[FREE] XSLOVZ - WHMCS module to control OpenVZ node via ssh2 extension

Mohammed H

New Member
Hi There,

this module was developed in 2013. I wanted to share it with you so we can all benefit from it. and may be extend it.

Description :

This is a server provisioning module made for WHMCS. it can help server administrators or VPS server providers to Create, Terminate, Suspend, Unsuspend containers on remote nodes using php ssh2 extension.

Features :

  • Create, Terminate, Suspend, Unsuspend Containers remotely.
  • Count bandwidth through external perl script (included in repo) and save bandwidth stats in database to count overusage bandwidth.
  • Display basic stats like current HDD, Memory, Bandwidth for your clients.
  • Clients have the ability to Reboot, Shutdown, Boot, their containers.
  • Admins have the ability to Suspend, Unsuspend, Add extra IPs.
Tutorials and Installation

Github :

https://github.com/mohammedhs/XSLOVZ

I hope that community will report bugs/security issue and feedback to extend it's functionality.
 
Last edited by a moderator:

KuJoe

Well-Known Member
Verified Provider
Suggestions:


Don't run commands as root (use sudo).


Don't use password authentication.


Don't use default port 22.


I'm on my phone so I only looked at a few lines of code but I'll look over the rest when I get back to my PC tonight.
 

Mohammed H

New Member
Hello,

yes that's true for normal servers. but for OpenVZ nodes I prefer to lock it down using iptables and allow only sysadmin IP and server hosting WHMCS to access it.
 

KuJoe

Well-Known Member
Verified Provider
Lock it down with SSH and limit the commands WHMCS can run. Right now your WHMCS can wipe your whole server when it doesn't need that kind of access. Even if people outside can't get to it, one wrong WHMCS exploit and they just rooted your OpenVZ nodes also. You can't secure WHMCS so the best you can do is limit the damage it can cause. ;)
 

HalfEatenPie

The Irrational One
Retired Staff
Hello,

yes that's true for normal servers. but for OpenVZ nodes I prefer to lock it down using iptables and allow only sysadmin IP and server hosting WHMCS to access it.
I totally get where you're coming from, but that's not enough.  Considering scenarios when WHMCS is compromised what @KuJoe said is pretty spot on.  No need to over-extend your WHMCS's server permissions.  Just let it do what it needs to do and nothing more.  

I'm not saying this is bad, but it could always be much better.  
 
Last edited by a moderator:

Mohammed H

New Member
@KuJoe, @HalfEatenPie

you are correct. I updated the repo with new version that have sudo enabled. and I will update Installation docs on how configure it.

thanks for your suggestions I'm sure it will help the community.

if you guys have any further suggestions. I'm open for any of them :)

Highest Regards

Mohammed H
 

drmike

100% Tier-1 Gogent
I am encouraged by the open contribution Mohammed H  and encouraged by the constructive criticism.

Looks like a needed / good project and with some improvements, perhaps a viable alternative.   

Kudos to all of you.
 

PortCTL

New Member
Yeah, uhm, using root credentials... bad idea.

Use SSH keys and a different SSH port, additionally, if you setup IPTables to only whitelist your staff ips, then it'd be much more secure.
 

Mohammed H

New Member
Hi there,

just wanted to let people who use this module that v1.1 has been released and has some bugfixes and new features :

  • Ability to limit traffic per package/per container.
  • Better way to remove container IPs.
kindly check the announcement for info and notices about upgrade.

Highest Regards
Mohammed H
 
Top