New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
For zPanel Users
Please check your server load, if it is very high and you have a process called ksoftirqx using the cpu, it is time to think to another panel and reinstall. Lately there was an epidemic of such issues, I am now dealing with 3-4 cases A DAY!
Comments
what is ksoftirqx thing?
The devil user @zen made this little script to help detect the abuse:
http://pastebin.com/raw.php?i=8bJCPCBQ
A notice for you all! Dont run zpanel with an unsecured tmp!!!
http://www.tin.org/bin/man.cgi?section=9&topic=http://www.tin.org/bin/man.cgi?section=9&topic=ksoftirqd
Whoops brain fart day just noticed you had the x not the d. I had intterupt problems on a laptop and the ksoftyirqd was doing that.
That is not what i said, ksoftirqd is legit, however, you will not see it in a container because it does not have own kernel, only on the node.
Thanks, but I really had enough of zPanel, better put it to rest
It also does not solve the issue on xen/kvm.
Kill the process of ksoftirqx.
Right, this surely solves the problem...
I'd just not let clients use zpanel. More trouble that it's worth.
Just tell your clients to update zPanel to the latest version and make sure you explain to them that they have an UNMANAGED service and having a VPS comes with some responsibilities. It is their job to keep the software up to date, not yours.
But that alone turns it into a managed product finding the ones that do and prompting them to re-act to system changes.
Granted, it is quite a simple way to do it.
True, don't get me wrong im not saying that it shouldn't be done, just trying to re-affirm that most VPS on here are unmanaged and thus proper system admin should be done.
"An ounce of prevention is worth a pound of cure."
In other words, if finding and notifying affected clients is less work than cleaning up after them, such as dealing with suspensions and unsuspensions, then by all means find and notify them.
That would be perfectly okay if you feel fine with looking into the customer's files, not to mention the pain with KVM encrypted file systems, for example...
I am not saying an automated tool like that would be bad (except the fact that it makes changes int he files, but could be used only to notify, for example), however it does not work in all cases, and it is better to fight the spread of a way of thinking, because, if people use insecure products today and dont even update them, will do the same tomorrow if there are no consequences.
No, as long as the host does not have the root password, a managed product and a ToS which allows snooping around, that is not a solution. I do notify the customers when I see that AFTER the load on the server told me something is wrong. I do not go in without a just cause, but if I do find them using zPanel AGAIN after being hacked before and receiving the same advice, then it is time to part ways.
Yeah I don't look through files.
Sorry did this affect 10.1.1 zpanel? Would please give more details if you had? We are trying our best to investigate the issue. All our investigations led to the old zpanel that we fixed.
Thanks again
M B
@Maounique @Me_B I have 3 vps's with zpanel installed, for testing purposes and one of them for testing a shoutcast module. As Maounique said, there is indeed an epidemic of high load cpu use in the previous version of ZPanel. I already removed them just after I did a short examination of the boxes. I didn't find ans suspicious code there, but, it probably had been hacked or something, because the issue started occur the last 4-5 days, with a day timeline between servers! All the three servers was installed with zpanel lot of months ago and I didn't use them or examine them for a while (as I said before, I just wanted to test this panel). Me_B, I was sceptistic about the criticism against zpanel, but there are probably a lot of issues to how your community handles the problems. If you discovered a big hole that caused such a behavior to the servers, then, you should give users a big warning about the specific issue calling them to immediatelly remove older versions with details about the nature of the problem. E.g., did the boxes hacked? Are the passwords stored there stolen?
You want warning? What about checking news section in zpanel? You got there all zpanel annoncements!
It's RSS feed from:
http://forums.zpanelcp.com/Forum-News-Announcements--36
See the issues were reported 2 month's ago by the team.
You can subscribe to zpanel security email list:
https://groups.google.com/forum/#!forum/zpanel-alerts
AND all users received emails.
We are thinking about SPAMMING ALL our forum users too, but still checking that. So do you think that we kept it secret?
You should check the announcements, at least those in the control panel it self! We might think to add a popup over this but the easiest way is the mailing list, and we send 2 emails over the issues. A lot of users immediately rushed and upgraded.
You just needed to upgrade not remove the last release.
M B
Forgot you still have zpanel twitter account:
https://twitter.com/ZPanelCP
And facebook page:
https://www.facebook.com/ZpanelCP
And we will add a blog/news section too for security....
So I will be happy @jvnadr if you point me how we can improve more our zpanel alerts?
I am sorry, but cannot disclose customer data, in fact, I am not even looking in the VPSes, I just saw the process, investigated it a bit, saw it was linked to zPanel, stopped right there as in many other hacking cases before. I am not joking or lying, I have nothing to gain from it, I am promoting Virtualmin GPL because development of EHCP I liked before stopped, zPanel is the source of way too many headaches to be worth looking into yet another issue, I am sorry, I know how it is as I was once a developer and QA for some software, but this is simply too much. Other panels have bugs, other panels are hard to use, other panels cost money and have bugs and are hard to use, etc, but none has so many security issues being in active development as zPanel. This is the sad truth, it forces me to recommend everyone I see spamming, DDoSing, with huge load out of the blue without even checking if they use it to get rid of zPanel, and, guess what, most reply I didnt know there is a problem with it
Mao, that was well written and about the best post on this forum to summarise the issues with zPanel.
I understand and have such issues with joomla.
You could ban/ Kick users. But again they will put back jooma/zpanel and all "the crap" a good admin hate.
I just said at least report issues, we don't even ask for your customers data.
The problem is getting users to update. I just had yesterday a user updating from 10.0.1 ( 3 releases since then) and had to help manually to fix the upgrade process.
@Maounique as I said you can help, don't disclose data, you have developers eager for feedback. And we will do our best to get rid of this mess.
Please notice 10.1.0 security issues are round cube / pchart, it was not even an internal bug from our core dev, but third parties.
There is lot to do here... I feel we are begging here for feedback!!!!!!!!!!!
My last post here... as seriously no one would take 5 min to push zpanel forward.
By the way hostwinds is zpanel sponsor and they are reporting no issues as they tailored an offer for zpanel and update it.
Some humour by a zpanel user
M B
That's cool for zpanel users, seems your people know themselves well.
Here are people talking about hosting and zPanel is bad for hosts and their customers. As a consequence, this is not the best place to advertise it, the hacked customers and their hosts will not like it.
That being said, since you already know who your customers are (from the cartoon you posted and they are aware too) you should make a secure version for them and leave the bloated version for hosts such as your sponsor. They can secure it and plug holes even before the threads get deleted.
As for the average joe, will do with the simple version without much third party apart from the basic minimum such as an web server, a ftp one, dns, mysql, php, and some scripts such as phpmyadmin and the UI, of course. It would be best to do custom versions compiled at installation, but, if not possible, just stick with one distro.
If you want to use zpanel:
A) Join the security email list:
www.forums.zpanelcp.com/Thread-Sign-up-to-our-ZPanel-security-and-patch-alerts-mailing-list-to-be-kept-notified
Log into the panel and read the news for important updates from time to time.
C) Update your panel when patches are released.
It would be great to see providers post zpanel version numbers related to the compromised accounts. Probably outdated versions. If you don't want to snoop (great btw) ask a couple clients to check their version.
Zpanel should implement in-panel upgrading with the option of auto upgrade because some folks can't be bothered with entering a single command into putty.
lol that image was funny