlitespeed, good thing about aapanel, is I can switch to Nginx, Openlitespeed or Apache anytime.

    Also, for the tracking code, they have explained it here https://forum.aapanel.com/d/1504-about-the-tracking-code-of-the-aapanel-installation-script

    <3

  • +1 for aapanel

  • XiNiXXiNiX Member, Provider

    Go with :

    1. Webmin / Virtualmin
    2. keyhelp
    3. KloxoMR ( its very much like cpanel )
    4. Ajenti
    5. CWP

    I would recommend you to go with some cheap providers who offer free DirectAdmin with VPS. This is infact the best option for a few extra bucks.

    XiNiX™ InfoTech Pvt. Ltd. ( Since - 2005 ) : Virtual & Dedicated in United States / Europe & India

  • OK, stumbled into this post ... and let me say something for AApanel~~~

    AApanel is just English version of "宝塔面板 (BT)" in China! One click install the Lnmp or Lamp, easy file manager and editor, and more...

    The BT Panel is the most popular Personal Panel in China, they have an office in DongGuang, nearby my office (in Shenzhen)!

    Almost all personal VPS player in China knows the panel and tried it, me too. I use the BT to manager all my VPSes and websites easily!

    It's active in the Chinese community but quite in English version since there is no professional English support team in their company! It's still free in English version, but there is a paid version in Chinese version. many paid add-ons available and professional supports available!

    Is there anyone here interested in to build a English support team to promote this AApanel ? The free version is enough for personal use, but the paid version and supports wanted if you run many sites or your sites have huge traffic :)

  • Just so people know, there is a severe security flaw for the Chinese version of aapanel (bt.cn) today. Basically, if you visit http://your_ip:888/pma, you'll be able to get complete access to phpmyadmin, without any authentication. Many Chinese users got their website databases deleted by random attackers, as can be seen from complaints in their official thread (https://www.bt.cn/bbs/thread-54666-1-1.html).

    Although this bug seems to only exist in the Chinese version of aapanel, but just in case, anyone using aapanel should consider blocking access to port 888.

    Thanked by 2donko truweb

    One-click CDN server installation on your own VPS: OneClickCDN
    One-click browser-accessible Desktop environment on Linux VPS: OneClickDesktop

  • jonesolutionsjonesolutions Member
    edited August 2020

    @donko said:
    anyone who have used it long time for "production" or sites with traffic can share some review?
    Also i want to know if they don't usually break critical things with their updates.

    While free is good and will depend on the developer's knowledge, I still recommend to get a paid control panel if you are going to use it for production especially if you sell hosting.

    net ( The Linux Specialist ) || Specially 4 U | Not Throttled
    JoneSolutions.Com is on the net 24/7 providing stable and reliable web hosting solutions and services since 2001.

  • donkodonko Member
    edited August 2020

    @dedipromo said:
    Just so people know, there is a severe security flaw for the Chinese version of aapanel (bt.cn) today. Basically, if you visit http://your_ip:888/pma, you'll be able to get complete access to phpmyadmin, without any authentication. Many Chinese users got their website databases deleted by random attackers, as can be seen from complaints in their official thread (https://www.bt.cn/bbs/thread-54666-1-1.html).

    Although this bug seems to only exist in the Chinese version of aapanel, but just in case, anyone using aapanel should consider blocking access to port 888.

    seems aapanel had the same breach... luckily i didn't have updated from long time ago

Sign In or Register to comment.