We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Security discussion
Re: Security discussion
I don't have any direct contact to Serghey, just beeing a mod here :-). But I know that he was contacted multiple times, but - as far as I know - he didn't respond.
Re: Security discussion
Completely agree SCiT. VestaCP has no reliable alternatives.
Unfortunately I am not a developer myself. I can make minor changes/modifications but that's it.
Unfortunately I am not a developer myself. I can make minor changes/modifications but that's it.
Re: Security discussion
by the way: Also we tried to contact ctrlpac (thread opener), but he didnt respond to a pn from mehargags. Maybe he can try to contact me if he still has interrests to support vesta.
Re: Security discussion
Same here, and that's the problem we've right now - we can't find enough devs :-).
I hope the best for vesta and also try to do the best to keep it alive.
Re: Security discussion
I see we have 4 options:
a) Rely on the community to find the exploited vulnerability and then fork VestaCP into something else.
b) Make a fund to offer a prize for whoever finds the hole, and then fork VestaCP.
c) Forget about VestaCP
d) Rely on the core dev team. Meaning no ETA no info until they want.
Cheers
a) Rely on the community to find the exploited vulnerability and then fork VestaCP into something else.
b) Make a fund to offer a prize for whoever finds the hole, and then fork VestaCP.
c) Forget about VestaCP
d) Rely on the core dev team. Meaning no ETA no info until they want.
Cheers
Re: Security discussion
Let's say we managed to find the hole.. After what? We need a team of devs (and a lead dev) to continue the project.
And it seems difficult to do so (at least so far).
And it seems difficult to do so (at least so far).
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: Security discussion
Trust my word, since last 2 years, I have been asking Core Vesta team to have a commercial support offering for VestaCP which will:albertus wrote: ↑Mon Oct 08, 2018 7:20 pmI see we have 4 options:
a) Rely on the community to find the exploited vulnerability and then fork VestaCP into something else.
b) Make a fund to offer a prize for whoever finds the hole, and then fork VestaCP.
c) Forget about VestaCP
d) Rely on the core dev team. Meaning no ETA no info until they want.
Cheers
1) Enable VestaCP to earn some money
2) Apart from reward to the support team admins, the earned money can help us hire professional security consultants who can find vulnerabilities and polish VestaCP code further.
3) And ofcourse, include more developers in the team to speed up development.
However, I don't know why this is not being considered. We know everyone needs some financial backing to support for the hours spent as well as take a project further you also need an efficient team.
Re: Security discussion
Deployed a droplet and and installed Cyberpanel
Pointed 1 domain from Vesta to Cyberpanel
5 min later, I destroyed Cyberpanel droplet and revert domain back to Vesta.
Vesta is irreplaceable!!!!
Pointed 1 domain from Vesta to Cyberpanel
5 min later, I destroyed Cyberpanel droplet and revert domain back to Vesta.
Vesta is irreplaceable!!!!