(10-23-2018, 10:57 AM)Golden Wrote: I wouldn't ever touch VestaCP again, that exploit was more than enough to push people to other control panels, this is just sad.
Care to share with us exactly what happened to you with VestaCP? When did it happen, and what happened to you? Have you found out what the reason for the exploit was?
As far as I know there have been two exploit occurrences: the first exploit occurrence was in April, the second in September. The one in April has been solved. As far as I can understand there was a vulnerability with the e-mails. That has been fixed. The one in September it wasn't completely proven that the fault was on the side of VestaCP. What is saddest for me is that people see this long discussion thread at VestaCP that has a title that says VestaCP under attack, but if you check through the discussions in detail you soon discover that there are only few members affected, and it's not proven in all cases that it was a VestaCP problem. It could have been CentoS too.
Something else one should also consider is that VestaCP is by far one of the most popular free VPS panels that is being used, so the instances of vulnerability will be percentage wise greater than other panels and it will be getting more attention too. Quite a large number of inexperienced users are using it too - so VestaCP is not always used as it should for optimal security.
I'm deeply concerned of people who just follow the "herd" in coming to conclusions without proper investigation first. The negative that can happen is that Datacenters may put a ban on VestaCP and we will lose the panel completely. Already my host - HostUs has a very negative perception of VestaCP. Mostly because of those negative discussions. I'm almost sure if they checked through the VestaCP Forum discussions in detail that they may come to a different conclusion.
All panels are vulnerable. Even cPanel can be hacked. VestaCP is presently being targeted by script kids from China as far as I can see. Maybe it's a good thing in a way as it is getting the Admin to improve the script from a security point of view. The "attacks" are tests of a kind. So to a certain extent that can harden the security.
I like VestaCP very much. I find it an exceptional free panel and effortless to install and work with. I have seen enormous improvement in the script from December 2014 when I started to use it to date. It has some really loyal and hard working Admin at the VestaCP Forum who have served VestaCP loyally and for a very long time - like collectively they have acquired a VPS panel specialist knowledge that they are sharing generously and freely in the VestaCP Forum. Not always perfectly, but I have to admire their effort and contribution to free panels. I'll use VestaCP as long as I can while it is actively and expertly supported by the current Admin of VestaCP.