Page 2 of 3

Re: Security discussion

Posted: Mon Oct 08, 2018 8:46 am
by ScIT
alexcy wrote:
Mon Oct 08, 2018 8:34 am
Since you are somehow closer to the team than most of us, can we somehow get a word from Serghey?
I don't have any direct contact to Serghey, just beeing a mod here :-). But I know that he was contacted multiple times, but - as far as I know - he didn't respond.

Re: Security discussion

Posted: Mon Oct 08, 2018 8:48 am
by ScIT
Spheerys wrote:
Mon Oct 08, 2018 8:44 am
Thanks ScIT !
No promise - personally I don't want that vesta will die! I just checked the other control panel on the market and have to say, that vesta is the only one i want to use.

Re: Security discussion

Posted: Mon Oct 08, 2018 8:50 am
by alexcy
Completely agree SCiT. VestaCP has no reliable alternatives.

Unfortunately I am not a developer myself. I can make minor changes/modifications but that's it.

Re: Security discussion

Posted: Mon Oct 08, 2018 8:51 am
by ScIT
by the way: Also we tried to contact ctrlpac (thread opener), but he didnt respond to a pn from mehargags. Maybe he can try to contact me if he still has interrests to support vesta.

Re: Security discussion

Posted: Mon Oct 08, 2018 8:55 am
by ScIT
alexcy wrote:
Mon Oct 08, 2018 8:50 am
Completely agree SCiT. VestaCP has no reliable alternatives.

Unfortunately I am not a developer myself. I can make minor changes/modifications but that's it.
Same here, and that's the problem we've right now - we can't find enough devs :-).

I hope the best for vesta and also try to do the best to keep it alive.

Re: Security discussion

Posted: Mon Oct 08, 2018 7:20 pm
by albertus
I see we have 4 options:

a) Rely on the community to find the exploited vulnerability and then fork VestaCP into something else.
b) Make a fund to offer a prize for whoever finds the hole, and then fork VestaCP.
c) Forget about VestaCP
d) Rely on the core dev team. Meaning no ETA no info until they want.

Cheers

Re: Security discussion

Posted: Mon Oct 08, 2018 7:42 pm
by alexcy
Let's say we managed to find the hole.. After what? We need a team of devs (and a lead dev) to continue the project.

And it seems difficult to do so (at least so far).

Re: Security discussion

Posted: Tue Oct 09, 2018 6:13 am
by mehargags
albertus wrote:
Mon Oct 08, 2018 7:20 pm
I see we have 4 options:

a) Rely on the community to find the exploited vulnerability and then fork VestaCP into something else.
b) Make a fund to offer a prize for whoever finds the hole, and then fork VestaCP.
c) Forget about VestaCP
d) Rely on the core dev team. Meaning no ETA no info until they want.

Cheers
Trust my word, since last 2 years, I have been asking Core Vesta team to have a commercial support offering for VestaCP which will:
1) Enable VestaCP to earn some money
2) Apart from reward to the support team admins, the earned money can help us hire professional security consultants who can find vulnerabilities and polish VestaCP code further.
3) And ofcourse, include more developers in the team to speed up development.

However, I don't know why this is not being considered. We know everyone needs some financial backing to support for the hours spent as well as take a project further you also need an efficient team.

Re: Security discussion

Posted: Tue Oct 09, 2018 12:35 pm
by pipoy
Deployed a droplet and and installed Cyberpanel

Pointed 1 domain from Vesta to Cyberpanel

5 min later, I destroyed Cyberpanel droplet and revert domain back to Vesta.

Vesta is irreplaceable!!!!

Re: Security discussion

Posted: Tue Oct 09, 2018 3:47 pm
by dpeca
mehargags wrote:
Tue Oct 09, 2018 6:13 am
Trust my word, since last 2 years, I have been asking Core Vesta team to have a commercial support offering for VestaCP
Image

and it exists since I know for VestaCP