drmike
100% Tier-1 Gogent
vePortal has known about the flaws for six months now and hasn't taken any real steps into getting them resolved. There are so many flaws in the product that we actually stopped doing any further testing because it was just pointless. Given the current state of BurstNET, the odds of vePortal being fixed sooner than later looks unlikely.
Worst of all, the attackers do not even need an account within vePortal to take over the master node! We're talking full admin / root access using a handful of different attack vectors in a matter of seconds to anyone with the slightest bit of knowledge. Hands down, one of the worst software we have ever looked over in terms of security.
Suggestion:
Switch to a VPS panel that knows what they are doing. A few suggestions that come to mind: HostGuard, SolusVM, ProxMox, Parallels... just anything! The big concern here is that if someone malicious goes after vePortal and publishes the details or silently exploits them, there will be no work arounds or quick fixes to protect you. Act now before it's too late.
Ongoing Discussion via WHT:
http://www.webhostingtalk.com/showthread.php?t=1362136
Worst of all, the attackers do not even need an account within vePortal to take over the master node! We're talking full admin / root access using a handful of different attack vectors in a matter of seconds to anyone with the slightest bit of knowledge. Hands down, one of the worst software we have ever looked over in terms of security.
Suggestion:
Switch to a VPS panel that knows what they are doing. A few suggestions that come to mind: HostGuard, SolusVM, ProxMox, Parallels... just anything! The big concern here is that if someone malicious goes after vePortal and publishes the details or silently exploits them, there will be no work arounds or quick fixes to protect you. Act now before it's too late.
Ongoing Discussion via WHT:
http://www.webhostingtalk.com/showthread.php?t=1362136
