Author Topic: How secure is CentOS Web Panel?  (Read 5920 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
How secure is CentOS Web Panel?
« on: January 16, 2021, 03:07:23 PM »
I have been using WebAdmin for years, Today i found http://centos-webpanel.com/ It seems to have a lot more features for running and managing a server. But how secure is it?


Re: How secure is CentOS Web Panel?
« Reply #1 on: January 16, 2021, 03:40:26 PM »
Good Question!
https://rack911labs.ca/research/security-analysis-of-alternative-control-panels/
This mentions one of two key areas where CWP falls down: extremely poor communication and lack of a proper change log.
CWP stated sometime ago that the security points made by Rack911 had been addressed but we are supposed to trust them. There has been zero confirmation of this by any 3rd party and the obscured code makes it difficult for most people to assess.

CWP needs to use Blesta as an example and only encode a few core parts, leaving the rest to be scrutinised and fixed.


That being said, I use CWP (free), CWP Pro and Webmin. I hate the Webmin complex interface and actually think CWP is one of the best, from a functionality viewpoint (if it all worked and was spelled correctly). I assume that you mean Webmin, as opposed to WebAdmin but perhaps not.


Offline
*
Re: How secure is CentOS Web Panel?
« Reply #2 on: January 18, 2021, 02:56:45 PM »
Good Question!
https://rack911labs.ca/research/security-analysis-of-alternative-control-panels/quickpay
This mentions one of two key areas where CWP falls down: extremely poor communication and lack of a proper change log.
CWP stated sometime ago that the security points made by Rack911 had been addressed but we are supposed to trust them. There has been zero confirmation of this by any 3rd party and the obscured code makes it difficult for most people to assess.

CWP needs to use Blesta as an example and only encode a few core parts, leaving the rest to be scrutinised and fixed.


That being said, I use CWP (free), CWP Pro and Webmin. I hate the Webmin complex interface and actually think CWP is one of the best, from a functionality viewpoint (if it all worked and was spelled correctly). I assume that you mean Webmin, as opposed to WebAdmin but perhaps not.

Thanks for sharing the article.

Offline
*****
Re: How secure is CentOS Web Panel?
« Reply #3 on: January 20, 2021, 06:52:18 AM »
its now almost 2 years old
we've already fixed those in 2019

Re: How secure is CentOS Web Panel?
« Reply #4 on: January 20, 2021, 10:51:13 AM »
its now almost 2 years old
we've already fixed those in 2019
The time elapsed is not relevant, especially as many basic older errors still remain.
How would we know?
Quote
..extremely poor communication and lack of a proper change log.
When simple errors are not fixed, how are we expected to believe more serious ones are?  :-\
Quote
CREATION FAILEDS: 0
CREATEDS: 0
RENEWAL FAILEDS: 0
RENEWEDS: 0

There is obviously a lack of testing..
Quote
2021-01-20 03:13:10 (231 KB/s) - ‘phpMyAdmin-5.0.4-all-languages.zip’ saved [14316903/14316903]

tr: write error: Broken pipe
tr: write error
Redirecting to /bin/systemctl reload httpd.service
Redirecting to /bin/systemctl reload httpd.service

Why?!
Quote
###########################
Firewall Flush Daily Blocks
###########################
Gives attackers another chance, each day.
« Last Edit: January 20, 2021, 10:56:48 AM by cynique »

Offline
*
Re: How secure is CentOS Web Panel?
« Reply #5 on: January 20, 2021, 11:57:25 AM »
as everyone you can report any issue you find to cwp team
https://control-webpanel.com/contact
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.