Results 1 to 10 of 10
  1. #1

    VHCS 2.0 is it good to try?

    Hello,

    I would like to know member's opinion regarding the open source well known VHCS2 Control Panel.

    Iíve seen much of small providers round the world such as Dedibox.fr that indeed provide VHCS 2.0 within an commercial servers to there clients.

    And i do wonder. Is it yet ready for real commercial usage?
    From the end of the security, Stability and functionality.

    Any comments? Ideas?

    Would it be the smart move to deliver this VHCS release within paid servers? of course as an free add on.

    any comment, answer will be well welcome.

    Thank you!





  2. #2
    Join Date
    Aug 2003
    Posts
    597
    My dedibox vhcs install was explotited and all sites deleted. I advise you to stick with webmin.

  3. #3
    Join Date
    Jun 2004
    Location
    Bay Area
    Posts
    1,320
    How was it hacked? Was it really because of VHCS, or just an insecure PHP script or something?

  4. #4
    Well even if one server hacked isnt means VHCS isnt secure. i mean come on....there us countless servers with cpanel that hacked...and still people do pay 50usd a month for cpanel......

  5. #5
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,290
    I can confirm. Ive seen what topgun said on another server with entire sites being deleted.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  6. #6
    and have you reported them?

  7. #7
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,290
    Quote Originally Posted by XtraNetworks
    and have you reported them?
    Its still in investigative stages. I personally wouldnt touch vhcs. If you are a datacenter/server reseller you can get directadmin for around 14 dollars per box. Very nice panel, secure, and reliable.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  8. #8
    Join Date
    Aug 2003
    Posts
    597
    The hacker left a message saying "vhcs exploit by blah blah.." they even gave a url to the exploit although i seem to have lost it now. To this day it remains unpatched.

  9. #9
    Join Date
    Apr 2006
    Location
    Mandaluyong, Philippines
    Posts
    316
    Quote Originally Posted by topgun
    The hacker left a message saying "vhcs exploit by blah blah.." they even gave a url to the exploit although i seem to have lost it now. To this day it remains unpatched.
    Did you happen to install an older copy of VHCS? Maybe from a tarball you had laying around?

    There was a security issue in VHCS that permitted priviliege escallation, it was (almost) patched but not quite, then patched again, there is a bit of confusion as people who thought they were patched indeed were not.

    This link may be helpful :

    http://vhcs.puuhis.net/index.php?opt...id=14&Itemid=2

    There was a similar link on the VHCS site itself, but I can't seem to find anything but the first patch.. unless its since been corrected , edited and consolidated into one post. Probably not the best thing they could have done as someone revisiting it would have no idea there was a second patch.

    If you're sure you had the latest and greatest installed, then indeed it is another issue and should be reported asap to the developers.

    I'm 99.9% sure you had an un-patched, or partial patched copy as all issues surrounding it (according to Secunia) have been resolved , or marked as patched by the authors.

    See here :

    http://secunia.com/search/?search=VHCS

    Nothing past 2006, and everything is marked as resolved. The second link in 2006 describes the issue that allowed your compromise.


    Best,
    -Tim

  10. #10
    they will release VHCS v3 soon, so this should solve this problem, i hope so

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •