Cpanel easy to hack, and Redhat end of life for products

[johnchan]

Hi all,

I'm considering purchasing some Cpanel licenses for some servers, however, I have some concerns:

1) Seems more and more people are having their Cpanel servers hacked and compromised. Doesn't Cpanel install any security above/beyond the standard Redhat one, or have any PHP/Apache protections against user's poor/vulnerable scripts?

2) Redhat already said the "end of life" for all their various products is firm, and no updates/errata will be posted for any products that pass the "end of life". How does Cpanel handle this? Do they supply their own updates (like for their custom Apache, PHP, and others)? Does it work with the "Redhat Enterprise Linux" with the 5 year end of life?

I'm just concerned about stability... and the above two items are likely to affect this the most (of course, besides getting good solid servers).

Actually, after reading many forums about the above, I'm certainly not the only one with these great concerns. Hope someone knows more about the above!

cPanel.net Support Ticket Number:

 

[bjarne]

RH end of life I don't know about, but you can always upgrade - the whm licenses is not for a set version, as far as I know.

I don't know if whn is much better then uptodate RH, but there is activated portsentry. Sorry to say there is no IPTABLES config editor or anything like this. But portsentry binds to all ports not used by other software, so ..

I general whm servers are updated evry night so exept the kernel you will have a updatet server at all times.

Apache is build for source, wich is good. And bad because you will need to manualy fix it it some modules needs updating, or php needs updating. Good because you can recompile and configure php and apache to fit your needs.

I dislike Exim a lot, it makes me uneasy and I do not trust it. Qmail with maildir would be a lot better I think. It happens from time to time clients get there mailaccount locked - they can download and sometimes it is impossible to fix - looks like (any tips is apriciated). For some 1000 domains this has happend 2-5 times the last year.

I say you cant find a better solution the whm - and it is improving also.

cPanel.net Support Ticket Number:

 

[twhiting9275]

It's not your control panel that's getting you hacked, but your security (or lack thereof) and knowledge of linux issues.

If you remain up to date with the redhat vitals (kernel, etc) that CPanel doesn't do, and keep on top of your CPanel upgrades, then there's no problems whatsoever.

I've been running CPanel for over a year now, and have seen no problems. Then again, I've got a firewall script that'd sooner drop you than let you create problems.

No server that's online will ever be 100% secure and hack proof, however, keeping your server secure and up to date will help that a great bit.

cPanel.net Support Ticket Number:

 

[dthigpen]

New script...

It looks like they're dealing with the RedHat problem, as there is a brand new script called 'distupgrade' which looks to be an experimental version upgrade script for redhat. Maybe they'll even get it working stably eventually, that'd be neat.

cPanel.net Support Ticket Number:

 

[Angel78]

Re: New script...

Originally posted by dthigpen
It looks like they're dealing with the RedHat problem, as there is a brand new script called 'distupgrade' which looks to be an experimental version upgrade script for redhat. Maybe they'll even get it working stably eventually, that'd be neat.

cPanel.net Support Ticket Number:

uhhhh that would be niceeeeeee. even if it was a one time fee or something like that.

cPanel.net Support Ticket Number:

 

[dthigpen]

Why.

Why would there be a fee associated? Heh. It's an automated script. There are various guides on remotely updating a redhat installation in-place around on the internet, and all the rpms are free (of course). It would benefit cpanel by releasing it, As it would give them an excuse to drop Redhat 7.3 support when it hits end of life.

cPanel.net Support Ticket Number:

 

[Angel78]

well i could see the fee to gurantee that it will work.

cPanel.net Support Ticket Number:

 

[AlaskanWolf]

or the time they spent countless hours coding the dang script

cPanel.net Support Ticket Number:

 

[Angel78]

anything "official" from nick?

cPanel.net Support Ticket Number:

 

[casey]

Re: New script...

Originally posted by dthigpen
It looks like they're dealing with the RedHat problem, as there is a brand new script called 'distupgrade' which looks to be an experimental version upgrade script for redhat. Maybe they'll even get it working stably eventually, that'd be neat.

cPanel.net Support Ticket Number:

Wow!! What a wonderful script!!! No, I haven't tested it, but I look forward to an official release.

cPanel.net Support Ticket Number:

 

[johnchan]

End of Life for Redhat

I suppose another way they could do it would be for Cpanel/Darkorb to actually start supporting the entire Operating System as well, so they release patches and stuff by themself, rather than relying on other third-parties to do it?

Sort of like an appliance like Cobalt, where everything is handled and updated by the one company, rather than waiting for upgrades from various ones.

Otherwise, What happens if Redhat decides to release a new version every 3 months, and end of life is every 6 months (this is a possibility too, since end of life is now 12 months).

Does Cpanel expect users to all constantly upgrade to new versions of Redhat every time Redhat decides to change their end-of-life policy or such?

Not that upgrading is a bad thing, but when you are running a mission critical server with hundreds of websites on it, you can't afford to risk the new upgrade not working, or the possible hours and hours of downtime if the upgrade is not smooth.

Any ideas?

cPanel.net Support Ticket Number:

 

[brdweb]

All EOL means is that RedHat won't issue platform-specific fixes. This doesn't mean that there won't be 3rd party packaging or that you couldn't just complile from source yourself. So EOL really isn't that big of an issue if you don't use the RHN service as your exclusive way to update things.

cPanel.net Support Ticket Number:

 

[johnchan]

The only problem with that is that many of us do not have the time to compile all the software (even the most basic ones) from source constantly.

I hear DEBIAN is suppose to be more stable (in their releases) than Redhat, in that they release every 12-24 months.

I have heard TOO many nightmare stories of people upgrading the Redhat version, and ending up having their server trashed.

And now that Redhat now has a policy of a new version every 6 months, do we really need to shutdown our servers and keep updating along with Redhat???

Other control panel like Ensim still on version 7.2, but they fully support the entire operating system, and release patches for ALL the system, not just Ensim control panel. Wouldn't this be better?

Then you can have a CPANEL APPLICANCE... forgot Redhat, or Freebsd, or anything else... a complete package?

cPanel.net Support Ticket Number:

 

[MySundown]

Yeah, a cPanel distro would be niiiiiiice :D

I'd never upgrade my OS on top of another OS versio. Too many configuration problems. I backup everything to the spare HD (or to another server if it doesn't have one), then reformat the drive with a fresh OS install. Much more stable than doing an upgrade

cPanel.net Support Ticket Number:

 

[denisdekat09]

I also would love a cpanel distro. I am now looking into the BSD, Suse and Debian options. I will probably drop Redhat due to this (future servers that is), we have so far set up every server as redhat, and now they want us to start paying, as in they say we should upgrade. So I looked at the price for the enterpise server:

For small to mid-range servers. Starting at $349.00

I was using their software because it was free. I mean for god's sake, its linux, and I am not going to pay an extra $350 per server for something I can get just as well from some else for free. I wish them good luck, they now lost us as clients for good.

 

[jsteel]

Originally posted by denisdekat09
I also would love a cpanel distro. I am now looking into the BSD, Suse and Debian options. I will probably drop Redhat due to this (future servers that is), we have so far set up every server as redhat, and now they want us to start paying, as in they say we should upgrade. So I looked at the price for the enterpise server:

I was using their software because it was free. I mean for god's sake, its linux, and I am not going to pay an extra $350 per server for something I can get just as well from some else for free. I wish them good luck, they now lost us as clients for good.

So you're willing to pay for a control panel on top of the core OS, but not the OS?!?! They're asking you for a whopping $28/month - less that what you pay for cPanel most likely.

There is a reason why Red Hat is the most supported linux distro out there, and I for one will be purchasing ES as for all my servers as soon as cPanel is supporting it fully. $28 is a small price to pay each month for the piece of mind of having a supported product at the caliber Red Hat produces. I find it incredibly hard to believe you couldn't afford $28/month per server.

I am so amazed at how many cheap a**es there are in the hosting business, especially running cPanel - it really makes you wonder if cPanel's target audience is the closet high school kid trying to make a quick buck - the constant b*tching about things needing to be free is certainly not indicative of a professional organization. Many people are entrusting you to run their business on your servers, but you'd rather save $28 by getting something for free with less (or no) support and no one to hold accountable. Personally I think RH moving to the ES platform at nominal cost is the best thing that could have ever happened. Now that people are paying for it, you can be rest assured that bugs/holes will be corrected much faster on Red Hat's part.

This isn't a personal attack on you, but rather its toward the culmination of people that have the same mentality as yours ("everything should be free yet I should be able to profit from it").

 

[johnchan]

Not to say you are wrong, but in Linux's case it is difference. Bugs and problems in Debian Linux (for example) are fixed very fast... even faster than Redhat released patches for it's enterprise systems!

And if you need help, asking a question on one of the mailing lists gets you a reply very fast... sometimes within an hour. Try emailing Redhat or Cpanel or most other companies with a bug report or problem, or heck... try calling Microsoft's tech support, and you'll soon find out how truely superior Debian as a community based product is.

And Debian has 3 branches: stable, testing, unstable. Stable is truely the most stable distro anywhere... rock solid stability, and the packaging system is wonder (forget all about stupid dependencies with rpms).

So don't discredit "free" products/services. They CAN be good. Just look at Debian for a successful example.

 

[rs-freddo]

Originally posted by jsteel
So you're willing to pay for a control panel on top of the core OS, but not the OS?!?! They're asking you for a whopping $28/month - less that what you pay for cPanel most likely.

There is a reason why Red Hat is the most supported linux distro out there, and I for one will be purchasing ES as for all my servers as soon as cPanel is supporting it fully. $28 is a small price to pay each month for the piece of mind of having a supported product at the caliber Red Hat produces. I find it incredibly hard to believe you couldn't afford $28/month per server.

I am so amazed at how many cheap a**es there are in the hosting business, especially running cPanel - it really makes you wonder if cPanel's target audience is the closet high school kid trying to make a quick buck - the constant b*tching about things needing to be free is certainly not indicative of a professional organization. Many people are entrusting you to run their business on your servers, but you'd rather save $28 by getting something for free with less (or no) support and no one to hold accountable. Personally I think RH moving to the ES platform at nominal cost is the best thing that could have ever happened. Now that people are paying for it, you can be rest assured that bugs/holes will be corrected much faster on Red Hat's part.

This isn't a personal attack on you, but rather its toward the culmination of people that have the same mentality as yours ("everything should be free yet I should be able to profit from it").

I just have to agree with you.

 

[PWSowner]

I also agree. It is crazy to pay for the control panel and not be willing to pay for the OS. It is possible that the free OS may be better than a paid one but I'm not sure which is best. All I know is, when the time comes, I plan to take whichever option is best whether it has to be paid for or not. I think the best choice will have a lot to do with cpanels plans.