This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Sentora Poorly managed hosting accounts
#21
RE: Sentora Poorly managed hosting accounts
Markdark has replied on the tag via PM that he could not see the video at where he is living (Kazakhstan).
So i downloaded the video and uploaded it to my dropbox so hopefully he could see it.

My Sentora DemoMy GithubAuxio Github
Zentora themeS-Type themeCstyleX theme
flat-color-iconssmall-n-flat-icons

Sentora's development takes way too long, so i'm transitioning to HestiaCP.
Reply
Thanks given by: TGates
#22
RE: Sentora Poorly managed hosting accounts
I'm not sure about the windows version. But if somehow attacker exploit this bug, YOU KNOW THE DESTRUCTION.
If anyone has the latest version of Sentora on their Windows Server, Kindly share the server with me if you are comfortable with it. I'd like a quick penetration testing on it.
Reply
Thanks given by:
#23
RE: Sentora Poorly managed hosting accounts
ahsan not sure about windows, but on Ubuntu 14 and CentOS 7 this exploit is NOT POSSIBLE unless you change the default Sentora configuration and install Perl (that was said multiple times it is not secure neither supportedd by sentora at this moment).

The FTP Account Exploit was already fixed (less than 24h after the exploit report).
My Sentora Resources
[Module] Mail Quota Count | Vagrant Box with Sentora

[Image: vanguardly-logo-micro.png]
Graphic and Web Design. Development.
www.vanguardly.com


Reply
Thanks given by:
#24
RE: Sentora Poorly managed hosting accounts
apinto I didn't change it on my centOS 6.5. Sentora for centOS 6 don't have an option to enable/disable cgi. So every Sentora Server with CentOS 6 or low is vulnerable to this.
Reply
Thanks given by:
#25
RE: Sentora Poorly managed hosting accounts
(07-18-2015, 09:11 PM)ahsan Wrote: Sentora for centOS 6 don't have an option to enable/disable cgi.
Then i think it are very old installs because CGI is disabled thru the installer.
And for old installs there is a patch published.

My Sentora DemoMy GithubAuxio Github
Zentora themeS-Type themeCstyleX theme
flat-color-iconssmall-n-flat-icons

Sentora's development takes way too long, so i'm transitioning to HestiaCP.
Reply
Thanks given by:
#26
RE: Sentora Poorly managed hosting accounts
ahan. That's okay then.
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Update redirect to Sentora login to an error page if a sub domain does not exist TGates 2 3 ,355 9 hours ago
Last Post: Me.B
Need Sentora HELP ? Alemiz 4 12 ,841 10-26-2018, 04:09 PM
Last Post: republicus
Sentora Feedback and Ideas Xversion 10 32 ,534 10-28-2017, 06:49 AM
Last Post: TGates

Forum Jump:


Users browsing this thread: 1 Guest(s)