+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: Usage (/forum-34.html)
+--- Thread: is it ready for production (/thread-11629.html)
is it ready for production - tolisoft - 09-09-2010 06:25 PM
Mates,
I am just wandering what is your opinion. Is ispCPOmega ready for production usage?
I mean last 2 security issues was very bad for production server.
And they were:
# Users are able to change into other user's phpMyAdmin account and browse, manipulate or delete their databases and
# ispCP Omega's database password can be looked up from logs
We are looking for a sharing hosting panel and this project looks better than others.
RE: is it ready for production - gOOvER - 09-09-2010 06:30 PM
(09-09-2010 06:25 PM)tolisoft Wrote: Mates,
I am just wandering what is your opinion. Is ispCPOmega ready for production usage?
I mean last 2 security issues was very bad for production server.
And they were:
# Users are able to change into other user's phpMyAdmin account and browse, manipulate or delete their databases and
# ispCP Omega's database password can be looked up from logs
We are looking for a sharing hosting panel and this project looks better than others.
In my Eye's it is. Such mistakes happend in every Open Source project.
But we fix it very fast. 
RE: is it ready for production - kilburn - 09-09-2010 10:52 PM
Quote:Users are able to change into other user's phpMyAdmin account and browse, manipulate or delete their databases
So local user privileges were required. I don't know about you, but my clients don't usually fiddle around trying to break their server (and I would get rid of them instantly if they did). Nevertheless, some type of worm could get you on this, but there are backups to mitigate any damage. Additionally, it was quickly fixed after the report.
Quote:ispCP Omega's database password can be looked up from logsOnce again, you needed local user's privilege for that. Additionally, since ssh access is off and both ftp and php are chrooted, it was only exploitable through cgi.
So yes, we've had some security flaws. Everyone does, even more on a program covering such a wide area, requiring root operations, etc.. Despite that, our policy is to publish security flaws as soon as they are discovered and offer mitigations and patches as fast as we can. All other cp's have had security issues too, but you can't say that they all have such an open policy as we do...
RE: is it ready for production - RatS - 09-10-2010 08:33 AM
ispCP Omega has highly stable releases. Security issues will be fixed fast (and announced on Mailing List and Forum including the patch). At the moment we try to remove outstanding bugs and issues before we implement new features. Therefore, the development looks slow but it is rather vital.
RE: is it ready for production - momo - 09-10-2010 09:40 AM
ispCP is very stable. Try it with few customers and see for yourself. Update your release a few times, get your hand dirty and never look back.
RE: is it ready for production - tolisoft - 09-11-2010 12:29 AM
I have it installed on debian squeeze and it works
. For this kind of servers i prefer freebsd but debian also is ok.
I will be glad if I can help you for better freebsd support.
I've read there is unsupported functionality with traffic counters etc.
RE: is it ready for production - RatS - 09-11-2010 02:39 AM
Since we are just have a limited range developers, we just know a small range of Linux/Unix distributions. Feel free to help us as a freelancer or a team member.
RE: is it ready for production - kilburn - 09-11-2010 09:19 PM
Quote:I will be glad if I can help you for better freebsd support.
I've read there is unsupported functionality with traffic counters etc.
You are right. The problem is that we use iptables for the traffic accounting, so it doesn't work in freebsd. AFAIK there are 2 "standard" firewalls in freebsd, so if you want to work on it choose one of them and try to setup rules that count traffic for the different services. Afterwards we can see how traffic checking can be scripted so the data is stored into ispcp's database....
RE: is it ready for production - tolisoft - 09-11-2010 10:27 PM
(09-11-2010 09:19 PM)kilburn Wrote:Quote:I will be glad if I can help you for better freebsd support.
I've read there is unsupported functionality with traffic counters etc.
You are right. The problem is that we use iptables for the traffic accounting, so it doesn't work in freebsd. AFAIK there are 2 "standard" firewalls in freebsd, so if you want to work on it choose one of them and try to setup rules that count traffic for the different services. Afterwards we can see how traffic checking can be scripted so the data is stored into ispcp's database....
So there are not 2 standard firewalls
. There are 3 - ipf, ipfw and pf. I have to look in the sources and need some time for orientation but in general I will try to adapt the panel with pf (Which is main OpenBSD firewall and has great performance. It's been ported to freebsd several years ago).
RE: is it ready for production - Nuxwin - 09-11-2010 10:55 PM
Can be very great if you can.