Vesta Control Panel - Forum

I've been using the original version of VestaCP since end of 2014. I don't have any complaints and still think it is an excellent panel, but would like to ask the Admin what the security status is of the script. Is the script still being regularly updated? I hear about VestaCP forks that are being developed and pick up on negative discussions that the original VestaCP is no longer as well supported. I hear most of the staff of VestaCP left to create a new CP - Hestiacp and there are not enough staff left at VestaCP for continuing up to date development. There are a shortage of updates for the original VestaCP script. Is this true?

BTW members at post4vps.com have tried HestiaCP and think it has too many bugs. So for those thinking in that direction, you need to do your research first. Ditto the forks. There seem to be more than one fork out there enough to make any person thoroughly confused and giddy in the head.

For example. Here is a discussion at GitHub that has me as a user of original VestaCP VERY confused.
https://github.com/serghey-rodin/vesta/issues/2006

So if the owner/s of VestaCP could set the record straight with regard to VestaCP - the original script - this will be much appreciated. I will then advise our members at post4vps.com.

Probaly owners will never reply. As you already noticed, there are a lot of critical exploits unfixed in vesta, the only person who is able to release a new version to the repository doesnt react.

I would suggest to switch to hestiacp or myvestacp, using vestacp isnt a good idea anymore.

I (and people from Hestia) fixed all reported issues.
So, fixes are ready, forwarded to Serghey, and now Serghey should apply them and release the update.

All fixes are immediately applied in myVesta and Hestia.
Latest two fixes I fixed yesterday.

Thank you for the feedback and advice @dpeca & @sCIT. Many thanks for responding.

First time I heard about myvestacp. I'll definitely check it out.

VestaCP is vastly outdated and exploited with no security patches or updates for a long time now.

I suggest you to use HestiaCP, fork of VestaCP that is also open-source just updated, with new features and not dead as VestaCP.

I don't know why is VestaCP still up and in options to install with some hosting providers, because it shouldn't be.

HestiaCP is fork of VestaCP and you can check it out on https://hestiacp.com and join Discord for quick support or post on forum.

Most of Hestia developers are from original VestaCP team, so give them a credit and try HestiaCP, donate if you like it and support them.

Best reguards,
Nikola.

ADS detected.
Hestia is not bad, but there MUST be an option which FPMs to install and which not to since there is a huge piece of garbage on the HDD of low-end VPS. E.g. I need PHP 5.6 and 7.latest, all versions in between are useless. Should I remove that packages manually? xD

P.S. VestaCP is enough secure after appling some patches described at this forum. E.g. change default ports, force phpmyadmin and roundcube to use SSL etc.

Messiah wrote: ↑

Sun Oct 17, 2021 12:19 am

Hestia is not bad, but there MUST be an option which FPMs to install and which not to since there is a huge piece of garbage on the HDD of low-end VPS. E.g. I need PHP 5.6 and 7.latest, all versions in between are useless. Should I remove that packages manually? xD

This isnt the hestia forum or its discord, but in the current case I still want to answer it: No, you don't need to remove the packages manualy. You can either use v-add-web-php or v-delete-web-php followed by the version number (5.6/7.0-4/8.0) to install or remove a specific php version. You can do the same aswell in the interface under server settings -> web - just tick the checkbox at the requested php version and save. For other support related questions, please visit our discord channel or forum.

Messiah wrote: ↑

Sun Oct 17, 2021 12:19 am

E.g. change default ports, force phpmyadmin and roundcube to use SSL etc.

This arent the most important points, there are a few exploits that are discussed in the github thread linked above, also a few new one came up the last few days/weeks and have been reported from hestia to vesta over huntr.dev or other ways. Most were fixed in the source code on github from @dpeca, but there are still a few missing - new versions havent been shipped to secure the existing installations.

Also a bit more details about the exploits and security situation: viewtopic.php?p=84569

Is Serghey back?

In the current panel there are still 7 reported Vulnerabilities that haven't been patched + a few that have been patched but not been updated to any repo...

The updates that have been made and your are referring to are addition of an react based "UI" how ever it missing still 50% of all the code and it doesn't work yet...