Forum

Riperino · 09-05-2015, 10:31 PM

This is true?
http://www.lowendtalk.com/discussion/472...el-warning

ZPanel have this security problem and it seems the Sentora equals.
Normally all control panels are usually accessed via SSL such as https://1234.1234.1234.1234:8080 but this panel does not.

I think it is already time to correct these vulnerabilities because the control panel until is pretty good and it's a shame anyone able to hack the system and compromise all the data we have on the server.

apinto · 09-05-2015, 11:42 PM

Seriously? Again?
- http://forums.sentora.org/showthread.php?tid=1289
- http://forums.sentora.org/showthread.php?tid=1903
- http://forums.sentora.org/showthread.php?tid=1759
- http://forums.sentora.org/showthread.php?tid=1750

This is old and fixed... meh...

Also, you can setup SSL, Sentora Fully supports it, however like ANY OTHER PANEL you need to enable a Certificate on your server and domain, Sentora cant do that for you.

If you know of any security issue, show it, usually the Sentora Dev team and community fixes this really fast (latest security issue got a Hot Fix released in less than 24h after report).

Riperino · 09-05-2015, 11:46 PM

(09-05-2015, 11:42 PM)apinto Wrote: Seriously? Again?
- http://forums.sentora.org/showthread.php?tid=1289
- http://forums.sentora.org/showthread.php?tid=1903
- http://forums.sentora.org/showthread.php?tid=1759
- http://forums.sentora.org/showthread.php?tid=1750

This is old and fixed... meh...

Also, you can setup SSL, Sentora Fully supports it, however like ANY OTHER PANEL you need to enable a Certificate on your server and domain, Sentora cant do that for you.

If you know of any security issue, show it, usually the Sentora Dev team and community fixes this really fast (latest security issue got a Hot Fix released in less than 24h after report).

I'm sorry I did not know...
So I'm relieved and I can use without any problem.
Thanks.

apinto · 09-06-2015, 01:52 AM

It's ok.

Just make sure you verify everything and do not only read the first post from half an year ago Smile

Riperino · 09-06-2015, 06:13 AM

(09-06-2015, 01:52 AM)apinto Wrote: It's ok.

Just make sure you verify everything and do not only read the first post from half an year ago

Ok

But can not make the safest login on control panel?
Per example, Instead of entering the subdomain (panel.mydomain.com) or directly by IP (123.123.123.123), can enter through a port (123.123.123.123:8080). This made the safest access because any intelligent person could have access to the login of the control panel.

mettacell · (This post was last modified: 09-06-2015, 08:43 AM by mettacell.)

(09-06-2015, 06:13 AM)Riperino Wrote:
(09-06-2015, 01:52 AM)apinto Wrote: It's ok.

Just make sure you verify everything and do not only read the first post from half an year ago

Ok

But can not make the safest login on control panel?
Per example, Instead of entering the subdomain (panel.mydomain.com) or directly by IP (123.123.123.123), can enter through a port (123.123.123.123:8080). This made the safest access because any intelligent person could have access to the login of the control panel.

I could be wrong, but I think it's already there. Idea

Go to Admin>Sentora Config and change the Sentora Apache Port, change the port 80 to any desired, legit port. On next deamon run the change shall take place.

Long ago I did it manually with zPanel by editing vhost. But it was unstable. Better do it from admin panel. hope this helps. Cool

Me.B · 09-06-2015, 07:39 PM

My advice if you use the panel for personal use and don't provide login for any one best is moving the panel to another port & locking it with IPtables rules.

Beside that any vulnerability reported was fixed.

M B

Riperino · 09-06-2015, 08:57 PM

(09-06-2015, 07:39 PM)Me.B Wrote: My advice if you use the panel for personal use and don't provide login for any one best is moving the panel to another port & locking it with IPtables rules.

Beside that any vulnerability reported was fixed.

M B

But how can I add a port to log in to my control panel?
Since I am thinking create accounts for other users and would be ideal not be able to access the login directly through the IP.

Me.B · 09-06-2015, 11:08 PM

It's a hardening ADVICE ! I meant if you you use it that way and add the firewall restriction, you will end up locking down any further risk.

Riperino · 09-06-2015, 11:48 PM

(09-06-2015, 11:08 PM)Me.B Wrote: It's a hardening ADVICE ! I meant if you you use it that way and add the firewall restriction, you will end up locking down any further risk.

And how can I do this?
I use CSF Firewall.

Possibly Related Threads…
Thread	Author	Replies	Views	Last Post
Security issue urgent	johnnyp	7	12 ,845	02-27-2020, 06:19 PM Last Post: johnnyp
SO MANY SECURITY ISSUES!! Sentora needs serious updates!	aaronlroberts	9	19 ,717	11-24-2018, 01:48 AM Last Post: siulian
SSL vulnerabilities	CMs222	7	13 ,046	02-27-2018, 12:03 AM Last Post: Me.B