Author Topic: How secure is CentOS Web Panel?  (Read 6842 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
How secure is CentOS Web Panel?
« on: January 16, 2021, 03:07:23 PM »
I have been using WebAdmin for years, Today i found http://centos-webpanel.com/ It seems to have a lot more features for running and managing a server. But how secure is it?


Re: How secure is CentOS Web Panel?
« Reply #1 on: January 16, 2021, 03:40:26 PM »
Good Question!
https://rack911labs.ca/research/security-analysis-of-alternative-control-panels/
This mentions one of two key areas where CWP falls down: extremely poor communication and lack of a proper change log.
CWP stated sometime ago that the security points made by Rack911 had been addressed but we are supposed to trust them. There has been zero confirmation of this by any 3rd party and the obscured code makes it difficult for most people to assess.

CWP needs to use Blesta as an example and only encode a few core parts, leaving the rest to be scrutinised and fixed.


That being said, I use CWP (free), CWP Pro and Webmin. I hate the Webmin complex interface and actually think CWP is one of the best, from a functionality viewpoint (if it all worked and was spelled correctly). I assume that you mean Webmin, as opposed to WebAdmin but perhaps not.


Offline
*
Re: How secure is CentOS Web Panel?
« Reply #2 on: January 18, 2021, 02:56:45 PM »
Good Question!
https://rack911labs.ca/research/security-analysis-of-alternative-control-panels/quickpay
This mentions one of two key areas where CWP falls down: extremely poor communication and lack of a proper change log.
CWP stated sometime ago that the security points made by Rack911 had been addressed but we are supposed to trust them. There has been zero confirmation of this by any 3rd party and the obscured code makes it difficult for most people to assess.

CWP needs to use Blesta as an example and only encode a few core parts, leaving the rest to be scrutinised and fixed.


That being said, I use CWP (free), CWP Pro and Webmin. I hate the Webmin complex interface and actually think CWP is one of the best, from a functionality viewpoint (if it all worked and was spelled correctly). I assume that you mean Webmin, as opposed to WebAdmin but perhaps not.

Thanks for sharing the article.

Offline
*****
Re: How secure is CentOS Web Panel?
« Reply #3 on: January 20, 2021, 06:52:18 AM »
its now almost 2 years old
we've already fixed those in 2019

Re: How secure is CentOS Web Panel?
« Reply #4 on: January 20, 2021, 10:51:13 AM »
its now almost 2 years old
we've already fixed those in 2019
The time elapsed is not relevant, especially as many basic older errors still remain.
How would we know?
Quote
..extremely poor communication and lack of a proper change log.
When simple errors are not fixed, how are we expected to believe more serious ones are?  :-\
Quote
CREATION FAILEDS: 0
CREATEDS: 0
RENEWAL FAILEDS: 0
RENEWEDS: 0

There is obviously a lack of testing..
Quote
2021-01-20 03:13:10 (231 KB/s) - ‘phpMyAdmin-5.0.4-all-languages.zip’ saved [14316903/14316903]

tr: write error: Broken pipe
tr: write error
Redirecting to /bin/systemctl reload httpd.service
Redirecting to /bin/systemctl reload httpd.service

Why?!
Quote
###########################
Firewall Flush Daily Blocks
###########################
Gives attackers another chance, each day.
« Last Edit: January 20, 2021, 10:56:48 AM by cynique »

Offline
*
Re: How secure is CentOS Web Panel?
« Reply #5 on: January 20, 2021, 11:57:25 AM »
as everyone you can report any issue you find to cwp team
https://control-webpanel.com/contact
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
*
Re: How secure is CentOS Web Panel?
« Reply #6 on: April 16, 2024, 11:27:15 PM »
Please how secure is CWP now? I really need to know coz i want to use it for a large project on my Contabo dedicated server. I can't afford to pay for cpanel
https://zippyfiles.co
Send Large Files & Photos FREE
Share and transfer files easily. Enjoy fast & secure sharing of files without limitations. Photos | Videos | Audio | Documents

Offline
*****
Re: How secure is CentOS Web Panel?
« Reply #7 on: April 17, 2024, 01:00:12 AM »
You sound like a good candidate for CWP then! I am a cPanel refugee as well. I have a fair bit of admin experience (20+ years) running mail servers, FTP servers, then cPanel & Webmin managed servers, SSH, etc. I find CWP an invaluable tool, mostly for my end users to have a user panel but also makes my job a bit easier. It's as secure as you want to make it -- decent out of the box, but can (and should be) hardened beyond the default state.

https://www.inmotionhosting.com/support/edu/control-web-panel/how-secure-is-control-web-panel/

Offline
*****
Re: How secure is CentOS Web Panel?
« Reply #8 on: April 17, 2024, 10:16:28 PM »
If you run CWPpro with mod_security with the Comodo rule set along with CSF/LDF (configured correctly) then it is secure.

You have to worry more about keeping your scripts/carts/WordPress up to date.
That's where most security holes come from.

Offline
*****
Re: How secure is CentOS Web Panel?
« Reply #9 on: April 18, 2024, 01:37:40 AM »
If you're using an EOL older version of PHP, also consider adding PHP Defender / Sunffleupagus to your security hardening:
https://wiki.centos-webpanel.com/php-defender-snuffleupagus

This is a good in-depth fine tuning guide after the basic CWP install:
https://www.awsmonster.com/cwp-installation-and-configuration_12