New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
vestacp if you want to use something like nginx, or setup caching etc.
Sorry, but I don't agree with that. VestaCP should be used for internal servers only or something non-critical.
Virtualmin is great and also supports nginx. Just follow their documentation on how to install it after having installed virtualmin.
What's wrong with VestaCP, is it insecure?? I'm using on a VPS that hosts a few people that need free hosting, i hope i don't have to change it!
I like vestacp..
i like vesta cp 2
You can try both yourself then choose what you like.
I prefer Virtualmin > VestaCP > Webuzo
@linuxthefish is v0.9.8-9 still the latest?
I'd use vesta if it was 100% nginx and not as a reverse proxy
Could not disagree more. It's an excellent panel. I highly recommend vesta. If you've found a security flaw you need to contact the developer
Of course it is. Have you looked at the code? Not that I don't appreciate the guy's effort, I mean, it's very nice functionality-wise. The code however is horrible and extremely prone to security issues. And if that ball starts rolling, it will take ages for anybody to refactor the code into something stable and secure.
That's a bit relative in that format. Just about every developer I've met will say this about someone else's code because everyone sees their own preferences or style as correct. If you've verified a security flaw you should contact the developer.
@mpkossen it cannot be as bad as zPanel!
This. Honestly what you're saying here isn't worth anything if you've got nothing to back it up but personal opinion
I did not know, thank you. I will change to Kloxo MR, which I have had no issues with.
Like I said, functionality-wise there's nothing wrong with it, but the code is just appalling. Anybody who's ever mocked WHMCS can't seriously say VestaCP is production material because I dare to say VestaCP's code is worse (though reviewed more, I have to give them that).
I'm not saying there's a security flaw in it (though if it were, it'd be in index.php), but it's prone to security flaws and the code is simply unmaintainable. It's like zPanel, but all files are named index.php and contain no comments.
Sounds like preference, sorry. It's not like you don't know which index.php you're editing. The code is fairly simple, personally I don't need comments in it. "Messy" is a relative term. To me it's clean and well organized.
I would pick virtualmin over vestacp anyday.
both bad.
Try to learn and control linux by yourself. It's not hard. But need read some complete guide before.
It's much better to configure and control your server and do mistakes by yourself, then repeat bugs from 3rd party software.
It's years of experience. I've made all the mistakes he's making right now plenty of times. Believe me.
That's the thing, the code still is fairly simple (or so are most files). Wait until it gets more complicated or something needs to be refactored... It's going to be one big mess.
Like I said, zPanel without the structure, objects, and comments. People don't use zPanel for a reason and neither should they use VestaCP. Call it preference, call it being protective, call it a gut feeling. You're better off with a more robust product either way.
I only like virtualmin (free CP) thats supports CentOS 7 too.... I'm using it from 2years and trust me there is no issue with Virtualmin.
Now I also using virtualmin with cloudflare free SSL (for ADMIN) and also I can change virtualmin UI too, I have changed to the modern look.
I have installed it at https:// aceance.in :8443/ (Remove space)
yep there were some issues recenly with vesta and the devs fixed them asap
i like it as i think its light weight and FREE
i wish they would remove forum spam tho as someone else mentioned last time this came up
now if i can only find something like cloudlinux that would work with it
and this is not to say mpkossens concerns are not valid .. i am sure the code could be better.
I think you have all missed the most important point. It has nothing to do with the quality of code or the (possible) security holes in it.
What matters to me is that:
1) the updates are regular (fixing bugs/holes); and
2) releases are hitting somewhat close to schedule.
While the lack of 'quality' in the code may be an underlying cause, the Vesta team simply are not active anymore. So many promises 6-9 months ago and all that have just evaporated. Same with Open Webpanel which looked to be another awesome project which has just stopped dead.
We are still on VestaCP v0.9.8-9 as the latest version, and v0.9.8-10 was supposed to come out on 7 July 2014 which is now a full 6 months behind. 0.9.9-1 was due in August (This was mooted as the version to bring a standalone nginx & PHP-FPM config) but there is not a peep about it. To me that says the project is effectively dead, and there is nobody to steer it. I can foresee a Kloxo-MR like forking of the project happening very, very soon on Vesta as the project itself was so refreshingly simple and different to everything else out there. It is worth saving by forking.
Compare Vesta to something like CentOS-Webpanel which has been putting out releases and bugfixes like mad in the last 6 months and now supports Softaculous! The difference is night and day.
Putting aside the code obfuscation and lack of code review and security testing in CentOS-Webpanel I know what I would prefer to run if I wasn't paying cPanel.
I also have a license for Interworx on my Delimiter Atom, should really go back to that and see what they have done with it lately too. It's quite a bit cheaper than cPanel, but when your software is that far ahead on everyone else's then there is no major imperative to reduce your prices. Interworx has a couple of awesome features which leave cPanel for dead.
It's probably worse.
I'm not sure why you think this is an opinion. I think any professional programmer will get either a small shock or a good laugh when looking at that code. It's quite universally established (and probably proven) that undocumented, procedural PHP code, structured only by the sake of files named "index.php" put in directories are much, much more prone to bugs and security issues than object-oriented, well-organized code.
There's a reason a Volvo V40 is safer than a Rover 100: the Volvo V40 design was thought through whereas the Rover 100 was built with one purpose: being the cheapest car around. In either car, it doesn't matter until you hit a tree. But I know which can I'd choose out of the two.
There have been plenty of vesta releases in the last months they're just not updating the website or forum to reflect it. Watch the GitHub for updates. Plenty pushed to their repo since July. As recent as December I believe. It's nice to say they've abandoned the project if you don't like it I guess, but it's not even remotely true.
It is an opinion. I have never met a developer that doesn't laugh at everyone else's code. It's a cut throat industry and everyone hates on each other and thinks they're better than everyone else.
You're basically announcing that my product (VestaCP based) is unsafe to the forum where my primary customer base visits because you think the code is "funny" or "messy" and prone to security flaws but you have no interest in offering suggestions to the developer or notifying me of any security holes you've found. It's offensive at best. If you've found a problem that isn't based on what every other developer does, which is trash talk every other developer's code or style, then do something about it. Help a brother out. You're not offering anything positive.
I'm not saying it's flawless, but if you're going to trash talk what I base my secondary income on, back it up with something more than an opinion. Offer something positive to the conversation besides trash talk. You have indirectly declared MXroute unsafe. So tell me what the problem is. Message me your verified security holes.
@jar "You're basically announcing that my product is unsafe"
wow .. really ? you are associated with VESTACP ?
awesome man
Nah it's the base for MXroute's user panel
I have modified the back end pretty heavily, but if someone has security concerns I should verify that they are not present in my panel.
Not associated... Using in some fashion
aah thanx for the clarification guys .. i am one of those vestacp fanboys myself and this has prompted me to signup with you for some emails @jar
thanx
I'm just glad I'm not in that industry you're mentioning. It's not the one I'm in and I'm definitely not better than "everyone else". Sure, developers often differ of opinion (which is good), but those usually focus on higher-level concepts rather than the style of code. Unfortunately, PHP is much more prone to have this sort output than languages like Java or Python.
Like I stated, I haven't found a security breach (yet), though I'm not actively looking for one. I'm not there to perform a full security review of this product, but I hope you have since you've built your business on it. I have offered plenty of suggestion here how it could be improved to back up what I've said about the code being bad.
The OP asked for our thoughts on these panels and I've offered mine backed up by my professional opinion and experience as a programmer. I realize you don't like me "attacking" VestaCP, but I stick to the analysis I've made before