New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
If you want your panel to be used in production environments you shouldn't even consider doing stuff like this.
That's the problem, we target use in production. BUT check the forum we are getting requests to get domains using dyndns working!! I Had to sort out a lot of support request for users using Zpanel on DSL lines @ home and willing to have state of the art email deliverability!
The problem is always finding the right balance and try to help everyone trying to use Zpanel if some time it's far far beyond zpanel intended scope. And currently it should be only used by experienced admin's. Like any linux server.
PEBCAK
It's impossible to make everyone happy, that's why ony experienced sysadmins should manage servers.
panels should be for everyone and zpanel is so easy to use so it should be designed for non system admins too.
Agree... But we use to send a lot of users asking basic questions to google it. Some found it very RUDE!
The problem also is those very low new SSD VPS, below 5$ that drive a lot of wanna be admin/Hosting king using either zpanel or other products while they should instead use a shared/ managed account. Those VPS users turn into a lot of issues self inflicted!
No you are getting it WRONG here. Servers must be managed by admins. My dentist can't run a hosting company. You can't take shortcuts for that. You need to learn a LOT! and not only zpanel docs, but a lot over your OS and how to fix it. How do you expect to fix problems if you are not skilled? Ask zpanel support? Or expect auto-updates to fix everything?
No it won't work that way. I stick to my statement, servers must be run by skilled people we call admin's!
M B
i can run it fine i am talking about newbies who use cpanel and webuzo with ease zpanel is similar really and only needs admin knowledge for updates. I do expect auto-updates to fix everything though yes if someone has no clue then they shouldnt use any panel though we all have to start somewhere ^_^
To do updates manually is inconvenient and that is my point
Running a command like :
This is the last update we posted. ONLY one command to run! And you are LAZY, ah I should say finding it "inconvenient". Man it's LINUX! the command line ARENA, you can't run servers with click click. You must do it from time to time and this update we got after 5 month's from 10.1.0. So hard to enter server and run a command line?
In a perfect world, but this is not how in real world it works as most of the problems are not created by users. Check bug tracker we closed a lot of bug rushing reports while it was bad setup. Once something is not working blame the panel. For me once something not working checking the origin and debug until I find the culprit as how any admin will do.
Running a command like :
This is the last update we posted. ONLY one command to run! And you are LAZY, ah I should say finding it "inconvenient". Man it's LINUX! the command line ARENA, you can't run servers with click click. You must do it from time to time and this update we got after 5 month's from 10.1.0. So hard to enter server and run a command line?
In a perfect world yes, but this is not how it works in real world as most of the problems are not created by users. Check bug tracker we closed a lot of bug rushing reports while it was bad setup. Once something is not working blame the panel. For me once something not working check the origin and debug until I find the culprit.
Ok i understand exactly what to do and what you mean what i am trying to say is auto updates is standard in most things but it is not hard to update as you just pointed out
NO Not true... In WP you should always push some buttons. In phpmyadmin NO! MySQL No! Apache No!
This is not standard and you might object to auto-update everything. Once you have some setup working fine, unless you have a critical flaw you don't have a reason to update, as it can turn into problems. Just see openSSL mess. See centos that you use in cpanel, It's not the latest kernel nor always the latest packages. But you get the most stable avaible.
This is my last comment over auto-update as I don't turn it in endless loop like you already did in Zpanel forum. If you want it DO IT as the software is open source and we are happy to accept the pull. Until then we will do our best BUT once we have time to do it and depend on priority.
ok i understand : )
LEt's push even discussion over security further
Here is a real world case:
http://www.madleets.com/Thread-Need-Hacking-help-in-shell
Hacker willing to crash down a zpanel run server.
Notice:
This is not already default setup but this hacker as you can see didn't get in using Zpanel core but directly into zadmin account. He must have found a flaw in CMS installed there.
First point notice no php disabled function, it shows that the user/admin who installed this just disabled SUHOSIN! Wich is key for all Zpanel security model. We allow users to disable it BUT it's enabled and we always say it would cause great security flaws. BUT despite that the hacker is still sand boxed thanks to openbase_dir enabled in PHP jailing the root kit and preventing it currently from going beyond root folder. And we had users disabling openbasedir as IT WAS EASIER to configure their scripts that way!
Should we blame zpanel? Should we prevent users from disabling core security features.
not to bash as I use zpanel for personal/non production currently and really like the newest version. However since you are targeting the free and newbies wouldnt it be beneficial to advise people that items such as suhosin is mandatory to zpanels security right off the bat instead of having users search through forums etc on something so important? To me that seems like a lack of responsibility on developers part.. maybe I missed it during the installation process but nowhere did it mention about any modules not to remove/delete. Might be useful to put up a list of items not to remove that could possibly affect security.
interesting lol this is to much ^_^ good reply's from zpanel
@akz I never advice to disable suhosin or openbase_dir. I was able to get own cloud running without issues. The feature is hidding under apache config > override hosts and avaible ONLY to admin not to users.
I will be happy to discuss this more on Zpanels forum if you have more questions.