arrow_upward

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to get premium Softaculous with VestaCP?
#1
My favourite free panel for VPS is VestaCP. One of the really nice features VestaCP incorporated since December 2017 is Softaculous.  When you allow VestaCP to generate your install command for you, then you can include a free version of Softaculous.  The free version unfortunately doesn't include popular scripts like WordPress.  So if one prefers one can get the premium version with its hundreds of free scripts.

I had to go through some serious learning hurdles to get the Softaculous premium version and thought to provide this as a tutorial:

Step 1:
Load the VestaCP installation script with Softaculous added.  You can generate the bash command at a scrip generator below:
https://vestacp.com/install/

Step 2:
Next you have to set up your VestaCP - if you need more guidelines you can check the ones I created below:

http://deanhills.us/vestacp-installation/

Step 3:
To get access to the Softaculous Admin Panel you need to have ioncube loaded.  You can do it by adding the command below with SSH:

/usr/local/vesta/ioncube/ioncube.sh

Step 4:
Access the Admin Panel of Softaculous. You need to tell it that the server that is being used is a VPS.  Click on Apps in the VestaCP index links (next to Firewall). 

[Image: krjwoXY.png]

Then click on Admin Panel as shown below:

[Image: 6ypdOdj.png]

Note again that you won't see the Admin Panel link unless you have successfully loaded ioncube first (see Step 3).

Step 5:
Now tick the settings in the left hand panel of the Admin Panel page.

[Image: CyMTt0i.png]

Step 6:
Scroll down the settings and when you get to General Settings tick where it says that the Server is a VPS.
[Image: FnkXiWR.png]

Step 7:
Now open an account with Softaculous and purchase a premium license.  Here are the steps how to do it:
https://softaculous.com/docs/Buying_Information

Please note the step "Get License Key" refers to the Softaculous Admin Panel in VestaCP.  You need to copy it to your Softaculous Client Panel when you are prompted to do so. Also be careful when you complete the purchase to select VPS and the correct number of months you would like to be covered by the license.

Step 8:
Hopefully the Softaculous license for your VPS will be automatically upgraded to premium, otherwise you need to refresh the link in your VestaCP Softaculous Admin Panel.  If it still doesn't work, you need to open a ticket in the Client Area of your Softaculous account.   Turnaround in answering tickets is usually fast - approx 24 hours or less.
Terminal
Thank you to Post4VPS and VirMach for my awesome VPS 9!  
#2
Heard a lot of bad news about vestacp this days.
https://forum.vestacp.com/viewtopic.php?f=10&t=17641
I guess I can't trust vestacp anymore..
#3
(10-11-2018, 06:58 AM)unfortunately Wrote: Heard a lot of bad news about vestacp this days.
https://forum.vestacp.com/viewtopic.php?f=10&t=17641
I guess I can't trust vestacp anymore..

vestacp is a magnet to badly configured servers.
I use vestacp and I have not been affected by the latest flaws they had.
I simply changed my ssh port + regular ssh password changes. and root disabled by default.

helps significantly.
#4
Most of these server related problems happen because of user error rather than the software. Yes, there are vulnerabilities, loop holes, that and this but in most cases sloppiness of user is the problem. Basic server hardening would taken care of most of these problems. I used Kloxo for a long time without any problems at all while everyone telling it is a security nightmare. Technically it was but But if you manage the server properly not often u would get into trouble. Unless you have something worth for hackers attention.

VestaCP is quite a good panel among all those free hosting panels outside. It's easy to install and use. Not my favorite panel but only problem I had with it was slow English support at their forum.


~ Be yourself everybody else is taken ~




#5
(10-11-2018, 07:56 AM)perryoo11 Wrote: vestacp is a magnet to badly configured servers.
I use vestacp and I have not been affected by the latest flaws they had.
I simply changed my ssh port + regular ssh password changes. and root disabled by default.

helps significantly.


It looks as though the latest flaw was about the hackers could log in as the user 'admin' through SSH.

So, just disabling SSH access by root is not good enough.

Should at least disable SSH access by 'admin' in sshd config.


#6
(10-11-2018, 11:07 AM)tryp4vps Wrote: It looks as though the latest flaw was about the hackers could log in as the user 'admin' through SSH.

So, just disabling SSH access by root is not good enough.

Should at least disable SSH access by 'admin' in sshd config.

nothing is safe. nothing is good enough.
but I use vestacp and with my setup I'm still not affected.
im just telling doing some security helps.
#7
(10-11-2018, 06:58 AM)unfortunately Wrote: Heard a lot of bad news about vestacp this days.
https://forum.vestacp.com/viewtopic.php?f=10&t=17641
I guess I can't trust vestacp anymore..

Mine have NOT been attacked.  I've been working on both my VPSs (HostUS and Virmach with locations in the US) quite a lot during September right through to this week. I'm almost certain there are many more servers that haven't been attacked.  Possibly those who are making the above kind of noises are in a small minority.    If you check the last discussions looks as though the attack was on OVH and Hetzner Servers.  Through SSH.  It's not global.


Also note this post towards the end of the discussion - like this thread is taken way out of proportion to the small number of servers that have been penetrated and wish they would change the heading of it:


Falzo at VestaCP Forum Wrote:so anything new on that? from what we can read so far here, is that only a few servers have been hit and the attacker somehow gained ssh access?
some had the vesta service running, some not... if that's the case a potential hacker would have needed to somehow get to know the admins password?

to those affected: do you allow admin for ssh access (default) and/or did you change the admin password after installation?

I haven't been affected this time (yet) and now am guessing that could be just because I don't allow admin for shell access...
BUT if the scenario is right, the (my) passwords could still be compromised, right? I don't like that idea.
Source: https://forum.vestacp.com/viewtopic.php?p=73742#p73742

Thing I hate about this is that the above "news" - that seems to be completely exaggerated beyond its real impact - is bad for my host - like hosts now get wary of vestacp, and I find that unfair.  VestaCP is free, and although not perfect, there are Admin there who have been around for many years and are still doing their best to support the script.  I've seen a HUGE improvement from 2014 when I first started to use VestaCP to today.  Like amazing leap.  Hopefully the Admin will be able to survive this type of negative publicity that I don't think is completely fair and deserved.  Others here have said it too but it is a fact.  Not only VestaCP is vulnerable, even cPanel is vulnerable for hacking, particularly with their e-mail.

Moral out of the discussion at VestaCP (above link) is that to change the port 22 to a different number is not a luxury - but every one should change their ports as a necessity.  To a very good random number - and possibly like with their passwords keep changing it.  I've tried the keyless entry, but got myself locked out that way.  But who knows, maybe one of these days one won't have a choice in that either as these hackers seem to be getting better and better at it.  Making VPS management from a security angle more and more uncomfortable.

Here is a random tutorial of how to change the port number of your VPS:
https://www.hostinger.com/tutorials/vps/...h-port-vps
Terminal
Thank you to Post4VPS and VirMach for my awesome VPS 9!  


Possibly Related Threads…
Thread
Author
Replies
Views
Last Post
3,646
11-03-2019, 02:31 AM
Last Post: tiwil

person_pin_circle Users browsing this thread: 1 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting