New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Vesta seems to have quite a history
VestaCP has alot bugs, i know a friend who run a partnership program with VestaCP, his servers got hijacked because of VestaCP exploits. Probably one day people will switch and dont use anymore VestaCP.
Has the vuln been confirmed? and did you hack it?
Bleh
You are asking for too much. After all them panels are not software that controls bazillions of systems and might hence be considered as sensitive and critical. Or, uhm ... wait ...
Oh and, isn't it open source? How dare you not praising it?!
On a more serious note: I doubt that ANY (practically feasible) effort can lead to a non trivial software hacked in PHP and shell scripts to be turned into anything but garbage. The very fact that its "developers" chose that path already clearly hints (in my eyes anyway) that they didn't care about safety at all.
Bonus: Looking for PHP code analyzers one finds that most of them are written in PHP themselves. Bravo! (To write "analyzers" for one of the most poor languages ever cobbled together in that very language is a strong indicator that investments in mental asylums are very promising).
haha, maybe I was not clear enough. I don't consider any panel safe, Vesta is not and I know that.
I am trying to assess and limit risks if possible depending on my specific use cases. as said from my pov using an (open source) panel is not limited to install it blindly and just run it with default settings. that's like ordering a VM from any provider and let it run with what ever best choice default template the provider gives out for it.
btw: care to name at least two more remarkable vesta incidents besides the well-known problem early this year - just so we can really speak of so many incidents ;-) ;-)
If only cPanel dropped a huge discount on their VPS License, everyone would just stop using shitty panels. At least they have a bounty program.
They might not after that
@jar
Whatever happened to that other panel called "InterWorx". Is it still rocking?
Seems to be in some way. I feel like they've isolated themselves from the norms of the hosting industry and they just sort of do their own thing, which is odd considering the norms of the industry are built around the problems that people actively face and need solutions for.
I'm quite amazed that VestaCP team still have no clue how servers got hacked and every day the count gets higher.. Still no official response from the team either.
So yeah.. better get started to migrate over all my stuff to Plesk asap.
It's not that surprising. No one has given them anything to go on. They recently performed audits for a vulnerability and discovered several mistakes, and corrected them. What should they be expected to action on or respond to at this stage?
If it's incredibly important, there's no substitute for paying someone who employs a full time staff to be ready to resolve problems (as long as they actually do that, which Plesk does).
I guess you do have a point but I do still think that VestaCP have poor security in general as all previous breaches have been caused by issues that are all related to poor coding practices.
Regarding Plesk, the reason as to why I am even considering it has to do with that I am sick of having to check VestaCP forums every single day to see if there is any recent issues popping up. Especially considering that the server I use for Vesta right now is for people that I know and I provide service on it for free, but time costs money so Plesk is worth it for me in the longterm.
Yeah, move on over, why have you waited so long?! A free product is a pain, not to mention those bloody forums!
When you browse their forum, you quickly realize that a lot of them shouldn't be running unmanaged servers.
For what it's worth ISPconfig is free and seems to run very stable & secure (+ very good maintained + related to howtoforge). Plus the support/devs actually replies/answers your queries. Especially if you are a subscriber. If you don't want to use any cp anymore go with centminmod I guess?!
That is also true and some do not have the experience needed to manage the servers. Though, in my case, the issue is that I do not want to give users root access to add additional domains and such. Otherwise I would go with a plain NAMP-/LAMP-stack.
How good is it in terms of security? I've looked into it in the past but never really tried it in a production enviroment.
Nice meme - if the product was safe enough like other options, then there would be no reason to do so. There is plenty of other opensource panels that offer prompt updates if any major security issues occur, unlike vesta where it may take up to a week for basic security fixes when exploits have started to be used.
but you just told you are using vesta instead... why?
would also be good to name your recommendation instead of speaking just of 'others'.
I still think the simplicity of the UI that vesta offers is quite unmatched by any other panel, regardless if free or paid. it's perfect if you want to offer some unexperienced user a way to quickly add a mail-account or database or even a new domain. not much stuff that raises questions or have people fear to break something by just clicking wrong. there is no need to go through a ton of menues or navigational stuff to find the right setting.
as said before I also don't like how issues are handled and that the main dev is poorly responding (not only when security issues might occur). this behaviour probably will be the end of it's development sooner or later I agree. still complaining won't change anything ;-)
rather decide to use and secure it yourself and maybe share what you think will help others or move on to another solution that you think might be better and let people know which one and why.
Panels! Panels! We don't need no stinkin' Panels!
If people feel strongly enough, they're free to brush up on their PHP skills and to fork Vesta.
I haven't kept up, but does Vesta have outstanding security issues at this time?
I do hate panels for dedicated services, they tend to fuck up even the simplest task due to their requirement of everything needing to be exactly the way they expect it.
Yes!
There is a reason why OS and major software developers (e.g. web servers) chose simple yet versatile text file based configuration. They did that 50 years ago and they still do it. OF COURSE a couple of clicky clicky buttons can't provide that flexibility.
The real problem IMO is that offering a clicky clicky panel looks nicer (sales! "looking nice" sells) and is much much cheaper both for the providers and the users than having a good knowledge base, how-tos etc. (kudos DigitalOcean and regrettably few others).
more elements = more reasons to fail. Just simple rule. That why always need to keep as simple as possible everything to minimize things which can potentially break.
go over to cwp. its one great tools and alot of things are happening regarding its improvement, and its free
There is a Vesta fork updated every week.. damn I lost the link, will try to find it now
https://github.com/madeITBelgium/vesta ?
no debian. no thx.