New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
That's a wrong analogy I think. Code style is (to a certain extent) paramount to security. Front-end styling is something that could be compared to a car's color; code style is not.
Like I said before, I am only trying to help (as is @popx) with some advice. You're free to ignore it. There's no reason to become rude, though.
Shit things don't last forever.
In an universe with unlimited time I probably would write every program myself, sadly this isn't the case. Even if I would be a "good "php programmer"" I probably would choose to join a project that has already good or at least better code.
If someone offers you free food but every third package sadly contains some poison you probably would say: "Oh don't be so judgy. They spent so much time collecting/making/packaging that food".
He sure as hell did: http://www.lowendtalk.com/discussion/10391/the-security-trainwreck-that-is-zpanel
@joepie91
http://www.zpanelcp.com
working
Yeah, there's plenty of search result of "joe" going around of uhm, having discussions with and about zpanel.
"rapecunt"... What a "nice" username...
Your irony detector seems broken.
Just like the most of zpanel & vestaCP code :>
@popx If you are going to bitch about the way someone codes why not give them feedback on github. Some people are self taught and really don't know the "right" way as you "professional" coders are.
Agree. I have been using Vesta for months without any issue. If @popx could help Vesta to be better in term of security and code managemen, why not do it? At least they try to make something useful for others for free and it should be appreciated. Criticizing without any constructive input is as bad as the ugly code.
@sirmbhe Agreed. Rarely met developers who don't trash talk other people's code. Publish your exploits, make the creator aware of said exploits, or contribute to the open source product. Final option, just trash talk it and expect people to rightfully ignore you.
The guy from rack911 hasn't had any complaints about VestaCP and gave it a positive nod once, that's worth more than anyone trash talking it without substance to me.
I'm sure it's not flawless, but I've been running it in production for quite a while now. I opted to put new users on cpanel for good reason, but that doesn't take away from the fact that vesta is still standing.
So where is @Joepie91 in this thread?
It's not worth it, they have 182 issues open & 21+ pull requests, what makes you think that they'd listen to me? I think they like their code as it is right now and won't make a change unless something huge happens, also I don't really care enough to do that.
Still not an excuse to write bad code, there are alot of people using VestaCP, if you can't code yourself, then go hire a real developer to help you. You could actually be putting 100+ people using your script in danger just because you're incompetent.
You're incompetent for thinking you're so much better than them that they're not worthy of your almighty help. If you're the only one that knows of these massive security holes then you are the one putting those people in danger.
VestaCP fanboy detected rofl...
Learn to read, I never said that there were any security "holes" (THAT I KNOW OF) except from poorly written code that can be easily abused, but I'm not really hunting for bugs/exploits.
I'm honestly not going to argue with you. You're not worth it. You haven't said anything positive at all in this thread. Say it has problems, suggest an alternative, be done. Starting a flame war isn't the answer.
Your irony detector seems broken.
I spun up a test server the other day and installed zPanel - I was easily able to abuse a local privilege escalation exploit. Any users on your system that are aware of /etc/zpanel/panel/bin/zsudo can easily inject panel and execute things as the root user.
@popx
You're stellar at coding, I presume, so you go write your own open source web hosting panel and let us shame you for it
Nah, I'm fine, I have my real life job and a very little time for things I want/like to do outside it. You do it if you want to, just make sure it's better than Vesta/Zpanel and I'm sure you'll be fine.
>
I'm not "trash talking" Vesta, just stating that it's very poorly coded and that it should never be used in production, if you don't agree with me then you probably never wrote anything other than html. It's just funny how everyone here is taking sides with you. Once the project goes to shit (where it belongs) like zpanel, those people will be like 'OH I KNEW IT' even though they're praising it now because it's OPEN SOURCE (RIGHT, YOU SHOULD ALWAYS USE POORLY CODED OPEN SOURCE SOLUTION JUST BECAUSE IT'S OPEN SOURCE).
@popx Code is relative. Every developer thinks their way is best and it's almost always communicated in such a "this is unusable trash" type of way. I'm open to any data with substance, not poo slinging because you wouldn't code that way, simple as that. If you've ever managed a team of developers you are well aware that this manner of speaking is very common and that developers do not often agree on coding styles, best practices, or languages. A non-developer must understand this or must keep shifting their opinions each time they meet a new developer.
Bring me substance or continue feeling intellectually superior yet unable to produce any substance at the same time, your choice, but I'm free to not think you to be my intellectual superior when you're bringing nothing to the table that I can use. You may well be right, I absolutely do not deny that, but you're unable to communicate it adequately and that's all I can work from.
Why not to use chanel for production server and webmin or ssh for personal project?
To a certain extent. Tabs VS spaces for indentation, that's preference. Naming all your files index.php and using folders for structure (without using any classes in those files) in quite universally considered bad coding and has been proven to massively increase risk and induce future cost.
The fact that I try to help other people not making a mistake I/we all once made or will make doesn't mean I don't appreciate the fact that someone spends quite some of their free time making a free product for everyone. I think it's a shame people confuse those two things.
All I'm saying is do not use VestaCP in a production environment (with actual customers); there's just too much risk involved. For anything else it may be perfectly adequate.
I'll make this analogy again, because I want to make sure this is clear:
A Rover 100 may drive just fine and work very well, but when you crash it you're guaranteed to be hurt and the chance of it breaking down is very high. Doesn't mean you shouldn't drive it, just means you should be aware of the risks involved and driving it 120kph is probably not the best idea.
A Volvo (or a Volkswagen or whatever) is a lot safer and the chance of it breaking down or you seriously being hurt in a crash is considerably lower compared to a Rover 100, so driving that at 120kph could be considered a lot less of a risk than doing that with a Rover 100.
VestaCP is a good panel for private use. But I do not recommend it for production use. Haven't checked it for vur: but I've feeling that it got few root exploits by the look of the code.
I have decided not to use anything that is using php and a bunch of shell scripts as a backend in production system application. I'm not bashing PHP or anything, its great for web applications and backends for web applications, but not for a public facing system application. So far the only web hosting panels that I have found that use a solid daemon on the backend are cPanel and Webmin.
I'm perfectly happy without a panel. Although I can't tell my arse from php code when it comes to coding. I can't even write a complicated bash scripts. Backup scripts and installers? Ok, but invoking python or perl and I don't know even how to tie my shoelaces.
I'm always amazed at coders when they tell others about how much they know. I'm happy that I can inspect my wordpress site and make html, some php and css changes to it I google.