[FREE] XSLOVZ - WHMCS module to control OpenVZ node via ssh2 extension

Discussion in 'Coding, Scripting & Programming' started by Mohammed H, Feb 25, 2015.

  1. Mohammed H

    Mohammed H New Member

    16
    5
    Feb 18, 2015
    Hi There,

    this module was developed in 2013. I wanted to share it with you so we can all benefit from it. and may be extend it.

    Description :

    This is a server provisioning module made for WHMCS. it can help server administrators or VPS server providers to Create, Terminate, Suspend, Unsuspend containers on remote nodes using php ssh2 extension.

    Features :

    • Create, Terminate, Suspend, Unsuspend Containers remotely.
    • Count bandwidth through external perl script (included in repo) and save bandwidth stats in database to count overusage bandwidth.
    • Display basic stats like current HDD, Memory, Bandwidth for your clients.
    • Clients have the ability to Reboot, Shutdown, Boot, their containers.
    • Admins have the ability to Suspend, Unsuspend, Add extra IPs.
    Tutorials and Installation

    Github :

    https://github.com/mohammedhs/XSLOVZ

    I hope that community will report bugs/security issue and feedback to extend it's functionality.
     
    Last edited by a moderator: Feb 25, 2015
  2. KuJoe

    KuJoe Well-Known Member Verified Provider

    1,761
    1,318
    May 17, 2013
    Suggestions:


    Don't run commands as root (use sudo).


    Don't use password authentication.


    Don't use default port 22.


    I'm on my phone so I only looked at a few lines of code but I'll look over the rest when I get back to my PC tonight.
     
    PortCTL and Mohammed H like this.
  3. Mohammed H

    Mohammed H New Member

    16
    5
    Feb 18, 2015
    Hello,

    yes that's true for normal servers. but for OpenVZ nodes I prefer to lock it down using iptables and allow only sysadmin IP and server hosting WHMCS to access it.
     
  4. KuJoe

    KuJoe Well-Known Member Verified Provider

    1,761
    1,318
    May 17, 2013
    Lock it down with SSH and limit the commands WHMCS can run. Right now your WHMCS can wipe your whole server when it doesn't need that kind of access. Even if people outside can't get to it, one wrong WHMCS exploit and they just rooted your OpenVZ nodes also. You can't secure WHMCS so the best you can do is limit the damage it can cause. ;)
     
  5. HalfEatenPie

    HalfEatenPie The Irrational One Retired Staff

    2,890
    1,385
    Mar 25, 2013
    HalfEatenPie
    I totally get where you're coming from, but that's not enough.  Considering scenarios when WHMCS is compromised what @KuJoe said is pretty spot on.  No need to over-extend your WHMCS's server permissions.  Just let it do what it needs to do and nothing more.  

    I'm not saying this is bad, but it could always be much better.  
     
    Last edited by a moderator: Feb 25, 2015
    Mohammed H likes this.
  6. Mohammed H

    Mohammed H New Member

    16
    5
    Feb 18, 2015
    @KuJoe, @HalfEatenPie

    you are correct. I updated the repo with new version that have sudo enabled. and I will update Installation docs on how configure it.

    thanks for your suggestions I'm sure it will help the community.

    if you guys have any further suggestions. I'm open for any of them :)

    Highest Regards

    Mohammed H
     
    HalfEatenPie likes this.
  7. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,709
    May 13, 2013
    I am encouraged by the open contribution Mohammed H  and encouraged by the constructive criticism.

    Looks like a needed / good project and with some improvements, perhaps a viable alternative.   

    Kudos to all of you.
     
    k0nsl and Mohammed H like this.
  8. PortCTL

    PortCTL New Member

    42
    20
    Feb 11, 2015
    Yeah, uhm, using root credentials... bad idea.

    Use SSH keys and a different SSH port, additionally, if you setup IPTables to only whitelist your staff ips, then it'd be much more secure.
     
  9. Mohammed H

    Mohammed H New Member

    16
    5
    Feb 18, 2015
    Hi there,

    just wanted to let people who use this module that v1.1 has been released and has some bugfixes and new features :

    • Ability to limit traffic per package/per container.
    • Better way to remove container IPs.
    kindly check the announcement for info and notices about upgrade.

    Highest Regards
    Mohammed H
     
  10. iWF-Jacob

    iWF-Jacob New Member Verified Provider

    160
    43
    Jan 27, 2014
    Is it just me, or does Avast flag your site (www.xsltel.com) as URL:Mal?
     
  11. Mohammed H

    Mohammed H New Member

    16
    5
    Feb 18, 2015
    @iWF-Jacob

    yes some users reported same issue. its apparently a false-positive I already in contact with avast lab to discuss the reason of the block.

    Highest Regards

    Mohammed H
     
    iWF-Jacob likes this.
  12. Jalal Hoseini

    Jalal Hoseini New Member

    1
    0
    Aug 22, 2017

    Attached Files: