Vesta Control Panel - Forum

mehargags wrote:@skurudo
I suggest you make a new post here at http://forum.vestacp.com/viewforum.php?f=25

will be as soon as possible ;-)

Hmh, what is the purpose of this thread, is this some false alert or what? Is the new 0.9.8-16 version affected and has some security issue that is hacked or is the 0.9.8-15 version affected and the security hole is fixed in 0.9.8-16 so we should all upgrade ASAP? I do not understand from this thread what is going on and probably most users are asking the same question...

Clouseau wrote:Hmh, what is the purpose of this thread, is this some false alert or what? Is the new 0.9.8-16 version affected and has some security issue that is hacked or is the 0.9.8-15 version affected and the security hole is fixed in 0.9.8-16 so we should all upgrade ASAP? I do not understand from this thread what is going on and probably most users are asking the same question...

In 0.9.8-15 is a security issue that is fixed in 0.9.8-16.

Release note 0.9.8-16
viewtopic.php?f=25&t=11892

This is a very serious issue at hand. While i do appreciate VestaCP and their team for the time and effort in building this control panel, after this vulnerability that effected supposedly many people, this creates some concern for people who may wish to use this at production level.

So, as a matter of fact, i think VestaCP should give a clear indication to general users about usage of this control panel, and clearly mark it as "Not suitable for production", as we've seen many security flaws over the last few years. This is to protect users who have no idea whats going on...

Maybe its time that VestaCP introduce some sort of bounty program, or even a simple way that people and security researchers can report vulnerabilities, and possibly get some kind of reward (of course, VestaCP is mainly used freely, so this is upto you).

Of course, no piece of software is going to be 100% secure - but i think VestaCP should do more in informing users and vulnerable users of this community with regards to security issues, not just in the form of a forum post. A simple suggestion would be a mailing list for general announcements/bugs/vulnerabilites?

patstan wrote:This is a very serious issue at hand. While i do appreciate VestaCP and their team for the time and effort in building this control panel, after this vulnerability that effected supposedly many people, this creates some concern for people who may wish to use this at production level.

So, as a matter of fact, i think VestaCP should give a clear indication to general users about usage of this control panel, and clearly mark it as "Not suitable for production", as we've seen many security flaws over the last few years. This is to protect users who have no idea whats going on...

Maybe its time that VestaCP introduce some sort of bounty program, or even a simple way that people and security researchers can report vulnerabilities, and possibly get some kind of reward (of course, VestaCP is mainly used freely, so this is upto you).

Of course, no piece of software is going to be 100% secure - but i think VestaCP should do more in informing users and vulnerable users of this community with regards to security issues, not just in the form of a forum post. A simple suggestion would be a mailing list for general announcements/bugs/vulnerabilites?

Every software created in this world is full of bugs and Vulnerabilities. VestaCP is an excellent self management panel and it has to have its "maturity period" before it actually rolls for mass commercial production use. If you are reselling services, you should resort to cPanel and other commercially established software... your statements here are nothing more than unneccessary as all those points are well discussed in the forums. It'd be novice-ness of the users to start using VestaCP (or any other software) without doing proper research.