Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


ServerPilot and zPanel ?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

ServerPilot and zPanel ?

Hi,

Can I install serverpilot on my VPS to manage updates and firewall and then install zPanel to act as a hosting control panel? Are the two to likely interfere?

«1

Comments

  • FlorisFloris Member
    edited May 2014

    I'm not sure, but zPanel is a security trainwreck according to everyone here.

  • wychwych Member

    I would stay clear of zpanel.

  • ryanarpryanarp Member, Patron Provider

    Yea, I would stay clear of zPanel as well. We see more crap from zPanel than anything else we host. Usually results in people having to migrate to a new panel sooner or later.

    Thanked by 1connercg
  • iceTwyiceTwy Member

    Don't use Kloxo either. Use an alternative such as VestaCP.

  • DeanDean Member

    You do realise ServerPilot is a hosting control panel (minus email)?

  • wychwych Member

    @iceTwy said:
    Don't use Kloxo either. Use an alternative such as VestaCP.

    Kloxo MR sure, normal - don't touch it with a bargepole!

    VestaCP is certainly making big leaps forward - running a test cluster at the moment to see how it plays out.

  • I would't use ZPanel. I switched to virtualmin/webmin a few months ago because my new VPS with ZPanel installed got compromised after a week of being installed. It did take a little longer to learn virtualmin/webmin because it was not as noob friendly as ZPanel.

  • mickeyrmickeyr Member

    I'll recommend vestacp as well. If you need help setting it up, let me know.

  • nekroxnekrox Member

    VestaCP needs a sudo or root user for run the scripts from PHP. Vesta not is a secure options for me.

  • Please, never use zPanel.

  • @nekrox said:
    VestaCP needs a sudo or root user for run the scripts from PHP. Vesta not is a secure options for me.

    Remember, webmin also using root as username.

  • Me_BMe_B Member

    @Floris said:
    I'm not sure, but zPanel is a security trainwreck according to everyone here.

    Again... and no backing arguments... Guys level up zpanel bashing and give us what is the "CURRENT" issues now?

  • Me_BMe_B Member

    @thatguyagain said:
    Please, never use zPanel.

    So why? Could at least explain why the NEVER. And for ever, does this have some technical ground or only personal ego/bashing regarding last year clash with one member of zpanel team?

  • RalliasRallias Member

    Me_B said: So why? Could at least explain why the NEVER. And for ever, does this have some technical ground or only personal ego/bashing regarding last year clash with one member of zpanel team?

    When a culture of a project decides to bash security researchers instead of accept their reasonable disclosure, there's a problem. There absolutely was a security issue. Reasonable disclosure was followed.

    When the culture of a project is tainted, the project is tainted. The culture is tainted by aprehension to properly secure their work. Their project is tainted by security woes.

    Thanked by 1Maounique
  • wychwych Member

    @Me_B said:
    And for ever, does this have some technical ground or only personal ego/bashing regarding last year clash with one member of zpanel team?

    You wanna take over cleaning and migrating clients that used zpanel and then wonder why they got hacked?

  • Me_B said: So why? Could at least explain why the NEVER. And for ever, does this have some technical ground or only personal ego/bashing regarding last year clash with one member of zpanel team?

    Not personal, just the fact that I know of at least 3 vulnerabilities in zPanel, still unpatched, even after being reported 2 months ago. On top of that, their sub-domain, modules.zpanel.com/log.php?id= variable is vulnerable to a SQL injection, (yes I already reported it to them a while ago also).

    Is that a good enough reason?

  • @Me_B said:
    Again... and no backing arguments... Guys level up zpanel bashing and give us what is the "CURRENT" issues now?

    The fact that I set up my VPS the exact same (with exception to the control panel) and ZPanel got compromised after a week, while Virtualmin/webmin has had no issues after ~4 months is a good enough reason for me to never go back to ZPanel.

    Thanked by 1Maounique
  • Me_BMe_B Member

    @thatguyagain said:
    Is that a good enough reason?

    modules.zpanel.com/log.php?id= variable

    This might be the case for the website OK. BUT again this is not zpanel. I'm not getting it at all here. We talk about zpanel and you get about software on zpanel webserver. We could have issues on docs or forum, does this mean this is a flaw in zpanel?

    Thanked by 1DarioX
  • Me_BMe_B Member

    @soulchief said:
    The fact that I set up my VPS the exact same (with exception to the control panel) and ZPanel got compromised after a week, while Virtualmin/webmin has had no issues after ~4 months is a good enough reason for me to never go back to ZPanel.

    Were you running zpanel 10.1.1 or 10.1.0? We have report over attacks targeting 10.1.0 using the flaw WE disclosed last month due to third party lib pChart RCE. We urged for patching zpanel since 2 month's.

    Thanks to report?

    M B

  • Me_B said: Were you running zpanel 10.1.1 or 10.1.0? We have report over attacks targeting 10.1.0 using the flaw WE disclosed last month due to third party lib pChart RCE. We urged for patching zpanel since 2 month's.

    No it's not the pChart RCE, it's a different exploit.

  • active8active8 Member
    edited May 2014

    @thatguyagain Did you share this info with the staff of Zpanel ?

  • zPanel == NO

    There are far too many (still outstanding) security issues, and their development staff are nunka's when it comes to secure coding, (they have no bloody idea.)

  • DarioXDarioX Member

    @thatguyagain said:
    No it's not the pChart RCE, it's a different exploit.

    So tell us about them if you know some. Otherwise you will just make a fool out of yourself exactly as everybody else claiming to know "so many exploits and security issues" in this thread.

    Thanked by 1active8
  • active8active8 Member
    edited May 2014

    @GoodHosting said:
    There are far too many (still outstanding) security issues

    Any proof ? mind to share? and did you notify the staff of this issues?

  • PatrickPatrick Member

    @active8 said:
    Any proof ? mind to share? and did you notify the staff of this issues?

    http://lowendtalk.com/discussion/26456/for-zpanel-users

  • active8active8 Member
    edited May 2014

    @INIZ I know that discussion, and so far i know Zpanel is aware about that and fixed this:

    http://forums.zpanelcp.com/Thread-ksoftirqdx-apache-service-loads-server-for-no-reason?pid=82368#pid82368

    People have to learn to update when it is availible and dont stick with older versions

  • Me_BMe_B Member

    @thatguyagain said:
    No it's not the pChart RCE, it's a different exploit.

    So? You don't provide any proof and claim you knew better. Ok show it, let us learn how to fix it? Unless you only intend to bash it.

    Give us a chance to fix stuff and you can't deny we are doing a lot of work.

    Notice new .htaccess should tighten further access.

    So only nagging?

    Or the only proof is : ksoftirqdx discussion?

    So?

  • Me_B said: So? You don't provide any proof and claim you knew better. Ok show it, let us learn how to fix it? Unless you only intend to bash it.

    I prefer to abuse the bug.

    Me_B said: Give us a chance to fix stuff and you can't deny we are doing a lot of work.

    I can easily deny that.

    Me_B said: Notice new .htaccess should tighten further access.

    chuckles
    "Don't worry, we have tons of exploits, but it's fine, we have a htaccess file!"

  • BayuBayu Member

    It is save when I'm using zpanel and if there is a bug in zpanel, but I setting zpanel access only from localhost (127.0.0.1)?

  • xDutchyxDutchy Member

    Me_B said: We could have issues on docs or forum, does this mean this is a flaw in zpanel?

    Not directly, but if you can't even get your own website secure, potential users easily lose faith in your software.

Sign In or Register to comment.