Current time: 12-24-2024, 01:04 PM Hello There, Guest! (LoginRegister)


Post Reply 
phoning home for updates
Author Message
ispcomm Offline
Junior Member
*

Posts: 93
Joined: Apr 2008
Reputation: 3
Post: #1
Sad phoning home for updates
I just discovered that each time the admin logs in the ispcp panel, a call is made to http://www.ispcp-control.net to check for updates.

While I'm not contrary to this, I'd like to have an option in ispcp to turn this feature off because I don't like the idea of phoning ispcp-control every time I log in a server.

Also, when the ispcp-control web server is busy, there's a significant delay during the login process (that's the way I discovered it). The following code
Code:
$timeout = 2;
        $old_timeout = ini_set('default_socket_timeout', $timeout);
        $dh2 = @fopen($last_update, 'r');
        ini_set('default_socket_timeout', $old_timeout);
is not actually setting the timeout to 2 seconds (fastcgi-php4).
Also, on production servers I disallow the URI parts of fopen etc, because they're a serious security risk in shared hosting env.

shall we put an option in ispcp??

ispcomm
05-21-2008 09:58 AM
Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #2
RE: phoning home for updates
We already had such a problem a time ago when isp-control.net was down.
But a function to disable would be good.

Greez BeNe
05-21-2008 03:46 PM
Visit this user's website Find all posts by this user Quote this message in a reply
ispcomm Offline
Junior Member
*

Posts: 93
Joined: Apr 2008
Reputation: 3
Post: #3
RE: phoning home for updates
Ok.. I'll go ahead and put a new var in ispcp.conf, then attach the patch to a ticket.

ispcomm
05-21-2008 06:10 PM
Find all posts by this user Quote this message in a reply
BioALIEN Offline
Public Relations Officer
*****
Dev Team

Posts: 620
Joined: Feb 2007
Reputation: 5
Post: #4
RE: phoning home for updates
Major +1 to this. Today's downtime caused unnecessary delay for us today.
05-21-2008 08:45 PM
Find all posts by this user Quote this message in a reply
ispcomm Offline
Junior Member
*

Posts: 93
Joined: Apr 2008
Reputation: 3
Post: #5
RE: phoning home for updates
I created a ticket with the patch http://www.isp-control.net/ispcp/ticket/1277

The new parameter to ispcp.conf is CHECK_FOR_UPDATES (yes/no) which by default is yes (current behaviour). Also, the patch is made in a way not to break current ispcp.conf installations that miss it (simply defaults are used in this case).

The parameter has effect only on the login page of the administrator. If you manually go to system tools->ispcp updates a check will be made regardless the status of CHECK_FOR_UPDATES parameter (which is good to have).

I'm pushing one more feature with this patch, which is the possibility to specify password parameters in the ispcp.conf file instead of modifying the source (PASSWD_STRONG and PASSWD_CHARS added).

I needed this as some of my accounts have long text-only passwords and will not be validated with the current ispcp.

ispcomm
05-22-2008 06:55 PM
Find all posts by this user Quote this message in a reply
ephigenie Offline
Project Leader
*******
Administrators

Posts: 1,578
Joined: Oct 2006
Reputation: 15
Post: #6
RE: phoning home for updates
yeah - sry about the downtime - i had a race-condition in my script for zone-transfers to the slave servers Sad
05-22-2008 09:47 PM
Visit this user's website Find all posts by this user Quote this message in a reply
kilburn Offline
Development Team
*****
Dev Team

Posts: 2,182
Joined: Feb 2007
Reputation: 34
Post: #7
RE: phoning home for updates
Well... sorry about the "wasted" work ispcomm :S In fact, before your patch there where those "strong password" options in the gui and probably the best way to implement the "auto-check-for-updates" feature is do it the same way (stored in the db).

If you don't want to re-make the patch I'll do it for you.
05-23-2008 12:28 AM
Visit this user's website Find all posts by this user Quote this message in a reply
ispcomm Offline
Junior Member
*

Posts: 93
Joined: Apr 2008
Reputation: 3
Post: #8
RE: phoning home for updates
Well, it's not lost work as I get to understand how things work.

I wasn't aware of the gui options (oops), but I must file a bug because sometimes that settings are ignored completely. For example editing a password for a mysql user always requires strong passwords regardless of the gui setting.

Another problem is creating mail user: strong password is required on creation, but if the user is already there, then strong password is not enforced (i.e. the setting is respected).

This was why I modded it in the first place. On a closer examination, the default ispcp installation database is missing these values and they're inserted only when a "save" is done in the edit settings page. ouch... a little inconsistent but it works.

I have to redo my patch Sad

ispcomm.
05-23-2008 12:55 AM
Find all posts by this user Quote this message in a reply
Zothos Offline
Release Manager
*****
Dev Team

Posts: 1,262
Joined: Feb 2007
Reputation: 10
Post: #9
RE: phoning home for updates
hm, could you post the standard values for every setting in here? So i can write a update function and modify the database.sql.
05-23-2008 02:02 AM
Find all posts by this user Quote this message in a reply
ispcomm Offline
Junior Member
*

Posts: 93
Joined: Apr 2008
Reputation: 3
Post: #10
RE: phoning home for updates
I would but I changed some of them. Out of my memory the values should be these:
Code:
LOSTPASSWORD          1    
LOSTPASSWORD_TIMEOUT     30
PASSWD_CHARS         6
PASSWD_STRONG         1
BRUTEFORCE         1
BRUTEFORCE_BETWEEN     1
BRUTEFORCE_MAX_LOGIN     5
BRUTEFORCE_BLOCK_TIME     30
BRUTEFORCE_BETWEEN_TIME 30
BRUTEFORCE_MAX_CAPTCHA     5
CREATE_DEFAULT_EMAIL_ADDRESSES     1
HARD_MAIL_SUSPENSION     1
USER_INITIAL_LANG     lang_English
ISPCP_SUPPORT_SYSTEM     1
DOMAIN_ROWS_PER_PAGE     10
LOG_LEVEL         512

The defaults can be found in of them are in ispcp-lib.php

ispcomm
05-23-2008 04:43 AM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)