New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
TBH hostguard looks much better than Feathur nut my only concerns are that hostguard is new & it might have have some exploits.But I hope they got their code audited & I am wrong.
Hostguard is turning out to be a pretty descent panel. Im waiting on a few tests runs before bringing into production.
I'm currently overwhelmed by the amount of choice we have regarding those virtualization panels, but they all have pros and cons it is like there is no perfect panel (yet.) I've been sending tickets to a few of the panel providers to verify which one is going to suit me best.
Right now i'm mainly considering Virtualizor.com or Hostguard.net, i need something that is not too difficult to setup because i'm not 100% familiar with all the virtualization aspects BUT.. if what @MarkTurner said is true about Virtualizor.com not taking exploit reports seriously then i will remove this panel from my list of options.
If it is not too much hassle, could you send me the exploit MarkTurner? i will try to verify some things.
@Mark_R - just because Softaculous wont take the report seriously, doesn't mean we're going to distribute it. That would open every Virtualizor user to disruption.
Play with it, you should be able to find it in 10-15 minutes, just study the signalling between the servers in multi-server mode.
Worse is the ability to make the httpd daemon fallover, or worse just consume resources which on a Xen box can be quite easy to cause resource starvation.
Almost all these 'homemade' panels have exploits, they all fundamentally work the same way which means they are all exploitable using the almost the same vectors.
It makes me wonder if that is such a bad thing in the long run, spreading this virtualizor exploit.
Why? because appearently they are not willing to improve their security which is a very important part to everyone, if the exploit gets widely known and used then people will start to realize that they have to stay away from this panel because virtualizor put no effort in fixing it causing critical issues for their customers that aren't aware of it
perhaps virtualizor will realize that they have to be more active in this part or just close this panel project due negative reputation security related.
@Mark_R - it won't be coming from us. Company policy dictates that we can only provide it with the software/hardware developer. If they decide to do nothing with it, then its their choice. We migrated the company we acquired away from Virtualizor and have done the same with Softaculous over the past 12 months. The cost saving of Installatron vs Softaculous is not worth the security headaches, Installatron has been rock solid and well maintained.
Take a look at the logs image on the panel. It's Notepad's logo mirrored horizontally.
Xen is due out in our next major update. Given the extensive feature list of this, it's not due out until late February. Yes, we could smash together some thing quickly but we go through a proper development cycle which includes R&D, testing, auditing, BETA and then release. Each cycle is 4 weeks and includes 1 major feature + updates/patches.
We spent 12 months of solid development, then a further 6 months purely for testing and security. Developing a panel for internal use only vs licensing is very different and we realise this, point being we had security in our mindset since our first code commit. Yes, our code is audited on an on going basis by Rack911. This includes checking over each commit daily and testing of each feature released.
Installation involves running our scripts which automate the process and we have very simple documentation available which covers this.
Then if there are any issues, it's covered by support - so we'll log in after your provide secure access, walk you through it and show you how it's done.
If you're already on Solus, we are basically a 'drop in' replacement. After backing up and exporting the Solus database, HostGuard is then installed (preferably on a new instance), update your respective WHMCS/Blesta modules and off you go.
Sounds good, I might give HostGuard a try in the near future.