|
Security
|
Please read this thread.
Probably all your questions are already there  http://forums.sentora.org/showthread.php...t=security
My Sentora Resources
[Module] Mail Quota Count | Vagrant Box with Sentora ![[Image: vanguardly-logo-micro.png]](http://repo.vanguardly.com/brand/logos/vanguardly-logo-micro.png){kind=logo} Graphic and Web Design. Development. www.vanguardly.com
Dave
Sentora Member  OS: Windows 7 Ultimate Running AWSServer ZPanelX Version: ZPanel 10.1.1 Server: Dedicated, Home
Have you been hacked? I will guess not so and the guy who started ranting about it did not either I guess its just talk… and BS.
As far as I know ZPanel did not get hacked it was a module some one created saying use this in your ZPanel and you can do good things with it. What people did not realise that the module had coding to access ZPanel server. Now the rest is it gave access to your server (not hacked). I was running Zpanel 6.1.1u same server over two years and hosting clients with no issues. (07-11-2015, 03:41 PM)Dave Wrote: Have you been hacked? I will guess not so and the guy who started ranting about it did not either I guess its just talk… and BS. If I was an expert in Linux I would probably have an idea if I was hacked. I do know that there is an issue with Bandwith which rewrites conf file. I am not sure if this a hack or a bug because I know there were no issues on reaching bandwith. I have read the previous thread and I still stand by that the negative publicity has to be handled correctly.
Dave
Sentora Member OS: Windows 7 Ultimate Running AWSServer ZPanelX Version: ZPanel 10.1.1 Server: Dedicated, Home (07-14-2015, 09:22 PM)ahsan Wrote: There exist some very dangerous bugs in the Sentora as well. A user can compromise domains of other users and all. I have sent a private message to TGates and Me.B about the issue. Is this in the FTP client (File Manager) at the bottom of your control panel your talking about? Can you shed some more light on this….? (07-14-2015, 09:22 PM)ahsan Wrote: There exist some very dangerous bugs in the Sentora as well. A user can compromise domains of other users and all. I have sent a private message to TGates and Me.B about the issue.ahsan you are probably referring to this: https://github.com/sentora/sentora-core/issues/172 and http://forums.sentora.org/showthread.php...&pid=10796 It was alreeady reported and it is being fixed (with some modules already fixed).
My Sentora Resources
[Module] Mail Quota Count | Vagrant Box with Sentora Graphic and Web Design. Development. www.vanguardly.com 
@[apinto]
Let alone the user panel bugs there are numerous bugs regarding to Server security and user privacy. I was just testing my Sentora server and I'm really, really disheartened right now. All the websites on the server are run under apache user. And if any account of the user is compromised, The attacker can gain access to all the websites and users on the sentora. All you need is a back-connect script. And you can change files of any website in any directory or any user.
Ron-e
Formerly known as MathDerVakker OS: CentOS 6.7 and 7 Version: 1.0.3 Server: Dedicated & VPS Status: SENTORA FREAK ♠ ♣ ♥ ♦ (07-14-2015, 11:37 PM)ahsan Wrote: All the websites on the server are run under apache user. And if any account of the user is compromised, The attacker can gain access to all the websites and users on the sentora.isn't this protected/locked in by suhosin? ●
● My Sentora Demo ● My Github ● Auxio Github ● ● Zentora theme ● S-Type theme ● CstyleX theme ● ● flat-color-icons ● small-n-flat-icons ● ● Sentora's development takes way too long, so i'm transitioning to HestiaCP. |
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| Security update dicussion | Eulogy | 1 | 5 ,948 |
05-29-2017, 04:58 PM Last Post: Me.B |
|
