Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home General
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Building a modern alternative to cPanel – looking for feedback from the LET community

1468910

Comments

  • techdragontechdragon Member

    @forest said:

    @techdragon said: I hope you plan to register it as a trademark before Hostinger do.

    It's not always necessary to formally register a trademark. Mere use is enough to have some level of protection. However, I all of hPanel's (severe) issues aside, I don't think trademark infringement is one of them. For a trademark to be infringed, you have to prove that they compete directly in the same market and people are likely to confuse one with the other.

    You could sell a product called a Macintosh if it's a circular saw, but you couldn't sell a computer with that name. You could create a company called Amazon if its industry is Amazon river tours, but you could not provide a generic delivery service with that name.

    This is why Cisco and Apple aren't at each other's throats over their (very valuable) IOS/iOS brands: No one is going to confuse a mobile phone OS intended for the average person with an enterprise router OS intended for networking engineers, despite both being not just software, but operating systems. Likewise, OP's hPanel is not likely to be seen as a direct competitor to Hostinger's internal hPanel despite both being web control panels.

    You cannot enforce an unregistered trademark and or a trademark registered in another jurisdiction. It depends what classes the trademark is registered under to be considered an infringement, yes. In regards to this though, they're both management panels for hosting. The classification is likely to encompass.

  • LeviLevi Member

    @doghouch said:
    I just went to the backups page, entered | service nginx stop as a hostname, and clicked on "test connection."

    Wtf :D

    Thanked by 1zejjnt
  • AlyxAlyx Member, Host Rep

    @doghouch said:
    I just went to the backups page, entered | service nginx stop as a hostname, and clicked on "test connection."

    Must be an error on your side.
    hPanel is secure. ChatGPT said it fixed all problems 🤡

    Thanked by 8BasToTheMax plumberg tux forest zejjnt buggedout fatchan sbenchid
  • timmmytimmmy Member

    biloh bucks well spent :D

  • doghouchdoghouch Member

    @Alyx said:

    @doghouch said:
    I just went to the backups page, entered | service nginx stop as a hostname, and clicked on "test connection."

    Must be an error on your side.
    hPanel is secure. ChatGPT said it fixed all problems 🤡

    I'll leave it up for interpretation:

        try {
      const sshpass_output = this._run("sshpass -e sftp -P " + this.port + " -oBatchMode=no -oStrictHostKeyChecking=no -b \"" + sftp_log_tmp + "\" " + this.user + "@" + this.host, _0x3b852b);
      fs.unlinkSync(sftp_log_tmp);
      return sshpass_output;
    } catch (err) {
      // ...
    }
    Thanked by 2fatchan forest
  • gdarkogdarko Member
    edited March 23

    Just don't vibe-code something as sensitive as hosting panel. Please. Go and make to-do apps.

    Thanked by 5BasToTheMax Alyx forest doghouch sbenchid
  • Adam1Adam1 Member

    @HPanel said: It was never intended to resemble cPanel's branding.

    why are you acting like that? It's more than 'resemble' - it's a copy.

    I dont how copyright law works in Pakistan where you are, but I think if you want this project to survive, you better start off right.

  • HPanelHPanel Member, Patron Provider

    @doghouch said:

    @Alyx said:

    @doghouch said:
    I just went to the backups page, entered | service nginx stop as a hostname, and clicked on "test connection."

    Must be an error on your side.
    hPanel is secure. ChatGPT said it fixed all problems 🤡

    I'll leave it up for interpretation:

        try {
      const sshpass_output = this._run("sshpass -e sftp -P " + this.port + " -oBatchMode=no -oStrictHostKeyChecking=no -b \"" + sftp_log_tmp + "\" " + this.user + "@" + this.host, _0x3b852b);
      fs.unlinkSync(sftp_log_tmp);
      return sshpass_output;
    } catch (err) {
      // ...
    }

    Fixed all vuln thanks for testing

  • forestforest Member

    @HPanel said: Fixed all vuln thanks for testing

    No you didn't.

  • HPanelHPanel Member, Patron Provider

    @forest said:

    @HPanel said: Fixed all vuln thanks for testing

    No you didn't.

    oh realy lol

    Thanked by 1MikeA
  • AlyxAlyx Member, Host Rep

    @HPanel said:

    @forest said:

    @HPanel said: Fixed all vuln thanks for testing

    No you didn't.

    oh realy lol

    So you are not only stupid, but also arrogant? 🤡

    Thanked by 4oloke forest whiterider nghialele
  • iKeyZiKeyZ Veteran

    Is the demo supposed to link to a "Why "Vibe Coding" is Bad" page or did I miss something...?

  • AlyxAlyx Member, Host Rep

    Well, since he said all vulns are fixed now, there is no way this is a joke by someone.
    So this must be his intended behavior 🤔

    I'm so glad to see that he finally understood the problem 😀

    Thanked by 2iKeyZ forest
  • dbadudedbadude Member

    @lichade said:
    i downloaded the install script and saw the payload url was base64 encoded, immediately suspicious. why are you hiding the url?

    this is so bad, that calling it vibe-coded would be an insult to vibe coders.

    as you might expect there are emojis everywhere in the code

    claude will tell you that hmac and symmetrical keys never go in to production code.

    the machine id is just the hostname, and the code protection is basically worthless.

    there are command injection vulnerabilities everywhere, and as far as i can tell from reading the code, the commands are run as root
    after that i stopped. i believe there are many more vulnerabilities that i havent found in the few minutes i spent looking at it.

    TLDR:

    do not use, even if its free. you should pay to not use it

    jesus christ, thanks man!

  • fatchanfatchan Member, Host Rep

    The new demo page is brilliant, thanks.

    Thanked by 1Alyx
  • forestforest Member
    edited March 25

    Aww, the demo page isn't loading! I love the list of features, though:

    Secure Codebase

    Source code is obfuscated and deployed as dist-only packages. No raw source on production servers.

    Btw, a related thread from someone else who also got hacked in a day: https://lowendtalk.com/discussion/comment/4754696

  • ozontiozonti Member, Patron Provider

    Does the demo no longer work?

  • NushairAlviNushairAlvi 🚩 Host Rep Tag Suspended

    https://panel.registrar-server.com/

    The link isn't working properly.

    And you should stop using Immunity 360.

  • vingohostvingohost Member, Host Rep

    You actually wanted to improve the project and you destroyed it. I personally when I’ve seen the thread when there wasn’t any comments. Based on the features you’ve written, i wanted to

  • JordJord Moderator, Host Rep, Megathread Squad

    Wait someone redirected the site to a website saying vibe coding is bad?

    Thanked by 1forest
  • plumbergplumberg Veteran, Megathread Squad

    @Jord said:
    Wait someone redirected the site to a website saying vibe coding is bad?

    Pretty neah eh

  • armandorgarmandorg Member, Host Rep

    Nothing is working, store/demo. Did someone breach it?

  • plumbergplumberg Veteran, Megathread Squad

    I think its time to not give visibility to the OP/ this thread and let it run its course.

    As Someone rightfully said " victim of its own success "

  • forestforest Member
    edited March 28

    @Jord said:
    Wait someone redirected the site to a website saying vibe coding is bad?

    Yes lmao

    Will these vibe coders ever learn?

  • HPanelHPanel Member, Patron Provider

    HPanel Security Update All Reported Issues Addressed

    Hi everyone,

    Over the past few days we received valuable feedback from the community regarding potential security concerns in HPanel.

    We took all reports seriously and conducted a full internal security audit.
    All reported issues have now been reviewed and resolved.

    Current status:

    • Command Injection reviewed (false positives, config-level)
    • SQL Injection resolved
    • Path Traversal resolved
    • SSRF resolved
    • Hardcoded secrets removed
    • Prototype pollution resolved
    • Additional internal checks completed

    We’ve also completed a broader code review and testing cycle to ensure there are no remaining vulnerabilities.

    Special thanks to everyone who took the time to report issues, test the panel, and provide constructive feedback it really helped improve the platform.

    HPanel is still actively evolving, and we welcome further testing from the community.
    If you’re interested in security testing or reviewing the platform, feel free to try it out.

    We’re also planning to introduce a bug bounty program soon to encourage responsible disclosure and continued improvements.

    Appreciate all the feedback so far both positive and critical.

    Thanks

  • FatGrizzlyFatGrizzly Member, Host Rep

    @HPanel said:
    HPanel Security Update All Reported Issues Addressed

    Hi everyone,

    Over the past few days we received valuable feedback from the community regarding potential security concerns in HPanel.

    We took all reports seriously and conducted a full internal security audit.
    All reported issues have now been reviewed and resolved.

    Current status:

    • Command Injection reviewed (false positives, config-level)
    • SQL Injection resolved
    • Path Traversal resolved
    • SSRF resolved
    • Hardcoded secrets removed
    • Prototype pollution resolved
    • Additional internal checks completed

    We’ve also completed a broader code review and testing cycle to ensure there are no remaining vulnerabilities.

    Special thanks to everyone who took the time to report issues, test the panel, and provide constructive feedback it really helped improve the platform.

    HPanel is still actively evolving, and we welcome further testing from the community.
    If you’re interested in security testing or reviewing the platform, feel free to try it out.

    We’re also planning to introduce a bug bounty program soon to encourage responsible disclosure and continued improvements.

    Appreciate all the feedback so far both positive and critical.

    Thanks

    Great, how can i install to test this app?

  • HPanelHPanel Member, Patron Provider

    @FatGrizzly said:

    @HPanel said:
    HPanel Security Update All Reported Issues Addressed

    Hi everyone,

    Over the past few days we received valuable feedback from the community regarding potential security concerns in HPanel.

    We took all reports seriously and conducted a full internal security audit.
    All reported issues have now been reviewed and resolved.

    Current status:

    • Command Injection reviewed (false positives, config-level)
    • SQL Injection resolved
    • Path Traversal resolved
    • SSRF resolved
    • Hardcoded secrets removed
    • Prototype pollution resolved
    • Additional internal checks completed

    We’ve also completed a broader code review and testing cycle to ensure there are no remaining vulnerabilities.

    Special thanks to everyone who took the time to report issues, test the panel, and provide constructive feedback it really helped improve the platform.

    HPanel is still actively evolving, and we welcome further testing from the community.
    If you’re interested in security testing or reviewing the platform, feel free to try it out.

    We’re also planning to introduce a bug bounty program soon to encourage responsible disclosure and continued improvements.

    Appreciate all the feedback so far both positive and critical.

    Thanks

    Great, how can i install to test this app?

    Demo will be available later today

    You’ll be able to explore the panel and see how everything works.

    Starting from tomorrow, we’ll also enable trial access, so you can install it on your own server and test it properly.

    I’ll share the details here once it’s live 👍

    Thanked by 1FatGrizzly
  • zedzed Member

    Can I install and test it on someone else's server, just in case?

  • HPanelHPanel Member, Patron Provider

    @zed said:
    Can I install and test it on someone else's server, just in case?

    Yes, absolutely

    Starting tomorrow, trial access will be available, and you’ll be able to install it on any server (including someone else’s) for testing.

  • woinokizwoinokiz Member
    edited April 17

    Complete vibe coded slop this is,

    The problem isnt vibe coding itself but he really dont know what he's doing

    Lets talk about small thing,
    When people complained about license check being lull, he seems to have asked ai "make license verification stronger and make no mistake",
    As usual ai did extract the strings (url and key) to a .license file

    He is really not a good programmer at all, he thinks just verifying hmac is safe,
    Remember verifying license is very important for him and still its so lull,

    [[....I'll update things if needed, even completely de-obfuscated js files....]]

    My recommendation : dont use this at all even for personal usages

Sign In or Register to comment.