# New SolusVM Beta Build Security Update Rev13 8/27/2013



## ryanarp (Aug 28, 2013)

I haven't seen this posted yet, so thought I would since it contains security enhancements from audit. 

Revision 13 (27 August 2013) Beta Build



Added Client, Reseller and Admin single session support. Default is ON but can be disabled from the admin area Configuration » Settings » Security.

Added <on_poweroff>destroy</on_poweroff> and <on_reboot>restart</on_reboot> to KVM xml config files.

Fixed length of virtual server hostnames.

Changed the way disabling a KVM virtual servers VNC works due to networking issues. VNC's are now spawned locally when disabled.

This release also contains security enhancements as per the external audit recommendations.



http://docs.solusvm.com/release_versions_beta#revision_13_27_august_2013


----------



## rds100 (Aug 28, 2013)

Hmm nothing on their blog. No tweet. No email...


----------



## ryanarp (Aug 28, 2013)

Yea I thought it was strange I didn't see it posted anywhere yet, I just happened upon it.


----------



## rds100 (Aug 28, 2013)

Oh, it's the beta release, that's why. Nothing yet for the "stable" branch.


----------



## ryanarp (Aug 28, 2013)

Ah, will change topic title to reflect its just for those who are living life on the edge.


----------



## Nick_A (Aug 28, 2013)

Yeah, I was wondering why they posted an update without posting on the blog. Somewhat concerning.


----------



## Francisco (Aug 28, 2013)

Is there still providers with their SolusVM's disabled?

Or has everyone enabled theirs now?

Francisco


----------



## rds100 (Aug 28, 2013)

Ours is disabled still. Waiting to see the "fixed" version SolusVM releases.

By the way, does anyone else have a problem with rdns4 support in SolusVM being broken in the recent version? I've no idea when it broke actually.


----------



## Francisco (Aug 28, 2013)

rds100 said:


> Ours is disabled still. Waiting to see the "fixed" version SolusVM releases.
> 
> By the way, does anyone else have a problem with rdns4 support in SolusVM being broken in the recent version? I've no idea when it broke actually.


I thought you guys had your own panel?

Francisco


----------



## rds100 (Aug 28, 2013)

Nope, VPSes are controlled by SolusVM. Although we did add some small custom things to it (like working rdns6 support - more than two years ago and still using mine instead of theirs)


----------



## Aldryic C'boas (Aug 28, 2013)

rds100 said:


> Nope, VPSes are controlled by SolusVM. Although we did add some small custom things to it (like working rdns6 support - more than two years ago and still using mine instead of theirs)


Don't tell them that... they'll accuse you of decompiling their panel and suspend your license (like they did to us).. and when you do show them your code to prove everything's legit, they'll steal it and use it to fix their own broken mess (like they also did to us -_-)


----------



## rds100 (Aug 28, 2013)

They can try but... i'm not a PHP guy, i wrote it in perl  They can have it if they want, no problem ;-)


----------



## Aldryic C'boas (Aug 28, 2013)

Ahahaha... I actually kinda hope that happens now (not that they suspend you, of course)... as bad as their PHP was, I shudder to imagine what would happen if they tried converting perl XD


----------



## Zen (Aug 28, 2013)

Aldryic C said:


> Don't tell them that... they'll accuse you of decompiling their panel and suspend your license (like they did to us).. and when you do show them your code to prove everything's legit, they'll steal it and use it to fix their own broken mess (like they also did to us -_-)


mysql_


----------



## MannDude (Aug 28, 2013)

Francisco said:


> Is there still providers with their SolusVM's disabled?
> 
> 
> Or has everyone enabled theirs now?
> ...


Still got it disabled here.


----------



## Damian (Aug 29, 2013)

Public access disabled for us.


----------



## Francisco (Aug 29, 2013)

@Damian - I'm assuming you just use the WHMCS module to give most controls?

Francisco


----------



## Damian (Aug 29, 2013)

Francisco said:


> @Damian - I'm assuming you just use the WHMCS module to give most controls?
> 
> 
> Francisco


We're using the broken-ass ModulesGarden Solus module. It's very broken-ass, but one of the benefits over the Solus-provided module is that it has a mechanism for console access, which means we could continue to sell KVMs and people could set up their OS on them. The module doesn't show KVM ISOs, only KVM templates, so I have a KVM server sitting in San Diego with absolutely no clients on it because I can't provide them with a good interface to set up their shit. FML.


----------



## Aldryic C'boas (Aug 29, 2013)

Guessing they use ioncube on their source?


----------



## sv01 (Aug 29, 2013)

Francisco said:


> Is there still providers with their SolusVM's disabled?


handsomehost (hudsonvalleyhost) one of them


----------



## Nick_A (Aug 29, 2013)

Yeah I wanted to use that ModulesGarden mod but it seemed like too much of a hassle.


----------



## Francisco (Aug 29, 2013)

Damian said:


> We're using the broken-ass ModulesGarden Solus module. It's very broken-ass, but one of the benefits over the Solus-provided module is that it has a mechanism for console access, which means we could continue to sell KVMs and people could set up their OS on them. The module doesn't show KVM ISOs, only KVM templates, so I have a KVM server sitting in San Diego with absolutely no clients on it because I can't provide them with a good interface to set up their shit. FML.


Well, for what it's worth Solus does provide KVM templates for free. There isn't Windows, but at least all linux sides are covered 

http://tdn.solusvm.com

Some of them are broken and i've had to help a few people fix them but it's a good starting point.

Francisco


----------



## shovenose (Aug 31, 2013)

The ModulesGarden module gave me a ton of greif and they were useless at helping - but after I defined port number after IP and hostname in WHMCS server settings it suddenly started working.

Haven't found anything broken - it seems to work quite well. On the OpenVZ side of things, at least.


----------



## Francisco (Aug 31, 2013)

shovenose said:


> The ModulesGarden module gave me a ton of greif and they were useless at helping - but after I defined port number after IP and hostname in WHMCS server settings it suddenly started working.
> 
> Haven't found anything broken - it seems to work quite well. On the OpenVZ side of things, at least.


So have they released a new version since the last one?

They did a bug fix release but from what Damian was saying it was still quite broken.

Oh, and welcome back.

Francisco


----------



## shovenose (Aug 31, 2013)

Francisco said:


> So have they released a new version since the last one?
> 
> 
> They did a bug fix release but from what Damian was saying it was still quite broken.
> ...


Thank you.

I am not sure if it is the "new" version but all I know is so far 0 obvious bugs, and me and a friend spent an entire day testing it. It's not the most beautiful thing in the world but it's really nice having it integrated into WHMCS.


----------



## SkylarM (Aug 31, 2013)

Did they ever fix the awful username bit? It would generate at random (IE 827c5bd3a21c5c6) and would make a new username per VPS even if it's the same client


----------



## shovenose (Aug 31, 2013)

SkylarM said:


> Did they ever fix the awful username bit? It would generate at random (IE 827c5bd3a21c5c6) and would make a new username per VPS even if it's the same client


Why does it matter? The client will never need to log in to SolusVM. If you want to know which customer a VPS belongs to you can just search it in WHMCS.

Another awesome feature is that if the customer changes the hostname of the VPS from WHMCS it also updates it in the services list for the customer. Previously, it would change it on the VPS and in SolusVM but not in WHMCS.


----------



## SkylarM (Aug 31, 2013)

shovenose said:


> Why does it matter? The client will never need to log in to SolusVM. If you want to know which customer a VPS belongs to you can just search it in WHMCS.
> 
> Another awesome feature is that if the customer changes the hostname of the VPS from WHMCS it also updates it in the services list for the customer. Previously, it would change it on the VPS and in SolusVM but not in WHMCS.


There are plenty of reasons to keep things tidy, how about when you opt to give access back to SolusVM when you get sick and tired of manually doing rDNS or other basic features that the WHMCS module doesn't do without forking out more money for a separate, equally meh module.


----------



## shovenose (Aug 31, 2013)

SkylarM said:


> There are plenty of reasons to keep things tidy, how about when you opt to give access back to SolusVM when you get sick and tired of manually doing rDNS or other basic features that the WHMCS module doesn't do without forking out more money for a separate, equally meh module.


Good point, but I don't think this is going to be a major problem. Customers still had to open a ticket for rDNS when we had SolusVM, because it's controlled by the datacenter, so I had to open a ticket with them every time too.


----------



## SkylarM (Aug 31, 2013)

shovenose said:


> Good point, but I don't think this is going to be a major problem. Customers still had to open a ticket for rDNS when we had SolusVM, because it's controlled by the datacenter, so I had to open a ticket with them every time too.


Oh well yeah if you didn't get rDNS delegated from your provider then it's a moot point.


----------



## Jack (Aug 31, 2013)

shovenose said:


> Good point, but I don't think this is going to be a major problem. Customers still had to open a ticket for rDNS when we had SolusVM, because it's controlled by the datacenter, so I had to open a ticket with them every time too.


Most US providers will actually delegate small subnets for you.


----------

