vePortal security alert

Discussion in 'The Pub (Off topic discussion)' started by drmike, Mar 31, 2014.

  1. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    vePortal has known about the flaws for six months now and hasn't taken any real steps into getting them resolved. There are so many flaws in the product that we actually stopped doing any further testing because it was just pointless. Given the current state of BurstNET, the odds of vePortal being fixed sooner than later looks unlikely.

    Worst of all, the attackers do not even need an account within vePortal to take over the master node! We're talking full admin / root access using a handful of different attack vectors in a matter of seconds to anyone with the slightest bit of knowledge. Hands down, one of the worst software we have ever looked over in terms of security.

    Suggestion:

    Switch to a VPS panel that knows what they are doing. A few suggestions that come to mind: HostGuard, SolusVM, ProxMox, Parallels... just anything! The big concern here is that if someone malicious goes after vePortal and publishes the details or silently exploits them, there will be no work arounds or quick fixes to protect you. Act now before it's too late.

    Ongoing Discussion via WHT:


    http://www.webhostingtalk.com/showthread.php?t=1362136
     
  2. Lorne

    Lorne New Member

    13
    0
    Mar 30, 2014
    Virtualizor is worth a mention as well. Pretty shitty deal for all of those using vePortal.
     
  3. Virtovo

    Virtovo New Member Verified Provider

    362
    149
    Dec 19, 2013
    Can't imagine many are using it.  What was bursts involvement with it apart from using it?  The alert suggests it was developed by Burst?
     
  4. Packety

    Packety New Member

    28
    2
    Mar 26, 2014
    It is such a shame, cause the control panel isn't that bad  :/
     
  5. Francisco

    Francisco Company Lube Verified Provider

    2,476
    1,770
    May 15, 2013
    Not surprised.

    The platform went ages w/o many updates and didn't have working bandwidth accounting for how many

    years? Did it ever have working accounting?

    Francisco
     
  6. jarland

    jarland The ocean is digital

    873
    562
    Apr 4, 2013
    Burst owns it? I thought it was owned by some other quiet party with no apparent interest in it's continued commercial status, and I thought burst used Solusvm now.
     
  7. Francisco

    Francisco Company Lube Verified Provider

    2,476
    1,770
    May 15, 2013
    Only where they have to. They use VEPORTAL on everything OVZ as far as I know.

    I can't see burst suddenly going "I think dumping $4000/month into solus VM is a great idea!".

    VEPORTAL was born in the rush that came from HyperVM's literal death. Once that happened

    SolusVM completely changed their timelines, VEPORTAL got shart out in a weekend, & there

    was some russian made panel that I can't remember the name of.

    Francisco
     
    drmike and jarland like this.
  8. rsk

    rsk Active Member Verified Provider

    173
    27
    May 18, 2013
    eh Francisco .. selling stallion would get you some money ... :p