This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Security
#1
Security
Hello guys, I was thinking of sending this via PM but I think that is frowned upon.
I have read much on Lowendtalk about sentora warning.

Has this security issue been fixed?
Reply
Thanks given by:
#2
RE: Security
Please read this thread.
Probably all your questions are already there Smile

http://forums.sentora.org/showthread.php...t=security
My Sentora Resources
[Module] Mail Quota Count | Vagrant Box with Sentora

[Image: vanguardly-logo-micro.png]
Graphic and Web Design. Development.
www.vanguardly.com


Reply
Thanks given by:
#3
RE: Security
Doesn't answer all the questions but I understand.

Also I think it would be wise for you guys to address these questions on reddit, and other forums.
Reply
Thanks given by:
#4
RE: Security
Have you been hacked? I will guess not so and the guy who started ranting about it did not either I guess its just talk… and  BS.
 
As far as I know ZPanel did not get hacked it was a module some one created saying use this in your ZPanel and you can do good things with it. What people did not realise that the module had coding to access ZPanel server. Now the rest is it gave access to your server (not hacked).
 
I was running Zpanel 6.1.1u same server over two years and hosting clients with no issues.
Reply
Thanks given by:
#5
RE: Security
(07-11-2015, 03:41 PM)Dave Wrote: Have you been hacked? I will guess not so and the guy who started ranting about it did not either I guess its just talk… and  BS.
 
As far as I know ZPanel did not get hacked it was a module some one created saying use this in your ZPanel and you can do good things with it. What people did not realise that the module had coding to access ZPanel server. Now the rest is it gave access to your server (not hacked).
 
I was running Zpanel 6.1.1u same server over two years and hosting clients with no issues.

If I was an expert in Linux I would probably have an idea if I was hacked. I do know that there is an issue with Bandwith which rewrites conf file. I am not sure if this a hack or a bug because I know there were no issues on reaching bandwith.

I have read the previous thread and I still stand by that the negative publicity has to be handled correctly.
Reply
Thanks given by:
#6
RE: Security
There exist some very dangerous bugs in the Sentora as well. A user can compromise domains of other users and all. I have sent a private message to TGates and Me.B about the issue.
No response yet.
Reply
Thanks given by:
#7
RE: Security
(07-14-2015, 09:22 PM)ahsan Wrote: There exist some very dangerous bugs in the Sentora as well. A user can compromise domains of other users and all. I have sent a private message to TGates and Me.B about the issue.
No response yet.

Is this in the FTP client (File Manager) at the bottom of your control panel your talking about?
 
Can you shed some more light on this….?
Reply
Thanks given by:
#8
RE: Security
(07-14-2015, 09:22 PM)ahsan Wrote: There exist some very dangerous bugs in the Sentora as well. A user can compromise domains of other users and all. I have sent a private message to TGates and Me.B about the issue.
No response yet.
ahsan you are probably referring to this: https://github.com/sentora/sentora-core/issues/172
and http://forums.sentora.org/showthread.php...&pid=10796

It was alreeady reported and it is being fixed (with some modules already fixed).
My Sentora Resources
[Module] Mail Quota Count | Vagrant Box with Sentora

[Image: vanguardly-logo-micro.png]
Graphic and Web Design. Development.
www.vanguardly.com


Reply
Thanks given by:
#9
RE: Security
@[apinto]
 Let alone the user panel bugs there are numerous bugs regarding to Server security and user privacy.
I was just testing my Sentora server and I'm really, really disheartened right now.
All the websites on the server are run under apache user. And if any account of the user is compromised, The attacker can gain access to all the websites and users on the sentora.
All you need is a back-connect script. And you can change files of any website in any directory or any user.
Reply
Thanks given by:
#10
RE: Security
(07-14-2015, 11:37 PM)ahsan Wrote: All the websites on the server are run under apache user. And if any account of the user is compromised, The attacker can gain access to all the websites and users on the sentora.
All you need is a back-connect script. And you can change files of any website in any directory or any user.
isn't this protected/locked in by suhosin?

My Sentora DemoMy GithubAuxio Github
Zentora themeS-Type themeCstyleX theme
flat-color-iconssmall-n-flat-icons

Sentora's development takes way too long, so i'm transitioning to HestiaCP.
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Security update dicussion Eulogy 1 6 ,500 05-29-2017, 04:58 PM
Last Post: Me.B

Forum Jump:


Users browsing this thread: 2 Guest(s)