New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I think the developers already fix that, no?
According to their bug tracker, issue #0000350, they've address multiple security holes. IIRC, these are the issues joe91 brought up here on an LET thread.
Also they'll be releasing 10.0.2 shortly, the only issue I've had with ZPanel on one server is having to turn recursive dns off, and manually adding an A record for a subdomain if using their DNS. I also have use / currently use Kloxo, CPanel and CLI on other servers.
forums.zpanelcp.com/showthread.php?18653-Season-s-Greetings-from-the-ZPanel-Project!&p=87484#post87484
TL;DR - ZPanel 10.0.2 of which will be officially released on 1st of January 2013
+1
No. There is still at least one massive vulnerability in the templater that cannot be fixed unless the entire templater is replaced.
Many vulnerabilities have been fixed, but the aforementioned one still exists and there may very well be more.
EasySCP (fork of IspCP) http://www.easyscp.net/en/
Ajenti was good when I last used it, I think people just give up on things to fast i.e. if it does not make your breakfast for yo in 1 click it must be shit.
Don't use kloxo unless you plan to do some serious work optimising and securing it, which lets be honest if you knew how too you would not be using it in the first place, the volume of issues that kloxo causes me when customers install it is making me consider making use of it against the AUP.
Ajenti looks very good and seems to have really nice feature..and run as standalone...will give it a try later when have free vps....but they dont list the feature it have...
Bash
+1 for this. I like to make my own breakfast...
zsh
This thread also can be useful for people looking for alternatives
http://www.lowendtalk.com/discussion/5811/what-open-source-control-panel-are-you-using#Item_71
@AnthonySmith and @Raymii I have to admit, I haven't tested Ajenti but looking at some of the screenshots, yes it seems you can't do mostly everything with 1 click and thus I'll stay away for the time being... unless it does vhost, email, ftp and dns in 1 or 2 clicks?
looking forward to seeing how NEON will turn out... I'll be one of the first to test that on centos if it ever reaches that far in dev.
May I know what kind of vulnerability and what is the worst thing the attacker can do? Would you advise against using ZPanel even without public facing access/login?
I ran ZPanel on 1 of my production box
What about this Kloxo fork , sound interesting.
http://forum.lxcenter.org/index.php?t=msg&th=19262&start=0&
https://github.com/mustafaramadhan/kloxo
Apparently (from talking to @joepie91), there's an easy vulnerability that will give the attacker Admin access.
ispCP Omega - a VHCS fork.
LNMP - It will install nginx, mysql, php automatically
@joepie91 just send me a PM...
That vulnerability have been patched when he reported it and the only vulnerability(that he aware of) that still existed can only be manipulated by logged in Administrator or Reseller account.
Also, its worth noting that he haven't done complete check of the code, so it's possible that there are more vulnerabilities in it.
With that being said I would say ZPanel might be OK for personal use.
the zPanel and Webmin are recommended, as for Kloxo is very complicated for no reason and available on Centos only
Any of those free control panels support nginx?
Virtualmin does.
http://www.virtualmin.com/documentation/web/nginx
Webmin + Virtualmin is recommended...
Ispconfig also supports nginx