arrow_upward

Pages (2):
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Serious VestaCP script security breach
#11
(05-03-2018, 10:26 AM)humanpuff69 Wrote: Terminal is much secure than using a panel . my head just doesnt get it why still people use shitty low quality panel like vesta cp

Well there's all the lazy people who just take one look at terminal and hate it.  So they grab VestaCP since it's a one liner installation by copying and pasting the installation command onto terminal for it to start downloading everything onto the container.  Don't you find that convenient anyway?  But sticking with only terminal via ssh and uploading and downloading files via sftp would be the most secured way to manage a web server if you can protect your ssh server properly so bruteforce hackers won't get into your server.
#12
(05-04-2018, 03:19 PM)IEpicDestroyer Wrote: Well there's all the lazy people who just take one look at terminal and hate it.  So they grab VestaCP since it's a one liner installation by copying and pasting the installation command onto terminal for it to start downloading everything onto the container.  Don't you find that convenient anyway?  But sticking with only terminal via ssh and uploading and downloading files via sftp would be the most secured way to manage a web server if you can protect your ssh server properly so bruteforce hackers won't get into your server.

It happens due to exploit on the code. Most people don't even know how to use Ubuntu Server let alone use a terminal. They will just copy + paste what they see on the instructions.
Thank you VPSlices and Post4VPS for your beautiful VPS!
#13
(05-04-2018, 03:19 PM)IEpicDestroyer Wrote:  But sticking with only terminal via ssh and uploading and downloading files via sftp would be the most secured way to manage a web server if you can protect your ssh server properly so bruteforce hackers won't get into your server.
I use only the bare minimum applications through VestaCP, for example I don't have FTP or e-mail included.  I find that in most cases those are seriously vulnerable features in any panel, not only VestaCP.  That's the beauty of the VestaCP installation script.  VestaCP gives you a template where you can tick what you want and discard what you don't want.
Terminal
Thank you to Post4VPS and VirMach for my awesome VPS 9!  
#14
(05-04-2018, 03:19 PM)IEpicDestroyer Wrote: Well there's all the lazy people who just take one look at terminal and hate it.  So they grab VestaCP since it's a one liner installation by copying and pasting the installation command onto terminal for it to start downloading everything onto the container.  Don't you find that convenient anyway?  But sticking with only terminal via ssh and uploading and downloading files via sftp would be the most secured way to manage a web server if you can protect your ssh server properly so bruteforce hackers won't get into your server.

It's not practical to stick with terminal in all situations. That's the problem. For example if you have dozen or several dozen sites then using Terminal is a simple nightmare. Same goes if you have clients whom you need to give access but they don't know how to use terminal. Same goes if you running web hosting business.

These exploits / bugs can happen in anything not just in control panels. Everyday developers and security experts find this kind of things in operating systems and other modules like Apache, Sql servers, ftp servers etc. That's why always get soo many patches and updates. It's an occupational hazard and never ending war. All we can do is make sure everything is upto date and have solid security measures implemented in your servers.


~ Be yourself everybody else is taken ~




#15
(05-23-2018, 05:03 AM)xdude Wrote: It's not practical to stick with terminal in all situations. That's the problem. For example if you have dozen or several dozen sites then using Terminal is a simple nightmare. Same goes if you have clients whom you need to give access but they don't know how to use terminal. Same goes if you running web hosting business......


For running web hosting business you possibly have to have a panel instead of just using Terminal, but VestaCP is not the best choice of panel software for serious businesses.

For the rest situations, I would still prefer using Terminal. Even if you have dozen of sites you could still run a script to set up via Terminal because the basic settings are all the same.


#16
Actually I do run Dozens of sites in couple of un-managed servers. also sites for my clients so I can tell from my experiences it's uttly not worth using only terminal. I know it might look terminal is solution for everything when you look from outside but it's not when you are doing it in production level. Basically I would mess with files through ssh unless it's a must. Having a good control panel with good security is a big saver among other things.

I used to think same when I used severs only for learn but when you start working its not fun or practical.

Anyway I use Virtualmin for my severs rather than VestaCP. Only recently I have started checking Vesta because I want to find a good panel for low-end servers with less than 1GB RAM.


~ Be yourself everybody else is taken ~




#17
(05-23-2018, 05:03 AM)xdude Wrote: It's not practical to stick with terminal in all situations. That's the problem. For example if you have dozen or several dozen sites then using Terminal is a simple nightmare. Same goes if you have clients whom you need to give access but they don't know how to use terminal. Same goes if you running web hosting business.

These exploits / bugs can happen in anything not just in control panels. Everyday developers and security experts find this kind of things in operating systems and other modules like Apache, Sql servers, ftp servers etc. That's why always get soo many patches and updates. It's an occupational hazard and never ending war. All we can do is make sure everything is upto date and have solid security measures implemented in your servers.

It would be impractical if your in a hosting business or some sort, but for personal websites, using terminal and filezilla to manage your sites typically will work.  I hardly need terminal really, the only time I access it is for tiny changes to settings and for creating a new virtual host (which I use a script from the internet to make it easier).  The rest is uploading changes to my site which is quite straightforward and is roughly the same as if there was a panel.
#18
Yeah. If you have couple of websites then pretty easy. Specially if it's a CMS like Wordpress.

BTW back to the topic, I wonder if this has been already patched up and sorted out. VestaCP developers are an active bunch and known to take care of things fast. Only thing they hate seems answering those Support questions in English. I always wonder that's just because they not native English speakers or just to push people towards their premium support packages.


~ Be yourself everybody else is taken ~




Pages (2):



person_pin_circle Users browsing this thread: 1 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting