New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Adding comments and renaming index.php files to combine them in one directory won't fix security issues. That's the only recommendations I've seen you make. Those are organizational concerns. Let me know if you ever find any holes. Of course I audit my logs regularly and try to break my own system frequently. All security concerns I've had have been addressed. Always happy to address any more and contact the developer on behalf of anyone who wants to send me any information.
I may not be a developer (though I play one on TV) but I've been dealing with server administration and security for no short amount of time.
No hard feelings I'm just getting my word in here because most of my customer base frequents this website and if they are going to be reading statements from the site's administrator that what we use is unsafe, I'd like them to read my response to it beneath that.
Of course not. That's not what I said. I said it plays a major role in preventing them. :-)
It's like fire-safety. You want to have sprinklers in case there's a fire in your office building. That's good quality code: a sprinkler installation.
An office building won't ignite itself and code won't become insecure by itself. But people make mistakes and when a mistake is made in VestaCP, there's no sprinkler installation.
I'm just glad you take security beyond the code and do proper reviews and audits of your servers!
Still, I love vestacp. I'm using it on my production server and it is running very well.
>
Uhm VestaCP has had multiple releases since 0.9.8-9, a quick check of their forum would tell you that - they just haven't updated the roadmap.
Is a good chunk of the forum members only?
https://forum.vestacp.com/viewforum.php?f=25&sid=3fddf0b0ecde5767c148a81f5c550335 shows the last release as 0.9.8-9 by skid » Sat Jun 14, 2014 9:49 am.
Several updates were not posted on the forum either. Not sure if they were actual version releases or patches. Memory is failing
Look at the GitHub - https://github.com/serghey-rodin/vesta to see the updates.
I don't have a Vesta install, but it's possible those updates roll into existing installs.
They do. He updates the repos.
I suggest VirtualMin
you will have everything near your fingers with VirtualMin
Yeah, that's what I was using to track the current release too.
Regardless of this (good) info, the fact they cannot communicate releases via the forums or their main page is as bad as not releasing it. I should be able to go to the site and see the current version.
Go yell at Observium too, they still haven't updated their downloads page!
I had quite a few confused users asking me why I had a newer version.
That's because you are special
Yeah, I will lump them in the same basket. If you are going to have a website, at least keep the changelog up to date. Don't just throw it on git and hope people can work it out for themselves.
New release is planned in the end of January.
I hope added file manager...
****> @LES said:
I would pick virtualmin + webmin anytime , mainly cuz it works for me .
Never tried vesta ..
i do not like both of them.
Vesta seems good if I were doing a single vps set up. I didn't enjoy it when I tried it a while back, but I did like the ease of setup and use. I didn't like the multiple servers running whole stacks design though.
I've yet to find the time to properly run through a webmin/virtualmin install to its entirety, but in testing, I found it to be a nuisance to deal with. It isn't pretty, but it can do anything you desire, and then some. I feel that the and then some aspect is frustrating at times. But like I said, no full use case yet. I'll try it out again next weekend.
Ispconfig is what I'm trying this weekend and I'm finding that it does most everything I wanted from virtualmin with less hassle after the initial set up. The initial setup though, that leaves something to be desired, but it isn't terrible. I like the addition of multiple servers for different roles though. Currently using 2 for dns, one for mail, one for web hosting and another for sql and it's all been pretty painless to deal with.
Having never tried VestaCP (yet!), can't say how it rates vis a vis the Virtualmin/Webmin combo. This said, I would like to share a few thoughts on the latter:
Virtualmin/Webmin is very stable and secure. Had a mission-critical mailserver (postfix/dovecot2) running for 2 years flat out with zero downtime or need of any tweaks or patches (after initial install/tweaks).
VM/WM is lightweight, you can use it to manage a mailserver with no DB backend, resulting in ~120mb RAM footprint, all told.
VM/WM is non-invasive (i.e. doesn't take over the server) and can be run together with pretty much anything else. One good example: VM/WM + AEgir CP running peacefully side by side!
VM/WM is a monster of a server admin CP that helps you install, configure and manage, well, pretty much anything!
having said all that, without customization or extentions, out of the box VM/WM is not really designed with hosting/reselling business in mind.
@aglodek,
What's you mean Webmin is secure?. Secure because no security issues report or by design?.
In fact, you must admin login as root (as the same as ssh), their webserver and perl running under root too.
i liked vestacp but I think it lacks some stuff.... After trying it and used it for a few weeks I went with webuzo instead.
No security issues I have come across. I stand ready to be corrected, of course
Hm! Interesting point, this. Ever heard of adding other users under Linux? And giving them sudo rights? But seriously now: I'm in the process of migrating my MX and Aegir servers both to new providers, using KVM virtualization instead of OpenVZ, plus major upgrade in system config and security protocols - no root login allowed, among many other things. Very interested to see how that plays out with VM, given your statement above...
@jar :I like vestacp.
Almost all CP's have some flaw it is just a matter of preference what you choose, in my opinion Virtualmin can be a little daunting to get around but vestaCP is simplified with only essential criteria taken care of no bloat.
Coding is also preference if you sat 3 developers down and asked them to code something like vestacp they would all code it completely different, it is all down to developers preferences.
I would suggest testing them and seeing what suits you the most not to worry about other peoples preferences but keep in mind the most you can do for your free clients is to provide the highest level of security possible at a low to no cost as obviously you are providing services for free so you don't want a huge outlay!