New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I'm not sure, but zPanel is a security trainwreck according to everyone here.
I would stay clear of zpanel.
Yea, I would stay clear of zPanel as well. We see more crap from zPanel than anything else we host. Usually results in people having to migrate to a new panel sooner or later.
Don't use Kloxo either. Use an alternative such as VestaCP.
You do realise ServerPilot is a hosting control panel (minus email)?
Kloxo MR sure, normal - don't touch it with a bargepole!
VestaCP is certainly making big leaps forward - running a test cluster at the moment to see how it plays out.
I would't use ZPanel. I switched to virtualmin/webmin a few months ago because my new VPS with ZPanel installed got compromised after a week of being installed. It did take a little longer to learn virtualmin/webmin because it was not as noob friendly as ZPanel.
I'll recommend vestacp as well. If you need help setting it up, let me know.
VestaCP needs a sudo or root user for run the scripts from PHP. Vesta not is a secure options for me.
Please, never use zPanel.
Remember, webmin also using root as username.
Again... and no backing arguments... Guys level up zpanel bashing and give us what is the "CURRENT" issues now?
So why? Could at least explain why the NEVER. And for ever, does this have some technical ground or only personal ego/bashing regarding last year clash with one member of zpanel team?
When a culture of a project decides to bash security researchers instead of accept their reasonable disclosure, there's a problem. There absolutely was a security issue. Reasonable disclosure was followed.
When the culture of a project is tainted, the project is tainted. The culture is tainted by aprehension to properly secure their work. Their project is tainted by security woes.
You wanna take over cleaning and migrating clients that used zpanel and then wonder why they got hacked?
Not personal, just the fact that I know of at least 3 vulnerabilities in zPanel, still unpatched, even after being reported 2 months ago. On top of that, their sub-domain, modules.zpanel.com/log.php?id= variable is vulnerable to a SQL injection, (yes I already reported it to them a while ago also).
Is that a good enough reason?
The fact that I set up my VPS the exact same (with exception to the control panel) and ZPanel got compromised after a week, while Virtualmin/webmin has had no issues after ~4 months is a good enough reason for me to never go back to ZPanel.
modules.zpanel.com/log.php?id= variable
This might be the case for the website OK. BUT again this is not zpanel. I'm not getting it at all here. We talk about zpanel and you get about software on zpanel webserver. We could have issues on docs or forum, does this mean this is a flaw in zpanel?
Were you running zpanel 10.1.1 or 10.1.0? We have report over attacks targeting 10.1.0 using the flaw WE disclosed last month due to third party lib pChart RCE. We urged for patching zpanel since 2 month's.
Thanks to report?
M B
No it's not the pChart RCE, it's a different exploit.
@thatguyagain Did you share this info with the staff of Zpanel ?
zPanel == NO
There are far too many (still outstanding) security issues, and their development staff are nunka's when it comes to secure coding, (they have no bloody idea.)
So tell us about them if you know some. Otherwise you will just make a fool out of yourself exactly as everybody else claiming to know "so many exploits and security issues" in this thread.
Any proof ? mind to share? and did you notify the staff of this issues?
http://lowendtalk.com/discussion/26456/for-zpanel-users
@INIZ I know that discussion, and so far i know Zpanel is aware about that and fixed this:
http://forums.zpanelcp.com/Thread-ksoftirqdx-apache-service-loads-server-for-no-reason?pid=82368#pid82368
People have to learn to update when it is availible and dont stick with older versions
So? You don't provide any proof and claim you knew better. Ok show it, let us learn how to fix it? Unless you only intend to bash it.
Give us a chance to fix stuff and you can't deny we are doing a lot of work.
Notice new .htaccess should tighten further access.
So only nagging?
Or the only proof is : ksoftirqdx discussion?
So?
I prefer to abuse the bug.
I can easily deny that.
chuckles
"Don't worry, we have tons of exploits, but it's fine, we have a htaccess file!"
It is save when I'm using zpanel and if there is a bug in zpanel, but I setting zpanel access only from localhost (127.0.0.1)?
Not directly, but if you can't even get your own website secure, potential users easily lose faith in your software.