# ZPanel Hacked



## mojeda (May 15, 2013)

http://www.reddit.com/r/netsec/comments/1ee0eg/zpanel_support_team_calls_forum_user_fucken/

A LET reader went to ZPanel forums to check up on if it was safe to use ZPanel due to the wide knowledge that it has many security flaws. PS2Guy was prompt to say that all vulnerabilities were patched in 10.0.1, however joepie responded to remind them that it is not secure.

3 Hours later Joepie got a whopping 100 infraction points for being a "fuckwit."

Redditors are claiming that ZPanel and a few support team member accounts were compromised and the forums and website are now down.

Here is the original thread: http://imgur.com/a/lzRuo

Proof PS2Guy's account was hacked: http://i.imgur.com/l1UQ9dy.png


----------



## 365Networks (May 16, 2013)

Pays off to not be ignorant.


----------



## drmike (May 16, 2013)

Nasty situation.

Is this what set off the LET hackathon or what?  Two events seem to overlap even though unrelated.


----------



## Mike (May 16, 2013)

If there are vulnerabilities in the code, that should be their first priority, not arguing with someone over clear facts.

They seem to think that sending it off to a security accessor is enough, unfortunately in this day-n-age, it's not.


----------



## perennate (May 17, 2013)

Mike said:


> If there are vulnerabilities in the code, that should be their first priority, not arguing with someone over clear facts.
> 
> They seem to think that sending it off to a security accessor is enough, unfortunately in this day-n-age, it's not.


http://forums.zpanelcp.com/showthread.php?27608-ZPanelCP-Server-has-bot-been-compromised


----------



## vanarp (May 17, 2013)

perennate said:


> http://forums.zpanel...een-compromised


@joepie91 are we happy with Bobby Allen's response?


----------



## perennate (May 18, 2013)

vanarp said:


> @joepie91 are we happy with Bobby Allen's response?


Strange, links in quotes seem to break?


----------



## vld (May 18, 2013)




----------



## Eased (May 18, 2013)

That is rather comical. I agree with the joepie91 user.


----------



## Tux (May 18, 2013)

ssh master race

Do I have to say more?


----------



## elusus83 (May 18, 2013)

Wow. Just finding out about this now. That PS2guy is a knucklehead


----------



## Licensecart (May 22, 2013)

elusus83 said:


> Wow. Just finding out about this now. That PS2guy is a knucklehead


I agree, he needs to grow up.


----------



## VPSDATABASE (May 26, 2013)

A lot of stuff is going down!

LET

ZPanel

LR


----------



## wlanboy (Sep 15, 2013)

I was just planing to use zpanel.

So any alternative or is zpanel as save as any other panel can be?


----------



## RiotSecurity (Sep 15, 2013)

wlanboy said:


> I was just planing to use zpanel.
> 
> So any alternative or is zpanel as save as any other panel can be?


Kloxo, Webmin.


----------



## MannDude (Sep 15, 2013)

wlanboy said:


> I was just planing to use zpanel.
> 
> So any alternative or is zpanel as save as any other panel can be?


I actually kind of like Kloxo. For a free panel it works pretty well. I can't comment on the security of it, but function wise, it works.


----------



## Reece-DM (Sep 15, 2013)

MannDude said:


> I actually kind of like Kloxo. For a free panel it works pretty well. I can't comment on the security of it, but function wise, it works.


A better look and it wouldn't be as bad 

Ajenti looks like a cool option: http://ajenti.org/


----------



## MannDude (Sep 15, 2013)

Reece said:


> A better look and it wouldn't be as bad
> 
> Ajenti looks like a cool option: http://ajenti.org/


Never heard of Ajenti, thanks for sharing.


----------



## SeriesN (Sep 15, 2013)

Reece said:


> A better look and it wouldn't be as bad
> 
> Ajenti looks like a cool option: http://ajenti.org/


Buggy as hell and bloated enough for regular usage.


----------



## H_Heisenberg (Sep 15, 2013)

^

No it's not. If you install a fresh copy it barely has components installed so it's not bloated. It's not buggy unless you fail to configure the component correctly.


----------



## HalfEatenPie (Sep 15, 2013)

There's also Kloxo-MR Available (a community member took Kloxo and continued maintenance on it).


----------



## SeriesN (Sep 15, 2013)

H_Heisenberg said:


> ^
> 
> No it's not. If you install a fresh copy it barely has components installed so it's not bloated. It's not buggy unless you fail to configure the component correctly.


Compared side by side, bloated UI, features that should be options and addons. After comparing side by side with Webmin and Kloxo MR, I did not see a single reason to use Ajenti.


----------



## Echelon (Sep 18, 2013)

I'm really starting to think some people could use a hand at public relations courses when you're trying to sell services or products. Yes, the panel's "free", but they sell support. On the other hand, when you have developers going off the handle at people in public, it doesn't help things along.

This is what happens when people are effectively trolled as well...


----------

