Results 1 to 11 of 11
  1. #1
    Join Date
    Dec 2001
    Posts
    1,029

    Idea for control panel

    I got to thinking...I don't really like any of the control panels out there, although out of all of the major control panels, I like Cpanel the best because it's the best at keeping things standard, but lots of little things as well as several big things annoy me since I'm such a perfectionist, but since it's closed-source, I can't change it to suit my desires. I've had thoughts about developing my own control panel, but developing a web-based control panel would be a lot of work that I don't want to do right now, but then, while writing some scripts to clean up some configuration files, I got to thinking...I'm very good with C...what if I were to develop a console-based control panel? I don't mean through shell access. I mean like, since most people don't run a telnet server because most people consider it "insecure" (which is a different discussion), I can have the control panel listen on the telnet port, and users can just telnet to the server, enter their user name and password, and configure things using an easy to use text-based menu. If enabled, users can still have shell access through SSH or as a menu option in the control panel if you don't mind telnet access. Windows includes telnet, and so do the many variants of UNIX, so most users wouldn't have to download anything, except maybe Mac users, but I can always provide a telnet java applet. That would also help people who have firewalls that block high outgoing ports. I'm just wondering what you all think about a console-based control panel.
    ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

  2. #2
    I personnaly wouldn't use it because telnet isn't secure. If you run it with SSH, that would be a different thing.

  3. #3
    Join Date
    May 2001
    Posts
    1,593
    I think his point is that since telnet isn't used, he can use it as an alternate control panel interface that has a large client install base (namely, the telnet clients).

    Telnet really isn't that bad if you consider that HTTP authentication also sends password in plain text, which is what many control panels are doing now anyway. (he didn't say use telnet to login as root, he said use telnet as control panel console).

    Peter

  4. #4
    Sending the admin (of the CP, the one used to create resellers,domains, etc.) over telnet allows hackers who can snif the connection to read them. This would still be a pretty big security risk.
    One thing I still don't get is how hackers can snif your connection?

  5. #5
    Join Date
    May 2001
    Posts
    1,593
    Well, the same thing goes for the current control panels as well. I am not saying this is a secure method, but many cpanel installations also use the default non-secure http protocol, which means whatever the admin does is also visible if you (the hacker) know how to see it.

    The hackers snif your connection by intercepting the IP Packets and reading what's inside of them.

    Peter

  6. #6
    An otehr reason I don't like CPanel. I know Ensim uses secure connections. Plesk also I believe.
    Web-cp: an open source control panel: http://www.web-cp.net

  7. #7
    I personally would not be so enthusiastic to be hosted by any company providing a telnet account to log in and make account information changes via a text screen.

    Using a text based control panel, you gotta think farther ahead as to what will it be doing. If it's going to list 40 emaill accounts so you can delete them, how would it be displayed? I would find it annoying to press spacebar 4 or 5 times just to see the list of email accounts.

    If you make an admin/reseller area, there has to be a screen that views all the current customers on that machine.

    My point is that visually and usability, developing any CP as text based via SSH or Telnet is a waste of time. Usability is very limited and very hard for an individual to navigate through the menus unless you got some tech in your blood.

    Most customers don't even known what Telnet or SSH is.

    A control panel is pretty much an interface to manage accounts, doing this via telnet is taking one step backwards. . .
    http://www.blazeboard.com
    Free co-branded portal solutions
    http://www.rimfusion.com
    Free PHP Based Submission Script and Windows based message board notifier

  8. #8
    Join Date
    Dec 2001
    Posts
    1,029
    Originally posted by Gyrbo
    Sending the admin (of the CP, the one used to create resellers,domains, etc.) over telnet allows hackers who can snif the connection to read them. This would still be a pretty big security risk.
    One thing I still don't get is how hackers can snif your connection?
    If you don't get how hackers can sniff your connection, then why do you assume that sending passwords over telnet allows hackers to read them? Don't you use POP3 or FTP? Those send passwords in clear text just like telnet does. Heck, the login page for WebHostingTalk isn't secure. Lots of protocols use clear text. It's not like anyone can just read them. It really annoys me when people say "telnet isn't secure" when they don't even know how it works, but like I said, that's another discussion.

    It doesn't have to be telnet. It could be SSH, but Windows doesn't come with an SSH client.

    So can you come up with something more constructive than "telnet isn't secure" when that really doesn't have anything to do with my post. I was talking about a console-based control panel, perhaps using the telnet port, but other methods would be feasible.
    ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

  9. #9
    Join Date
    Dec 2001
    Posts
    1,029
    Originally posted by Xanthis
    I personally would not be so enthusiastic to be hosted by any company providing a telnet account to log in and make account information changes via a text screen.

    Using a text based control panel, you gotta think farther ahead as to what will it be doing. If it's going to list 40 emaill accounts so you can delete them, how would it be displayed? I would find it annoying to press spacebar 4 or 5 times just to see the list of email accounts.
    It's just as annoying as moving the mouse pointer to the scroll bar, then clicking and dragging, or clicking up or down, or reaching over and pressing the Page Up or Page Down key, or up and down arrow keys. It's not like an unlimited amount of text will fit in a browser window either. Text consoles can have scrolling capability too. If they can't use a keyboard, then they shouldn't be using a computer.

    If you make an admin/reseller area, there has to be a screen that views all the current customers on that machine.
    So...why wouldn't that be possible?

    My point is that visually and usability, developing any CP as text based via SSH or Telnet is a waste of time. Usability is very limited and very hard for an individual to navigate through the menus unless you got some tech in your blood.
    You must have used many poorly-designed text-based interfaces. It's definitely possible to make a user-friendly text-based control panel.

    Most customers don't even known what Telnet or SSH is.
    They don't have to. It's not going to be a command-line shell. Heck, some customers don't even know what FTP is.

    A control panel is pretty much an interface to manage accounts, doing this via telnet is taking one step backwards. . .
    So many people are spoiled by graphics. You don't need graphics for a control panel! A text-based control panel would load quickly for modem users.
    ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

  10. #10
    Originally posted by ToastyX
    If you don't get how hackers can sniff your connection, then why do you assume that sending passwords over telnet allows hackers to read them? Don't you use POP3 or FTP? Those send passwords in clear text just like telnet does. Heck, the login page for WebHostingTalk isn't secure. Lots of protocols use clear text. It's not like anyone can just read them. It really annoys me when people say "telnet isn't secure" when they don't even know how it works, but like I said, that's another discussion.
    I do you use FTP (not POP, I use Yahoo's webmail, wich doesn't send passwords in clear text). I do use as much secure connections as I can.
    However, my website is not something comparable to my server where I host customers who pay me. People try to secure their box with firewalls and tools to keep the hackers out, but what use is it when they can just tap your connection and get your root password that way?

    I do like your idea, don't get me wrong. If you would use SSH, I wouldn't have any problem.
    I wish you luck with your project!

    One suggestion would be to have a command box or something where you can just type your commands like:
    "addreseller username password 100MB 5GB" and that would create the reseller.

  11. #11
    Join Date
    May 2001
    Posts
    1,513
    Hey Toasty,
    I really like your idea, and don't think it's a step backwards at all; quite the contrary. If you ever get going with it, I have a perl script that I wrote that is an SSH client if you're interested that I may be willing to share.

    Somehow when I read your initial post in this thread, I thought I was reading my own post, since you feelings about control panels parallel mine in so many ways.

    I'd love to see a control panel that used sftp, pgpmail, and had everything secure.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •