New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Pricing for the paid version is very high. Quoted prices on website are per VPS
Cloudmin 100 Instance Annual License $549.00
>
It's not cheap, that's right. But on the other hand, how does it compare to Solus on an annual basis? I'd be interested in the numbers. I'm not too familiar with Solus' pricing.
Also, from their shop (https://www.virtualmin.com/catalog/cloudmin/100):
So it may just get better ;-)
Edit: just noticed that 250 VMs is $749/year. That brings down the price considerably compared to the above.
Solus is some 9 dollars per node. You cannot compare that with cloudmin.
A node can host 100+ VMs if very large, while on cloudmin that would be at least 300 usd a year and in solus is 108. 3 times cheaper.
Agreed, on smaller nodes, it might be worth it.
On top of pricing, cloudmin is not that well tested, i found some serious problems with it while experimenting, but it looks promising.
If they lower the price, it might be more widely used and will likely solve the problems that still exist.
I've been running with Xen for a while and never ran into any issues. Of course, no software is perfect and my experience with Cloudmin is limited. Never ran into problems with my service with Prometeus, though.
I don't think they will lower the price, except when you have a large amount of servers. Not sure what kind of discount you will get, though.
Even if it is more expensive, it may be just worth the investment. In my experience, its way more stable than SolusVM, has more features, doesn't invade your host node like SolusVM does and runs on many kinds of Linux/BSD.
If it runs on many kinds of unixes, that is debatable, i installed first on debian and found out it is not compatible with xen-pv that way, was insisting in hvm all the time.
Then on ubuntu had other issue i dont remember, so only centos 5 worked out of the box with the xen kernel and all issues solved which is likely because they dont use it on other platforms much.
We did investigate the possibility to get low pricing, they were not interested, probably we are not big enough.
Not the end yet
http://localhost.re/p/solusvm-whmcs-module-316-vulnerability
Very worrying.
Tight lockdown, just turned into tight shutdown. My goodness
Its pretty easy to fix all these exploits that have been published, Fix em, backup, and hope for the best.
Just locked out our solusvm completely.
Hugely disappointed with them. On the other side, I was right in WHT - there are exploits in their whmcs modules as well.
Couldn't this latest one be solved with a simple .htaccess ip restriction?
Reported to Soluslabs.
Response from soluslabs:
Hi,
Yes, We are working on this. Patch will be ready within couple of minutes
I would suggest to disable the API from solusvm until our senior admin confirmation about the patch.
Thanks
@fileMEDIA and then they need a patch to patch the patch. After last time they broke the fqdn, I don't have hopes of their patches.
just .htaccess the module directory as users do not need access to it.
Been doing this right from the start. Solus still needs to fix their stuff and would help them understand their "audits" are failing.
This will NOT stop this vulnerability. rootpassword.php or other other vulnerable files are in root directory.
How about this?
replace learn.php with file name
http://pastebin.com/QCtLFUX9
http://httpd.apache.org/docs/2.2/mod/core.html#files
All the files have this vuln, not just rootpassword.php
@Spencer
Which is why I ip restricted the module folder and did this for the rest:
http://pastebin.com/1hXjhn71
I am just attempting to cover everything
So many people texted, emailed, or messaged me when the new one came out... Marginally funny but really just leaves me uneasy to ever turn this panel back on.
RamNode - now fully managed by default.
Ha, ha
Ok, it's not funny but I can FEEL your "screw everything #(%?$"#%&/" tone here.
Ill have to take advantage of that!
@Nick_A so are you going to OS install/re-install, those crap too?
Oh my....
I have a VPS with Front Range Hosting and I'm a bit concerned. They said they added .htaccess to the "module directory", but their module is still accessible. And if they meant the /modules/ directory, clearly direct access to that directory is not needed (and actually wouldn't work) in the exploit, which sends the data to /rootpassword.php (which looks to be still accessible). Or is there something I'm missing?
No other choice if I want to keep existing clients happy and bring new ones in.
@Nick_A well, your servers are so well maintained that I never even have to open a ticket yet, so that's a plus..
@Nick_A I completely forgot to mention, and I'm sure you've heard it numerous times, but let me say it before I forget: massive kudos on how you dealt with the situation.
At least, this exploit was not that obvious.