# vePortal security alert



## drmike (Mar 31, 2014)

vePortal has known about the flaws for six months now and hasn't taken any real steps into getting them resolved. There are so many flaws in the product that we actually stopped doing any further testing because it was just pointless.* Given the current state of BurstNET, the odds of vePortal being fixed sooner than later looks unlikely*.

Worst of all, the attackers do not even need an account within vePortal to take over the master node! We're talking full admin / root access using a handful of different attack vectors in a matter of seconds to anyone with the slightest bit of knowledge. *Hands down, one of the worst software we have ever looked over in terms of security*.

Suggestion:

Switch to a VPS panel that knows what they are doing. A few suggestions that come to mind: HostGuard, SolusVM, ProxMox, Parallels... just anything! The big concern here is that if someone malicious goes after vePortal and publishes the details or silently exploits them, there will be no work arounds or quick fixes to protect you. Act now before it's too late.

Ongoing Discussion via WHT:


http://www.webhostingtalk.com/showthread.php?t=1362136


----------



## Lorne (Mar 31, 2014)

Virtualizor is worth a mention as well. Pretty shitty deal for all of those using vePortal.


----------



## Virtovo (Mar 31, 2014)

Can't imagine many are using it.  What was bursts involvement with it apart from using it?  The alert suggests it was developed by Burst?


----------



## Packety (Mar 31, 2014)

It is such a shame, cause the control panel isn't that bad  :/


----------



## Francisco (Mar 31, 2014)

Not surprised.

The platform went ages w/o many updates and didn't have working bandwidth accounting for how many

years? Did it ever have working accounting?

Francisco


----------



## jarland (Mar 31, 2014)

Burst owns it? I thought it was owned by some other quiet party with no apparent interest in it's continued commercial status, and I thought burst used Solusvm now.


----------



## Francisco (Mar 31, 2014)

jarland said:


> Burst owns it? I thought it was owned by some other quiet party with no apparent interest in it's continued commercial status, and I thought burst used Solusvm now.


Only where they have to. They use VEPORTAL on everything OVZ as far as I know.

I can't see burst suddenly going "I think dumping $4000/month into solus VM is a great idea!".

VEPORTAL was born in the rush that came from HyperVM's literal death. Once that happened

SolusVM completely changed their timelines, VEPORTAL got shart out in a weekend, & there

was some russian made panel that I can't remember the name of.

Francisco


----------



## rsk (Apr 4, 2014)

eh Francisco .. selling stallion would get you some money ...


----------

