Page 1 of 2 12 LastLast
Results 1 to 40 of 54

Thread: VEPortal

  1. #1
    Join Date
    May 2006
    Location
    NJ, USA
    Posts
    6,456

    VEPortal

    OK so, who uses VEPortal now?

    Does anyone use the WHMCS bridge?

    Is it stable? Noticed any bugs or big flaws? Just curious what everyone thinks now, since it's been out a while..

  2. #2
    Join Date
    May 2006
    Location
    NJ, USA
    Posts
    6,456
    From my asking of people, it appears VEPortal is too buggy.. any input? Everyone is saying take the SolusVM route for stability

  3. #3
    Join Date
    Jun 2003
    Location
    UK
    Posts
    6,601
    I've just played with this for an hour or so and what I've noticed so far is

    a) You can't install it inside a VPS but it has to be on a physical server
    b) There is no SSL support for the admin interface
    c) There is definitely some logic errors in the password reset screen which I'm still playing with
    Russ Foster - Industry Curmudgeon

  4. #4
    Join Date
    Jun 2003
    Location
    UK
    Posts
    6,601
    Also not convinced this is good

    [[email protected] ~]$ id
    uid=500(veportal) gid=500(veportal) groups=500(veportal)
    [[email protected] ~]$ sudo /bin/sh
    sh-3.2# id
    uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
    Russ Foster - Industry Curmudgeon

  5. #5
    Join Date
    May 2006
    Location
    NJ, USA
    Posts
    6,456
    That's a bit concerning!

  6. #6
    With the security hole now found in VEPortal its just not worth the risk.

    SolusVM all the way, its been nothing but superb and the support these guys are giving is second to none.

    Its quite simply a no brainer:

    VePortal: Buggy, Not up to it & Now Security holes have been found.

    SolusVM: Superb from day one, regular updates, extremely secure, and support is fantastic.

    Speaks for it self really.

  7. #7
    Join Date
    May 2006
    Location
    NJ, USA
    Posts
    6,456
    I have SolusVM on some test boxes right now, must say I am enjoying it

  8. #8
    Join Date
    Apr 2000
    Location
    Nevada, US
    Posts
    5,433
    Quote Originally Posted by PCS-Jason View Post
    With the security hole now found in VEPortal its just not worth the risk.

    SolusVM all the way, its been nothing but superb and the support these guys are giving is second to none.

    Its quite simply a no brainer:

    VePortal: Buggy, Not up to it & Now Security holes have been found.

    SolusVM: Superb from day one, regular updates, extremely secure, and support is fantastic.

    Speaks for it self really.


    I take it SolusVM has you brainwashed into responding with such nonsense...

    vePortal fixed the security issue in questions a month ago, within 24 hours of it being brought to their attention. SolusVM just sent out an email recently, a month later, attempting to discredit vePortal based on a security patch they knew already existed and was released a month ago. This is in extremely poor taste, an just based on that alone I would NEVER do business with SolusVM. That bordered on slander/libel and if I were vePortal, I would sue them outright.

    We are running vePortal on dozens of nodes an have nothing but wonderful things to say about their product and support. Any minor issue they have, which all new software will have, when we bring it to their attention, they have it corrected within hours, not even days. That is above and beyond what we can ask for, and we are beyond happy with their product! We will continue to recommend their product every chance we get therefore...
    .
    .
    Last edited by HostJedi; 11-07-2009 at 06:19 PM.

  9. #9
    Join Date
    Apr 2000
    Location
    Nevada, US
    Posts
    5,433
    Quote Originally Posted by PCS-Jason View Post
    With the security hole now found in VEPortal its just not worth the risk.
    You should clarify your statement, as that is intentionally attempting to damage a company for something not even true any longer. vePortal was patched for the issue in question over a month ago. Announcing it now is in poor taste. The issue was not even with vePortal itself, but rather with default Apache config. vePortal changed how it utilized Apache therefore within 24 hours of it being brought to their attention, over a month ago!

    There is no "now found" vePortal security risk, and you should clarify your statement therefore before you damage a company's reputation with a blatant untruth.
    .
    .
    Last edited by HostJedi; 11-07-2009 at 06:29 PM.

  10. #10
    Join Date
    May 2002
    Location
    Kingston, Ontario
    Posts
    1,573
    Quote Originally Posted by rghf View Post
    Also not convinced this is good

    [[email protected] ~]$ id
    uid=500(veportal) gid=500(veportal) groups=500(veportal)
    [[email protected] ~]$ sudo /bin/sh
    sh-3.2# id
    uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)


    Quote Originally Posted by BurstNET View Post
    I take it SolusVM has you brainwashed into responding with such nonsense...

    vePortal fixed the security issue in questions a month ago, within 24 hours of it being brought to their attention. SolusVM just sent out an email recently, a month later, attempting to discredit vePortal based on a security patch they knew already existed and was released a month ago. This is in extremely poor taste, an just based on that alone I would NEVER do business with SolusVM. That bordered on slander/libel and if I were vePortal, I would sue them outright.

    We are running vePortal on dozens of nodes an have nothing but wonderful things to say about their product an support. Any minor issue they have, which all new software will have, when we bring it to their attention, they have it corrected within hours, not even days. That is above and beyond what we can ask for, and we are beyond happy with their product! We will continue to recommend their product every chance we get therefore...
    .
    .
    Yes Burst. vePortal is is the all mighty single best VPS control panel EVER built. The developers even told me they had ZERO bugs during development. The post above yours, which was posted yesterday, does not show that vePortal can become root by anyone who has a clue. This must be a mistake. vePortal never has security issues nor does it make mistakes. Anyone who speaks badly of vePortal will get sued according to them and you....

    You're posts are clearly favoring vePortal because you're doing business with them and is laughable at best. Stop spamming the forums about any negative vePortal postings, you're making your own business look terrible.
    Upload Guardian 2 - Malicious Upload Scanner - Windows and Linux!
    Instantly scan uploaded files
    Get notified when released

  11. #11
    Quote Originally Posted by BurstNET View Post
    I take it SolusVM has you brainwashed into responding with such nonsense...
    Thanks for the personal insult..

    I think its worth pointing out that you are a Partner in VEPortal and therefore you are obviously going to be very one sided.

    Im not prepared to reply to your post any further as they are just getting out of hand and resorting to personal insults.

  12. #12
    Join Date
    Apr 2000
    Location
    Nevada, US
    Posts
    5,433
    Quote Originally Posted by rghf View Post
    I've just played with this for an hour or so and what I've noticed so far is

    a) You can't install it inside a VPS but it has to be on a physical server
    b) There is no SSL support for the admin interface
    c) There is definitely some logic errors in the password reset screen which I'm still playing with
    a) Of course not! it is VPS platform management software, not a hosting control panel

    b) You can install your own SSL certificate and run it on SSL if so desired. It works perfectly fine...we tested it. Future vePortal versions will have it auto-installed from what they tell us. We specifically requested this from them.

    c) Not sure what that is regarding, but we've had no issues with this function.

  13. #13
    Join Date
    May 2006
    Location
    NJ, USA
    Posts
    6,456
    Guys, enough. If I wanted to incite a damn flame war, I would have done it. If you don't have something constructive to say to the questions I asked by posting the thread, then GO AWAY.

  14. #14
    Join Date
    Apr 2000
    Location
    Nevada, US
    Posts
    5,433
    Quote Originally Posted by PCS-Jason View Post
    Thanks for the personal insult..

    I think its worth pointing out that you are a Partner in VEPortal and therefore you are obviously going to be very one sided.

    Im not prepared to reply to your post any further as they are just getting out of hand and resorting to personal insults.

    Yes, we are indeed one of their distributors, and proud of it.
    Their product rocks!

    My comments are not one-sided whatsoever.
    I just pointed out a complete lie regarding a new security risk being just found, and that SolusVM announced such a month later being in very poor taste, or worse.

    These actions by SolusVM and yourself speak for themselves.

    Run away if you want, you have just been proven to be completely wrong with your info at best, outright lying at worst.
    .
    .

  15. #15
    Join Date
    Apr 2000
    Location
    Nevada, US
    Posts
    5,433
    Quote Originally Posted by Dougy View Post
    Guys, enough. If I wanted to incite a damn flame war, I would have done it. If you don't have something constructive to say to the questions I asked by posting the thread, then GO AWAY.

    Correcting an untruth posted about a product is very constructive...probably as constructive as a post can get.
    It is important that such is posted, lest readers get the wrong opinion of a product based on false information posted.
    .
    .

  16. #16
    Quote Originally Posted by PCS-Jason View Post

    I think its worth pointing out that you are a Partner in VEPortal and therefore you are obviously going to be very one sided.

    Very true.
    mainstreamnetworks.net
    Instant vps setup
    Cpanel/WHM Direct Admin

  17. #17
    Join Date
    May 2006
    Location
    NJ, USA
    Posts
    6,456
    Sorry, BurstNET -1 here.. that is an obviously biased reply no matter how solid (or weak) the product is.

  18. #18
    Join Date
    Apr 2000
    Location
    Nevada, US
    Posts
    5,433
    Quote Originally Posted by Ramprage View Post
    You're posts are clearly favoring vePortal because you're doing business with them and is laughable at best. Stop spamming the forums about any negative vePortal postings, you're making your own business look terrible.
    You are entitled to your own opinion, as we are ours.

    Our clients base would tend to disagree with you. We are running dozens of nodes at this point, serving hundreds of VE, since we released our vePortal-based offerings a couple weeks ago. Our clients have been raving about them, and have been quite happy with the software we are using. We have every right to disagree with people that feel otherwise, especially when they are stooping as low as to post false/outdated information.

    You have a grudge against vePortal personally from what I heard, so I understand why you are posting this. Gavin told me he got a little defensive when you brought some issues to his attention initially, and just felt like you were attacking their product. He did indeed rectify those issues however, but apparently you never bothered to respond back to them after they informed you of that, and I guess prefer to ignore them and publicly complain about old, corrected issues instead.
    .
    .

  19. #19
    Join Date
    Apr 2000
    Location
    Nevada, US
    Posts
    5,433
    Quote Originally Posted by mainstreamnet View Post
    Very true.

    Actually, we are FAR more a user of the product, then we are a distributor.

    My comments are from a user standpoint strictly, and really have nothing to do with reselling their licenses. We recommend the product to our client base when they inquire, but only because we are extremely happy using it on our own nodes first. We only recently listed it as available to our Dedicated Server clientele, after we were up and running and satisfied using it ourselves.

    .
    .

  20. #20
    Join Date
    May 2002
    Location
    Kingston, Ontario
    Posts
    1,573
    Quote Originally Posted by BurstNET View Post
    You are entitled to your own opinion, as we are ours.

    Our clients base would tend to disagree with you. We are running dozens of nodes at this point, serving hundreds of VE, since we released our vePortal-based offerings a couple weeks ago. Our clients have been raving about them, and have been quite happy with the software we are using. We have every right to disagree with people that feel otherwise, especially when they are stooping as low as to post false/outdated information.

    You have a grudge against vePortal personally from what I heard, so I understand why you are posting this. Gavin told me he got a little defensive when you brought some issues to his attention initially, and just felt like you were attacking their product. He did indeed rectify those issues however, but apparently you never bothered to respond back to them after they informed you of that, and I guess prefer to ignore them and publicly complain about old, corrected issues instead.
    .
    .
    So you are more than a company using their product. Clearly you just stated that you a speaking privately with an owner of the company about a private conversation I had, in a private support issue. If you are not a partner in ownership of VePortal then vePortal must have ZERO customer confidentiality and they share conversations with "friends"? Either way I have absolutely no tolerance for any company who tries to make me look bad when they are in the wrong. Especially those who lie or do no keep customer conversations private.

    You better come clean and admit you're part owner or explain how you're speaking to one of the owners about private customer conversations, that frankly, are absolutely none of your business in the first place nor anyone elses. Do you also go around and share private support tickets with people you feel like?

    Yes Galvin did get defensive, he threatened me legally actually. Why would I bother to respond back to someone who just legally threatens you after you try to help them secure their product? I uninstalled their product and vowed never to use it again after the horrible customer service and insecurity of the product, which they finally admitted to. If they fixed it or not I do not care. The damage was done.
    Last edited by Ramprage; 11-07-2009 at 07:01 PM.
    Upload Guardian 2 - Malicious Upload Scanner - Windows and Linux!
    Instantly scan uploaded files
    Get notified when released

  21. #21
    Join Date
    Apr 2000
    Location
    Nevada, US
    Posts
    5,433
    Quote Originally Posted by Dougy View Post
    OK so, who uses VEPortal now?

    Does anyone use the WHMCS bridge?

    Is it stable? Noticed any bugs or big flaws? Just curious what everyone thinks now, since it's been out a while..
    We are using this with WHMCS and it works fine.

    Older versions of WHMCS, 4.0.2 we tested, have an issue with upgrades (due to how WHMCS handles upgrades unfortunately). But the vePortal module bypasses that on WHMCS 4.1.0 and higher, and uses a workaround to retain package data during WHMCS upgrade process.
    .
    .

  22. #22
    Join Date
    Apr 2000
    Location
    Nevada, US
    Posts
    5,433
    Quote Originally Posted by Ramprage View Post
    You better come clean and admit you're part owner or explain how you're speaking to one of the owners about private customer conversations, that frankly, are absolutely none of your business in the first place nor anyone elses. Do you also go around and share private support tickets with people you feel like?

    We host a good portion of their servers, and we have a direct line to their staff because of it. We have given them direct input on their product, what we like about it, what we do not, what needs to be fixed, etc...and they listen. We have a very close relationship with them. We are their largest user/client, are a huge fish for them to have caught (one of the top data centers for hosting VPS nodes) to be their client, and they take our input very seriously therefore.

    When we saw your initial post, as a fellow user, that concerned us heavily. Therefore, we specifically asked him why you would make posts like you have and acted like you did. He told me that you brought the initial issues to his attention, how he reacted initially, and that they fixed them all, then you ignored him. There was nothing wrong with what he told us whatsoever, and no client confidentiality was breached by any means. In fact, I do not even know who you are, just your username/post here on WHT. If anything, he was appreciative that you did bring them to his attention.

    If you want to hold a grudge against vePortal for how they initially reacted, i could not care less, and I can even understand/agree with it, and it's none of my business/concern really. But as a heavy user of their product, your lack of acknowledging that they did indeed address/correct the issues is, regardless of how they went about it.
    .
    .

  23. #23
    Quote Originally Posted by BurstNET View Post
    I take it SolusVM has you brainwashed into responding with such nonsense...

    vePortal fixed the security issue in questions a month ago, within 24 hours of it being brought to their attention. SolusVM just sent out an email recently, a month later, attempting to discredit vePortal based on a security patch they knew already existed and was released a month ago. This is in extremely poor taste, an just based on that alone I would NEVER do business with SolusVM. That bordered on slander/libel and if I were vePortal, I would sue them outright.

    We are running vePortal on dozens of nodes an have nothing but wonderful things to say about their product and support. Any minor issue they have, which all new software will have, when we bring it to their attention, they have it corrected within hours, not even days. That is above and beyond what we can ask for, and we are beyond happy with their product! We will continue to recommend their product every chance we get therefore...
    .
    .
    1st email:

    ** This advisory only concerns clients who have installed SolusVM over VePortal **

    It has been brought to our attention that a severe security hole may have been found on systems where SolusVM has been installed over an existing VePortal installation. This suspected security hole is in no way connected with SolusVM so if you have not had vePortal on your server you need do nothing.

    We have identified a suspected hole where running versions of VePortal have not been removed prior to the installation of SolusVM thus leaving the system open to a root exploit via the running apache processes. A standard installation of SolusVM does not use Apache so it is safe to issue the command 'service httpd stop' to turn off apache until the makers of vePortal have told us the best way to remove their software.

    If you are unsure whether this affects your SolusVM installations you must make sure httpd/apache has been shutdown properly on each of your host nodes using the command above.

    We have contacted VePortal regarding full removal of their product and are awaiting a reply. As soon as we have full instructions we will notify you via our mailing system.

    Regards

    SolusLabs Ltd

    Second email:

    With regard to our previous email about a potential security exploit if vePortal is not removed prior to an installation of SolusVM, we have now had a response from the developer of vePortal.

    On behalf of ex vePortal clients we asked for details of how to remove vePortal from a system. The vePortal developer has declined to help remove their software and modifications from your system. Whilst we feel this is an irrisponsible course of action for them to take, it is entirely their decision that we have no say in. The SolusVM developers are, as always, concerned about security so if you have already migrated from vePortal to SolusVM or are considering migrating, please contact vePortals customer care department and ask them how to remove their software. As you are (or were) their client, they should have some obligation toward you. It is not the responsibity of SolusLabs to fix security holes in other vendors software.

    Regards,

    SolusLabs (SolusVM Developer)

    I'm agree with you Burst, SolusVM email is something that you SHOULD or CANNOT DO. That's ridiculous for SolusVM to insult/influence others.

    The problem is fixed with nah very easy solution as I can see how vePortal work actually (as I'm a programmer).


    Actually i'm surprised and curious the email from SolusVM come from where?
    Last edited by BasicCX; 11-07-2009 at 07:46 PM.

  24. #24
    For the second email, the solution can be found here on WHT.

    Haha.. why does SolusVM don't do research before claimed that it can't be remove?

  25. #25
    Quote Originally Posted by BasicCX View Post
    I'm agree with you Burst
    Lol, the cavalry has arrived - i seem to recall seeing you in another of the SolusVM vs vePortal threads a while back....
    * www.valuevps.co.uk - Quality VPS's at affordable prices, UK and USA
    * Full and part cabinets - Dedicated Servers - Colocation - cPanel Hosting - Windows VPS - DirectAdmin Hosting - Reseller Accounts

  26. #26
    Join Date
    Apr 2007
    Location
    United Kingdom
    Posts
    1,686
    Even though Solus is a competitor to vePortal it's still good that they're notifying their users of potential holes that could exist on their clients servers. Seeing as the email was sent to SolusVM client's it's unlikely they were just trying to steal business or discredit vePortal.

    Burst sell vePortal, their opinion is obviously going to be extremely one sided, regardless of how bad the software is.
    EZPZ Hosting - Dependable and Affordable Web Hosting
    LiteSpeed SSD Powered cPanel Shared & Reseller Hosting | Budget VPS, Managed VPS and Dedicated
    Reseller Hosting Specialists | WHMCS-Based End User Support | Unlimited SSLs | UK and USA
    99.9% Uptime Guarantee | 24/7 Support | 30 Day Money Back Guarantee

  27. #27
    Quote Originally Posted by Dan_EZPZ View Post
    Even though Solus is a competitor to vePortal it's still good that they're notifying their users of potential holes that could exist on their clients servers. Seeing as the email was sent to SolusVM client's it's unlikely they were just trying to steal business or discredit vePortal.

    Burst sell vePortal, their opinion is obviously going to be extremely one sided, regardless of how bad the software is.

    Yes, that's good to inform your clients about security risk. But the email they give is what can I say something wrong...

  28. #28
    Quote Originally Posted by BasicCX View Post
    Yes, that's good to inform your clients about security risk. But the email they give is what can I say something wrong...
    There is nothing wrong with that email - it is not saying anything that is not true.
    * www.valuevps.co.uk - Quality VPS's at affordable prices, UK and USA
    * Full and part cabinets - Dedicated Servers - Colocation - cPanel Hosting - Windows VPS - DirectAdmin Hosting - Reseller Accounts

  29. #29
    Join Date
    Apr 2009
    Location
    Adelaide, Australia
    Posts
    83
    From my point of view, I can understand Solus sending out these e-mails. The biggest concern for a vendor is having security holes found within it's software so a vendor should be as proactive as possible (ie fixing XSS issues ASAP rather than arguing that they are "fine" ) and this includes when they find a hole caused by another piece of software, regardless of whether it has been found before.
    Reading between the lines, I think there are quite a few people jumping ship from vePortal to SolusVM which means that this should be an issue taken seriously! If Solus did nothing and someone was hacked, the initial blame would immediately fall upon Solus. They would more than likely be able to prove that it was related to the vePortal hole but we all know that egg sticks and no one wants accusations of being insecure, even if they can be disproven.

    The 2nd e-mail from Solus states that vePortal have declined to offer any advice to Solus in order to help them remove vePortal (and the security issue). If this is true then vePortal clients should be asking their vendor an important question: what is more important, hurting the competition or preventing security issues for now-ex clients?

    I'm eagerly awaiting Donna from vePortal's post (or a flame from BurstNET! ).
    AdelaideHost - providing shared and VPS hosting.
    Reliability and professionalism at prices that don't hurt your wallet!

  30. #30
    Quote Originally Posted by Ceaser View Post
    The 2nd e-mail from Solus states that vePortal have declined to offer any advice to Solus in order to help them remove vePortal (and the security issue). If this is true then vePortal clients should be asking their vendor an important question: what is more important, hurting the competition or preventing security issues for now-ex clients?

    I'm eagerly awaiting Donna from vePortal's post (or a flame from BurstNET! ).
    If the ex-clients of vePortal (you may know they use "old vePortal" - before they fixed the issue) want to fix their issue.

    For that, Donna has pointed out how to remove it.


    As Burst said, there are several choice:

    1. Stay, - Fix it with the latest version (completely new vePortal).
    2. Migrate - Jump from old vePortal (use Donna guide, as you are not fix yet the vePortal which mean you use 'Old vePortal'.
    Last edited by BasicCX; 11-07-2009 at 08:55 PM.

  31. #31
    Join Date
    Jan 2003
    Location
    U.S.A.
    Posts
    3,911
    Quote Originally Posted by Starteck2002 View Post
    There is nothing wrong with that email - it is not saying anything that is not true.
    Its an issue if they send it out to non-clients. I also got the email and have to say I personally think it was a cheap shot.

    http://forum.soluslabs.com/showthrea...light=veportal

    Do they really need to always highlight veportal? I am sure that they could of easily said in that thread a "competitor" or something along those lines. I was going to consider using them but I have a couple of issues.

    1. Seem like they take cheap shots.
    2. Took forever to update the site.
    3. Template system is not currently able to be modified.

    Veportal on the other hand has had a few security issues, as i'm sure we've all seen. The developers have been more than happy to correct them after seeing that they were in fact security concerns. The only issue I have in their testing method is that they are using just beta testers. I am sure that the beta testers are not actually trained/certified to look for security concerns. I would personally like to see the code reviewed by a third party and not "Billy Bob" who has hardly any coding knowledge.

    Veportal also makes it easy to theme your design into the script. :-)

  32. #32
    Join Date
    Feb 2006
    Location
    Kusadasi, Turkey
    Posts
    3,273
    Quote Originally Posted by Matt - HostPenguin View Post
    http://forum.soluslabs.com/showthrea...light=veportal

    Do they really need to always highlight veportal?
    I believe that might be related to the URL you posted
    Fraud Record - Stop Fraud Clients, Report Abusive Customers.
    █ Combine your efforts to fight misbehaving clients.

    HarzemDesign - Highest quality, well designed and carefully coded hosting designs. Not cheap though.
    █ Large and awesome portfolio, just visit and see!

  33. #33
    Join Date
    Apr 2009
    Location
    Adelaide, Australia
    Posts
    83
    Quote Originally Posted by Matt - HostPenguin View Post
    http://forum.soluslabs.com/showthrea...light=veportal

    Do they really need to always highlight veportal? I am sure that they could of easily said in that thread a "competitor" or something along those lines. I was going to consider using them but I have a couple of issues.
    Considering this issue is specifically affecting vePortal installs, I think they did need to "highlight vePortal."
    AdelaideHost - providing shared and VPS hosting.
    Reliability and professionalism at prices that don't hurt your wallet!

  34. #34
    Join Date
    Jan 2003
    Location
    U.S.A.
    Posts
    3,911
    Quote Originally Posted by Ceaser View Post
    Considering this issue is specifically affecting vePortal installs, I think they did need to "highlight vePortal."
    Quote from that link I posted:
    We have had an influx of new customers due to the exploits found in Veportal 2.0. This in turn has stretched our support to the limit and ticket replies are taking up to an hour or two to be answered.

    Anyone requiring assistance should still contact support via the normal channels and not via PM on these forums.

    If you need your server converting from Veportal to SolusVM you must also submit a ticket.

    Thanks for your patience.
    Why not just state support is a little bit slower due to a recent rise in customers because of a defective competitor product?

    Should they email non-clients about this bug? No they shouldn't email non-clients about a competitors product regardless of any possible flaws. Why would I care about a bug in Veportal when i'm not even using it? Is it to scare me of possibly using veportal? I think so and i'm just waiting for someone to point out the flaws in SolusVM.

  35. #35
    Quote Originally Posted by Matt - HostPenguin View Post
    Should they email non-clients about this bug? No they shouldn't email non-clients about a competitors product regardless of any possible flaws.
    I suggest you read up on this. The email was sent to our own clients that are registered on our own database.
    * www.valuevps.co.uk - Quality VPS's at affordable prices, UK and USA
    * Full and part cabinets - Dedicated Servers - Colocation - cPanel Hosting - Windows VPS - DirectAdmin Hosting - Reseller Accounts

  36. #36
    Starteck2002,
    It's obvious your going to call me bias to vePortal, Because quite frankly i am.

    But I nor any of the vePortal Team have ever mentioned your product, We have had issues with it in the past, When we did we sought your assistance and you quite rudely told our lead developer you would refuse to assist. And because of this the response you got to the above mentioned issue i feel is very justified.

    Check our entire website, We even keep our clients opinions of SolusVM to a down-low in our forums etc, Because its NOT in good taste to continuously attempt to discredit or "Bash" a competitors product.

    From my point of view, Looking from outside the window, It was and is yet another cheap shot at vePortal. But it's become quite laughable within the team now.

    I've yet to see the likes of the real industry leading panels or any other product for that matter that re-structured their entire product within 48 Hours due to a small security flaw found within the software.

    Quote Originally Posted by Matt - HostPenguin View Post
    The only issue I have in their testing method is that they are using just beta testers. I am sure that the beta testers are not actually trained/certified to look for security concerns. I would personally like to see the code reviewed by a third party and not "Billy Bob" who has hardly any coding knowledge.
    Hi Matt,
    Thank you for your response, I would take that as a suggestion more than a dig at our methods. We don't allow the "Average Joe" to become a Beta tester anymore in fact we have a small group of people who do actually get to test the product.

    Obviously BurstNET are our Primary Tester, As from experiences long before vePortal i know their team has an extensive knowledge of security auditing and a wide range of different skill sets.

    Other testers are known associates to vePortal, Trusted companies who aren't going to create issues or relay sensitive data to competitors prior to our releases.


    Hopefully i havn't missed anyone, This is a rather long thread to wake up to
    D.Woodvine

  37. #37
    Quote Originally Posted by VW-Donna View Post
    But I nor any of the vePortal Team have ever mentioned your product, We have had issues with it in the past, When we did we sought your assistance and you quite rudely told our lead developer you would refuse to assist.
    Wrong, Gavin contacted us to assist in the development of a migration script to migrate FROM SolusVM to vePortal. Of course we will not assist, no more than we would expect vePortal to assist us in developing a script to migrate vePortal to SolusVM.

    And because of this the response you got to the above mentioned issue i feel is very justified.
    No, not justified at all. You have introduced an insecurity to your clients servers so the obligation must fall on you to fix that for ALL past and present clients that would be affected.

    Check our entire website, We even keep our clients opinions of SolusVM to a down-low in our forums etc, Because its NOT in good taste to continuously attempt to discredit or "Bash" a competitors product.
    Please tell that to .. Burstnet.

    From my point of view, Looking from outside the window, It was and is yet another cheap shot at vePortal. But it's become quite laughable within the team now.
    Your point of view can't 'look from outside the window' as you have already stated you are biased toward vePortal.

    I've yet to see the likes of the real industry leading panels or any other product for that matter that re-structured their entire product within 48 Hours due to a small security flaw found within the software.
    I'm sure that if they found a security flaw they would act very proactively as vePortal did when their flaw was discovered. The only issue now is how vePortal will react in helping people who have previously installed their software and now have server(s) with a 'small security flaw'. Also, it doesn't matter how big the hole in the bucket is, water will still get through so down scaling your security flaw to 'small' makes no odds - it is still a security flaw.
    * www.valuevps.co.uk - Quality VPS's at affordable prices, UK and USA
    * Full and part cabinets - Dedicated Servers - Colocation - cPanel Hosting - Windows VPS - DirectAdmin Hosting - Reseller Accounts

  38. #38
    The point here is still being missed. There is a security flaw that has been introduced by vePortal that we notified OUR OWN CLIENTS about. It was not a 'cheap shot' at anyone. No matter what is being said in here, that securty risk still stands and so far nothing is being done about it other than telling our clients to disable httpd.

    We are entitled to (and are expected) to tell our own clients of security risks so the people in here flaming us for sending that email should back off unless they have something constructive to add to the resolution. The email was sent in good faith to people that are our clients or who have signed up to our database, so please, lay that one to rest. Thanks.
    * www.valuevps.co.uk - Quality VPS's at affordable prices, UK and USA
    * Full and part cabinets - Dedicated Servers - Colocation - cPanel Hosting - Windows VPS - DirectAdmin Hosting - Reseller Accounts

  39. #39

    *

    Quote Originally Posted by Starteck2002 View Post
    Wrong, Gavin contacted us to assist in the development of a migration script to migrate FROM SolusVM to vePortal. Of course we will not assist, no more than we would expect vePortal to assist us in developing a script to migrate vePortal to SolusVM.
    When Gavin did so the entire line read he would fully reciprocate, By the looks of this thread by accepting a vePortal -> SolusVM Migration script would have saved you a fair bit of time. But You cant predict these things can you?

    Quote Originally Posted by Starteck2002 View Post
    No, not justified at all. You have introduced an insecurity to your clients servers so the obligation must fall on you to fix that for ALL past and present clients that would be affected.
    The issue was fixed, For the 3rd time today It was fixed within 24 Hours, And surprisingly The thread on your forum went up rather quickly after somebody posted on WHT about the security hole. And our helpdesk was very quiet at the time. To me it looks like you ensured your new (vePortals ex) clients that moving to Solus was a great idea because you wouldn't miss something so big and obvious... Right?


    Quote Originally Posted by Starteck2002 View Post
    Please tell that to .. Burstnet.
    You want me to tell one of our largest customers and distributors to stop fighting our defence? BurstNET are a customer of ours. We will ask them to stop posting on our behalf when your TOS states your customers aren't allowed to either... Sound pointless? Because it is! If you have a problem with BurstNET take it up with them.


    Quote Originally Posted by Starteck2002 View Post
    Your point of view can't 'look from outside the window' as you have already stated you are biased toward vePortal.
    Fair comment, But for what I was "Viewing", I'm not the only one thinking so right?

    Quote Originally Posted by Starteck2002 View Post
    I'm sure that if they found a security flaw they would act very proactively as vePortal did when their flaw was discovered. The only issue now is how vePortal will react in helping people who have previously installed their software and now have server(s) with a 'small security flaw'. Also, it doesn't matter how big the hole in the bucket is, water will still get through so down scaling your security flaw to 'small' makes no odds - it is still a security flaw.
    I'm happy to see something positive come from your posts about vePortal. We did act VERY fast. We fixes the security hole in 2 seconds for those that come forward about it... We don't store our users server information (For obvious reasons) So unless they reported it we couldn't fix it. A Full acceptable release was made 24 Hours later fixing all concerns.
    D.Woodvine

  40. #40
    Quote Originally Posted by Starteck2002 View Post
    The point here is still being missed. There is a security flaw that has been introduced by vePortal that we notified OUR OWN CLIENTS about. It was not a 'cheap shot' at anyone. No matter what is being said in here, that securty risk still stands and so far nothing is being done about it other than telling our clients to disable httpd.

    We are entitled to (and are expected) to tell our own clients of security risks so the people in here flaming us for sending that email should back off unless they have something constructive to add to the resolution. The email was sent in good faith to people that are our clients or who have signed up to our database, so please, lay that one to rest. Thanks.
    Come on, Quit being Denial, Both BurstNET and Others called your bluff. That email was worded to say vePortal in general was insecure! We dont expect an appology for it. But yet we still took it as expected abuse and posted the fix in the other thread that got to 5+ Pointless Pages.

    Edit:
    Actually, I'm sorry thats inaccurate.
    Removing vePortal is Virtually Impossible, it will take you a very long time shifting around files etc, But the fix given in the other thread is the fix to the security hole. Obviously if you wish to use HTTPD for other things in v2.0 And Older you need to edit httpd.conf or in v2.1 Onwards remove /etc/httpd/conf.d/veportal.conf but that goes without saying.
    Last edited by VW-Donna; 11-08-2009 at 06:37 AM. Reason: Correction & Instruction.
    D.Woodvine

Page 1 of 2 12 LastLast

Similar Threads

  1. FYI -- VePortal 2.0 is avaliable
    By KmacK in forum VPS Hosting
    Replies: 18
    Last Post: 10-16-2009, 04:59 PM
  2. Looking for a VePortal guru
    By w4Net in forum Employment / Job Offers
    Replies: 8
    Last Post: 09-16-2009, 04:47 PM
  3. Uninstall vePortal?
    By N|Kitmitto in forum Dedicated Server
    Replies: 6
    Last Post: 08-23-2009, 04:42 AM
  4. vePortal Installation
    By N|Kitmitto in forum Hosting Security and Technology
    Replies: 5
    Last Post: 07-09-2009, 04:06 AM
  5. Info on vePortal.com
    By vfg1 in forum VPS Hosting
    Replies: 9
    Last Post: 07-06-2009, 12:09 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •