Recent content by Me.B

BUT it's already fixed since month's !! this affect the old release. You always react like we don't issue patches. I just pointed the limit of the current solution. Replacing with a sed the temp directory in /etc/my.cnf will avoid customers troubles and save your time dealing with ranting...

The main problem is over mysql. so avoid breaking it we might change default mysql temp folder to /var/temp. This would allow 666 /tmp without side effects. Did you notice guys the user running the process? We could ban apache executing there too? We are trying our best to help over this. M B

Take care /tmp permission is bringing down mysql for zpanel users.  Got yesterday many reports over that and users only solution is flipping back permissions. We need to collaborate: See here...

Great hack but I can provide you with paths to delete if you want. Or more interesting ways to check zpanel version. Notice zpanel use also those temp directories: /var/zpanel/temp   and    /etc/zpanel/panel/etc/tmp   M B

This is custom enhanced .htaccess, you should advice zpanel users to set and this will limit much of the possible damage.   Also roundcube shipping with 10.1.0 have an RCE so it need to be updated. M B

Hi, Could check zpanel they are running. The reports we got it try to hack old zpanel 10.1.0 that we released security patch. Zpanel used pchart2 lib that had 0 day flaw. So we updated zpanel. And seem now hackers 2 month's later use our security notice to hack zpanel again. I would apreciate...

@HalfEatenPie You didn't read the announcement section neither saw zpanel news module SIR. I don't say people must patch it them self. IT would be totally idiot. I said in emergency mode you could. I saw report over roundcube problem, so I patched it. May be by patch you expect an autoupdate...

 Forum was not directly hacked but they gained access over a user server first. Notice the zpanel team didn't build the forum as this totally hilarous! We were using VBulletin and now myBB as you will notice and no hacks. Here I paste the statement and at least you could add to the list zpanel...

@HalfEatenPie Got your point. Testing currently sandboxing ALL theme folder in lower permissions.  And I've been thinking my self about sandboxing more stuff as in my own setup I don't run webmail on zpanel host, I will check it and might submit this to the team so we make some changes. Adding...

Great here at least we agree. BUT you must too agree WP/ Joomla/PHPbb and all alike are a big mess, especially when you get them with newbies that won't update anything. I'm in hosting biz since over a decade and I still fight with this CMS mess all the day, had to shutdown customers all the...

And to be a bit rude here. I don't care if you want to use Zpanel or not. It's not the issue. I just want facts and security reports/advises from experts over what we could improve in security or what we missed so we can beef up security. All those I confronted bashing zpanel none had pointed...

Thanks. But to make it clear the old nag over zpanel theming system is totally out of context. 1. Themes now use bootstrap and no one can add them thru the panel you should go manually and upload the files. 2. ALL The panel have phpexec enabled, AS it's a panel and need to execute external...

See here how Zpanel is trashed with bad faith: http://www.liatsisfotis.com/2014/01/multiple-vulnerabilities-in-zpanel-1002.html Post date 1/January while he claim this got unpatched for 10 month's until 10.1.1. That's totally wrong as we got before 10.1.0 released 4-8-2013 !  While emergency...

It would be a very good point if you were really using Zpanel not just looking for argument to say those stupid guys don't take security seriously! In Zpanel you have already a module zpanel news reading RSS from announcement section. So you will see the new annoncement then you would go to the...

So check here: http://forums.zpanelcp.com/Forum-News-Announcements--36 I don't have any gain from cheating here... I don't care for my ego as I'm not the main developer here but mainly more a user. We got a report over pchart bug  http://www.pchart.net/advisory A zpanel user pointed it...