Security discussion

[ScIT]

Since you are somehow closer to the team than most of us, can we somehow get a word from Serghey?

I don't have any direct contact to Serghey, just beeing a mod here :-). But I know that he was contacted multiple times, but - as far as I know - he didn't respond.

[ScIT]

Thanks ScIT !

No promise - personally I don't want that vesta will die! I just checked the other control panel on the market and have to say, that vesta is the only one i want to use.

[alexcy]

Completely agree SCiT. VestaCP has no reliable alternatives.

Unfortunately I am not a developer myself. I can make minor changes/modifications but that's it.

[ScIT]

by the way: Also we tried to contact ctrlpac (thread opener), but he didnt respond to a pn from mehargags. Maybe he can try to contact me if he still has interrests to support vesta.

[ScIT]

Completely agree SCiT. VestaCP has no reliable alternatives.

Unfortunately I am not a developer myself. I can make minor changes/modifications but that's it.

Same here, and that's the problem we've right now - we can't find enough devs :-).

I hope the best for vesta and also try to do the best to keep it alive.

[albertus]

I see we have 4 options:

a) Rely on the community to find the exploited vulnerability and then fork VestaCP into something else.
b) Make a fund to offer a prize for whoever finds the hole, and then fork VestaCP.
c) Forget about VestaCP
d) Rely on the core dev team. Meaning no ETA no info until they want.

Cheers

[alexcy]

Let's say we managed to find the hole.. After what? We need a team of devs (and a lead dev) to continue the project.

And it seems difficult to do so (at least so far).

[mehargags]

I see we have 4 options:

a) Rely on the community to find the exploited vulnerability and then fork VestaCP into something else.
b) Make a fund to offer a prize for whoever finds the hole, and then fork VestaCP.
c) Forget about VestaCP
d) Rely on the core dev team. Meaning no ETA no info until they want.

Cheers

Trust my word, since last 2 years, I have been asking Core Vesta team to have a commercial support offering for VestaCP which will:
1) Enable VestaCP to earn some money
2) Apart from reward to the support team admins, the earned money can help us hire professional security consultants who can find vulnerabilities and polish VestaCP code further.
3) And ofcourse, include more developers in the team to speed up development.

However, I don't know why this is not being considered. We know everyone needs some financial backing to support for the hours spent as well as take a project further you also need an efficient team.

[pipoy]

Deployed a droplet and and installed Cyberpanel

Pointed 1 domain from Vesta to Cyberpanel

5 min later, I destroyed Cyberpanel droplet and revert domain back to Vesta.

Vesta is irreplaceable!!!!

[dpeca]

Trust my word, since last 2 years, I have been asking Core Vesta team to have a commercial support offering for VestaCP

and it exists since I know for VestaCP