This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Hight Security Vulnerabilities
#1
Hight Security Vulnerabilities
This is true?
http://www.lowendtalk.com/discussion/472...el-warning


ZPanel have this security problem and it seems the Sentora equals.
Normally all control panels are usually accessed via SSL such as https://1234.1234.1234.1234:8080 but this panel does not.

I think it is already time to correct these vulnerabilities because the control panel until is pretty good and it's a shame anyone able to hack the system and compromise all the data we have on the server.
Reply
Thanks given by:
#2
RE: Hight Security Vulnerabilities
Seriously? Again?
- http://forums.sentora.org/showthread.php?tid=1289
- http://forums.sentora.org/showthread.php?tid=1903
- http://forums.sentora.org/showthread.php?tid=1759
- http://forums.sentora.org/showthread.php?tid=1750

This is old and fixed... meh...

Also, you can setup SSL, Sentora Fully supports it, however like ANY OTHER PANEL you need to enable a Certificate on your server and domain, Sentora cant do that for you.

If you know of any security issue, show it, usually the Sentora Dev team and community fixes this really fast (latest security issue got a Hot Fix released in less than 24h after report).
My Sentora Resources
[Module] Mail Quota Count | Vagrant Box with Sentora

[Image: vanguardly-logo-micro.png]
Graphic and Web Design. Development.
www.vanguardly.com


Reply
Thanks given by:
#3
RE: Hight Security Vulnerabilities
(09-05-2015, 11:42 PM)apinto Wrote: Seriously? Again?
- http://forums.sentora.org/showthread.php?tid=1289
- http://forums.sentora.org/showthread.php?tid=1903
- http://forums.sentora.org/showthread.php?tid=1759
- http://forums.sentora.org/showthread.php?tid=1750

This is old and fixed... meh...

Also, you can setup SSL, Sentora Fully supports it, however like ANY OTHER PANEL you need to enable a Certificate on your server and domain, Sentora cant do that for you.

If you know of any security issue, show it, usually the Sentora Dev team and community fixes this really fast (latest security issue got a Hot Fix released in less than 24h after report).

I'm sorry I did not know...
So I'm relieved and I can use without any problem.
Thanks.
Reply
Thanks given by:
#4
RE: Hight Security Vulnerabilities
It's ok.

Just make sure you verify everything and do not only read the first post from half an year ago Smile
My Sentora Resources
[Module] Mail Quota Count | Vagrant Box with Sentora

[Image: vanguardly-logo-micro.png]
Graphic and Web Design. Development.
www.vanguardly.com


Reply
Thanks given by:
#5
RE: Hight Security Vulnerabilities
(09-06-2015, 01:52 AM)apinto Wrote: It's ok.

Just make sure you verify everything and do not only read the first post from half an year ago Smile

Ok Smile

But can not make the safest login on control panel?
Per example, Instead of entering the subdomain (panel.mydomain.com) or directly by IP (123.123.123.123), can enter through a port (123.123.123.123:8080). This made the safest access because any intelligent person could have access to the login of the control panel.
Reply
Thanks given by:
#6
RE: Hight Security Vulnerabilities
(09-06-2015, 06:13 AM)Riperino Wrote:
(09-06-2015, 01:52 AM)apinto Wrote: It's ok.

Just make sure you verify everything and do not only read the first post from half an year ago Smile

Ok Smile

But can not make the safest login on control panel?
Per example, Instead of entering the subdomain (panel.mydomain.com) or directly by IP (123.123.123.123), can enter through a port (123.123.123.123:8080). This made the safest access because any intelligent person could have access to the login of the control panel.

I could be wrong, but I think it's already there. Idea Go to Admin>Sentora Config and change the Sentora Apache Port, change the port 80 to any desired, legit port. On next deamon run the change shall take place.

Long ago I did it manually with zPanel by editing vhost. But it was unstable. Better do it from admin panel. hope this helps.  Cool
Reply
Thanks given by:
#7
RE: Hight Security Vulnerabilities
My advice if you use the panel for personal use and don't provide login for any one best is moving the panel to another port & locking it with IPtables rules.

Beside that any vulnerability reported was fixed.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by:
#8
RE: Hight Security Vulnerabilities
(09-06-2015, 07:39 PM)Me.B Wrote: My advice if you use the panel for personal use and don't provide login for any one best is moving the panel to another port & locking it with IPtables rules.

Beside that any vulnerability reported was fixed.

M B

But how can I add a port to log in to my control panel?
Since I am thinking create accounts for other users and would be ideal not be able to access the login directly through the IP.
Reply
Thanks given by:
#9
RE: Hight Security Vulnerabilities
It's a hardening ADVICE ! I meant if you you use it that way and add the firewall restriction, you will end up locking down any further risk.
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by:
#10
RE: Hight Security Vulnerabilities
(09-06-2015, 11:08 PM)Me.B Wrote: It's a hardening ADVICE ! I meant if you you use it that way and add the firewall restriction, you will end up locking down any further risk.

And how can I do this?
I use CSF Firewall.
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Security issue urgent johnnyp 7 13 ,966 02-27-2020, 06:19 PM
Last Post: johnnyp
SO MANY SECURITY ISSUES!! Sentora needs serious updates! aaronlroberts 9 20 ,582 11-24-2018, 01:48 AM
Last Post: siulian
SSL vulnerabilities CMs222 7 13 ,637 02-27-2018, 12:03 AM
Last Post: Me.B

Forum Jump:


Users browsing this thread: 1 Guest(s)