Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Zpanel for hosting sites
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Zpanel for hosting sites

v4lk3rv4lk3r Member

I have read and tested some zpanel vulnerabilities. However, they are all old. I did not see any vulnerability report for 10.1.1 since it's released. A friend of mine is using it without any issue. I am not a technical guy so I like simple things as zpanel/cpanel. I have explored other web panels too but they are too techy. I did all my research for zpanel 10.1.1 and didn't find any vulnerability.

I am here to confirm that my research is complete or did I miss any potential threat.

«1

Comments

  • Every zPanel version including the current one is exploitable. Use something else.

    Thanked by 2HuntersPad Maounique
  • squibssquibs Member

    No love for zpanel here. Note that there was a falling out, and a bunch of the zpanel team forked the code and are developing it as sentora. Search the archives - the usual blanket response is "use vestacp".

  • joepie91joepie91 Member, Patron Provider

    Do not use ZPanel. It doesn't matter whether there are any known vulnerabilities or not - the quality of the codebase and developer attitude are so poor that there's practically guaranteed to be undiscovered vulnerabilities. The same goes for Sentora.

    Vulnerabilities don't just start to exist because people have found them. People have simply stopped looking at ZPanel issues because the developers are too stubborn about it, pretend security issues aren't there, etc. It's not worth people's time anymore.

    Until this changes, it is safe to assume that ZPanel is insecure. Whether there are 'known' vulnerabilities or not.

  • getvpsgetvps Member

    +1 Vesta

  • why use zpanel it contains too many exploits

    i advice you to use virtualmin+webmin

    Thanked by 1Maounique
  • Use Webuzo

    Thanked by 1HuntersPad
  • wychwych Member
    edited June 2015

    joepie91 said: Do not use ZPanel.

    ^^ this.

  • -1 zPanel.

    Go DirectAdmin, Vesta, cPanel.

  • If you're just hosting sites then use VestaCP

  • v4lk3rv4lk3r Member

    Thanks all. So, no one could point any potential exploit in zpanel. All other forums has the similar posts that there "could be vulnerabilities". Thanks everyone :) I would go with zpanel. Nothing is secure in software world. There could be many vulnerabilities in all the CP you mentioned but unexplored. Same goes with zpanel.

  • wychwych Member
    edited June 2015

    v4lk3r said: Thanks everyone :) I would go with zpanel.

    Have fun with that. Just look over the way the issues have been hidden or ignored, that would be more than enough to not to use it going forward.

    Is it even called zPanel anymore? sentora.org is up but zpanelcp.com seems to no longer resolve...

  • Yea, good luck with a "company" that deliberately IGNORED all exploits... you'll fare well. I'm sure.

    Thanked by 2netomx ATHK
  • Don't feed the troll.

    Thanked by 1netomx
  • Another +1 for Webuzo, It does have some small issues, but once you get through them it works amazingly.

  • Microlinux said: Don't feed the troll.

    Agrees

    Thanked by 1netomx
  • @joepie91 said:
    Do not use ZPanel. It doesn't matter whether there are any known vulnerabilities or not - the quality of the codebase and developer attitude are so poor that there's practically guaranteed to be undiscovered vulnerabilities. The same goes for Sentora.

    Vulnerabilities don't just start to exist because people have found them. People have simply stopped looking at ZPanel issues because the developers are too stubborn about it, pretend security issues aren't there, etc. It's not worth people's time anymore.

    Having never tried Zpanel myself and with no dog in the fight, I would suggest that history doesn't necessarily repeat itself. If they've released an update, at the very least it deserves a minimal reevaluation, no?

    @joepie91 said:
    Until this changes, it is safe to assume that ZPanel is insecure. Whether there are 'known' vulnerabilities or not.

    Somewhat of a tangent, but this reminded me of something I read on nettime the other day: http://nettime.org/Lists-Archives/nettime-l-1505/msg00026.html

    I don't know the solution to this all, and I don't know where bright lines should be drawn. But I do think that the growing 'moral' push toward secure communications is troubling, and that preserving 'insecure' communications channels as a legitimate choice is vital.

  • @v4lk3r said:
    Thanks all. So, no one could point any potential exploit in zpanel. All other forums has the similar posts that there "could be vulnerabilities". Thanks everyone :) I would go with zpanel. Nothing is secure in software world. There could be many vulnerabilities in all the CP you mentioned but unexplored. Same goes with zpanel.

    Why would you even ask us about our opinions if you were just going to ignore them like you've done on other forums.

    Never underestimate the power of human stupidity.

    Thanked by 1netomx
  • just checked latest "Sentora" CP - At least one privilege escalation exploit. Cannot recommend at all.

    Thanked by 1HostNun
  • LV426LV426 Member
    edited June 2015

    did I miss any potential threat [in Zpanel?]

    Every zPanel version including the current one is exploitable. Use something else

    use vestacp

    i advice you to use virtualmin+webmin

    Use Webuzo

    Go DirectAdmin, Vesta, cPanel

    use VestaCP

    Do not use ZPanel

    Thanks everyone :) I would go with zpanel.

    :p

  • NomadNomad Member

    Some people are like substances... They do have density.

  • @v4lk3r What exactly is your role at zpanel?

  • mikhomikho Member, Host Rep

    Good luck getting an answer, my guess he made his point. Reminding everyone here that it still exists.

  • @LV426 said:
    :p

    He said he asked the same thing on other forums and got the same answers yet he's still going to go with it because "There's no public exploits". We already explained no one brings them to public attention because the developer(s) don't care to fix them.

    Anybody with half a brain wouldn't use zpanel even on a test server let alone a production server.

  • joepie91joepie91 Member, Patron Provider
    edited June 2015

    v4lk3r said: Thanks all. So, no one could point any potential exploit in zpanel.

    If that is your method of assessing security, I can guarantee that your servers have already been owned, and that this will continue to happen.

    v4lk3r said: All other forums has the similar posts that there "could be vulnerabilities".

    And for good reason.

    v4lk3r said: I would go with zpanel. Nothing is secure in software world.

    This is a bullshit argument that I'm frankly sick of hearing.

    1) "Nothing is secure in the software world" is complete and utter nonsense. Yes, provably secure software exists.
    2) There are many, many degrees of software security. Just like many things are poisonous, but some things are more poisonous than others. ZPanel is bad and will put you at significantly bigger risk.

    v4lk3r said: There could be many vulnerabilities in all the CP you mentioned but unexplored. Same goes with zpanel.

    How secure a piece of software is, isn't just determined by 'number of exploits'. Far more important factors are how well vulnerability reports are followed up on, whether the developers practice defensive programming, whether fuzzing techniques are used, whether third-party audits from reputable pentesting companies occur (and are taken seriously), and so on.

    ZPanel fails hard on every single of these points.

    In conclusion: sorry, but you have absolutely no clue what you're doing in the area of security. Follow the recommendations of those who do.

    HostNun said: Having never tried Zpanel myself and with no dog in the fight, I would suggest that history doesn't necessarily repeat itself. If they've released an update, at the very least it deserves a minimal reevaluation, no?

    This already happened. Repeatedly. Rack911 gave up after the developers were unable to respond appropriately. The attitude of the development team is still shit, and there is absolutely no indication whatsoever that the long-term security of the software has improved.

    Developer attitude is everything in the field of security.

    Thanked by 1tommy
  • This is just ironic. For years, I have been railing against the many issues involved with free control panels, especially when you can find something like InterWorx for so cheap through resellers. It's all about security. And zPanel being unsupported has absolutely none.

  • MaouniqueMaounique Host Rep, Veteran

    LinuxGeek9943 said: For years, I have been railing against the many issues involved with free control panels

    Now-now, easy, not all are kloxo or zpanel, some are really secure and tested for years.
    yeah, unlike joepie I also consider nothing is absolutely secure and cannot be because of the human nature, except small snippets like a PoC.
    But there are many-many shades of gray, from almost white to almost black. zPanel is a very dark shade of grey.

  • zPanel is safe. I scanned it with AVG anti-virus. No vulnerabilities at all.

  • @hostnoob said:
    zPanel is safe. I scanned it with AVG anti-virus. No vulnerabilities at all.

    thanks for the laugh man

  • hostnoob said: zPanel is safe. I scanned it with AVG anti-virus. No vulnerabilities at all.

    Scan it with Malwarebytes anti malware ;)

Sign In or Register to comment.