Author Topic: Some concerns about security  (Read 291 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Some concerns about security
« on: June 18, 2020, 10:16:17 AM »
Hi all,

I use CWP now for a couple of years, and have (almost all the time) been happy using it, only one time all my sites went black. This was caused through an update which put PHP-FPM behind the cwppro subscription. From this time, I'm a bit concerned about the whole web panel.
The cwppro subscription isn't the problem, around 12 euros per year is a bargain. But the fact CWP added an update which broke all my websites without notifying is worrying me. This brought me some questions/concerns.

1. Can't find any contact details from the owner/developers (other then a croatian address and another hosting site)
2. CWP is using Ioncube to encrypt all source code (I can understand with some arguments about non-open source etc. But now point 3)
3. How is CWP updating your server so CWP Pro is enabled, is there a backdoor?
4. I won't link all of them, but there are some forum posts on the internet which doubt the security of CWP. One of them is the forum moderator of CentOS (not CWP, but the OS): https://forums.centos.org/viewtopic.php?f=12&t=66365&sid=49ccd4bcec4e7d009a6d1a94188559b6

So again, I'm using it for a long time, and CWP is offering a lot of functionalities for free, but at this point I'm having a lot of doubts about the safety/security of the web panel and even at the point of looking for an alternative. What are your thoughts?

Offline
*
Re: Some concerns about security
« Reply #1 on: June 18, 2020, 02:01:45 PM »
need cwpteam answer for point 4 ,

Offline
*
Re: Some concerns about security
« Reply #2 on: June 18, 2020, 05:32:44 PM »
cwp is NOT open-source (only some build parts are open), it's a private property of that hosting company you mentioned.
Since it's developed for hosting company having a backdoor would be a security issue for the mentioned company also.

Also, cwp has the most security things integrated into the panel what others don't have so why would somebody integrate security and firewall and then make backdoors?

One more addition to that is that CWP is preparing very soon a big update with the own security system not existing anywhere else and providing the highest possible security level which could be used even by companies requiring custom high-security systems.

Oh and the forum link you mentioned is because CWP has more activity and online users than a forum on that link.
« Last Edit: June 18, 2020, 05:36:04 PM by studio4host »
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
*
Re: Some concerns about security
« Reply #3 on: June 18, 2020, 05:44:58 PM »
Yeah, I know CWP is not open source, as I mentioned in my second point.
Still, the fact that the team of CWP is still anonymous doesn't give me a lot of confidence.
If the hosting company is using the same, they could easily remove the backdoor. I'm not saying they are doing it (don't get me wrong) but it just isn't an argument.

Also, I see you have the same contact details as CWP (STUDIO 4 HOST, 10000 ZAGREB, ROGICEVA 28, CROATIA) so I guess you're the hosting company then :P and it's just based on trust.

Offline
*
Re: Some concerns about security
« Reply #4 on: June 18, 2020, 06:07:44 PM »
if you used some other software before for example cpanel or any other, have you tried to ask them if they made some backdoor or if they can have the backdoor added later or if they already have a backdoor for NSA which can be abused by some more experienced hackers.

What I can say is that if I don't like some software I simply wouldn't use it.
CWP team is communicating with many bigger hosting companies but unfortunately, communication with others is time taking and for a small team with a big client base this is not possible for now without delaying updates and improvements which is the main focus.

VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.