Welcome Guest. Please Login or Register  


You are here: Index > Webuzo > General Support > Topic : Security update



Threaded Mode | Print  

 Security update (9 Replies, Read 3870 times)
peopleinside
Group: Member
Post Group: Super Member
Posts: 1394
Status:

Open source, web and security passionate
Hi,
as some user of webuzo are user who are not able to manage VPS,
should not webuzo have a function who alert the user when there is new version of php, Apache or mysql avaiable?

Also before user remove and install the new version from webuzo is very important to have a tool of backup.. so if something are wrong user can go back.


-----------------------
PeopleInside  :angel:

Web, security, open source passionate.
IP: --   

Security update
peopleinside
Group: Member
Post Group: Super Member
Posts: 1394
Status:

Open source, web and security passionate
I have see there is from few month new version of PhpMyAdmin, i have to wait Webuzo will update it?

Phpmyadmin must be updated from webuzo? Is not as apache and php who you have to update from webuzo mannually?
Thanks.


-----------------------
PeopleInside  :angel:

Web, security, open source passionate.
IP: --   

Security update
peopleinside
Group: Member
Post Group: Super Member
Posts: 1394
Status:

Open source, web and security passionate
I can see the last BIND version in webuzo acctually today is Version : 9.3.6-20.P1 

there are ISC BIND Query Processing Denial of Service Vulnerability
Affected Software:

BIND 9.x before 9.7.6-P3

BIND 9.8.x before 9.8.3-P3

BIND 9.9.x before 9.9.1-P3

BIND 9.4-ESV before 9.4-ESV-R5-P1

BIND 9.6-ESV before 9.6-ESV-R7-P3

so are webuzo give atenction to security?


-----------------------
PeopleInside  :angel:

Web, security, open source passionate.
IP: --   

Security update
peopleinside
Group: Member
Post Group: Super Member
Posts: 1394
Status:

Open source, web and security passionate
Please help me to understand better this ..

I see Plesk panel for example for manage VPS ensures that a server managed by this panel still be secure because integrate modsecurity configured, no needs to be configured for be protected and other tool like Fail2Ban Outbound antispam for not be blacklisted and for protect server to be used as spam . ecc.

Webuzo plan to be more strong in securty or not?
I see phpmyadmin is not updated and the last version installed on webuzo has security issue of cross scripting, BLIND is old version with security issue, there are not antispam protection.. Nigix is old version

So as customer of webuzo I am worried about security of my VPS.. please let me know i can be ok with webuzo and my VPS can be secure without i'm an expert of security and SSH or other languages.

-----------------------
PeopleInside  :angel:

Web, security, open source passionate.
IP: --   

Security update
valley
Group: Webuzo Team
Post Group: Super Member
Posts: 1644
Status:
Quote From : peopleinside July 29, 2014, 3:11 pm
I have see there is from few month new version of PhpMyAdmin, i have to wait Webuzo will update it?

Phpmyadmin must be updated from webuzo? Is not as apache and php who you have to update from webuzo mannually?
Thanks.


phpMyAdmin will be updated with the update of MySQL package.
We shall make it available ASAP.


-----------------------
Webuzo : Single User Control Panel
Join Webuzo :
Facebook
Twitter

IP: --   

Security update
peopleinside
Group: Member
Post Group: Super Member
Posts: 1394
Status:

Open source, web and security passionate
Phpmyadmin before version 4.1.7 seems to be affected from vulneravility of cross scripting.

Question1
How to know with version i'm using of FTP? (just for understand if i have to update)

Question2
OpenSSL is updated automatically from webuzo or i have to update?

Question 3
Mod ssl is to update (i have to check if there is update) or is automatically updated from webuzo?

Question 4
mod_wsgi and Python is automatically updated by webuzo or i have to check and update?

************************************************************
The problem is: i want work for have my VPS secure and updated. With webuzo i don't understand when there is new version of php or apache. I'm not informed so i have to check manually all time because mysql and this other components don't update automatically so i think will be good add an update security panel where user can check all the necessary update to do mannually (if is not performed automatically from webuzo) for keep the server secure and updated. Please what do you think about this?

Security is the most important think.

So now i don't understand after have update php, Apache, Mysql (the current last version of phpmyadmin seem to have vulnerability), Blind (the last version on webuzo is old and with vulnerability) what i should update now?

Thanks.
In future i hope security can be more easy to understand also in your website home of webuzo can show Webuzo is secure and keep itself server secure and updated - if can't update something alert the user to update and have all necessary update in a panel of webuzo where user can check if VPS are all updated and secure as necessary or needs update).

Thanks.



-----------------------
PeopleInside  :angel:

Web, security, open source passionate.
IP: --   

Security update
valley
Group: Webuzo Team
Post Group: Super Member
Posts: 1644
Status:
We shall surely implement this soon.

-----------------------
Webuzo : Single User Control Panel
Join Webuzo :
Facebook
Twitter

IP: --   

Security update
peopleinside
Group: Member
Post Group: Super Member
Posts: 1394
Status:

Open source, web and security passionate
Thanks,
Can you (please ) reply to question 1 about ftp and other number questions? Thanks


-----------------------
PeopleInside  :angel:

Web, security, open source passionate.
IP: --   

Security update
valley
Group: Webuzo Team
Post Group: Super Member
Posts: 1644
Status:
Quote
Question1
How to know with version i'm using of FTP? (just for understand if i have to update)



Code
Root >
/usr/local/apps/pureftpd/sbin/pure-ftpd --help
pure-ftpd v1.0.36 [privsep]


Quote
Question2
OpenSSL is updated automatically from webuzo or i have to update?


The heart-bleed fix was provided forcefully to all users on the version update.
OpenSSL updates are also released.
Current version provided : 1.0.1h

Question 3

Quote
Mod ssl is to update (i have to check if there is update) or is automatically updated from webuzo?

It is packaged with Apache and related binaries.
Not updated automatically.


Question 4

Quote
mod_wsgi and Python is automatically updated by webuzo or i have to check and update?

Not updated automatically.

Upgrade utility for system applications is not available at the moment.
Only way to have the new version is to remove and install the particular system application.
Please take a backup of configuration changes if any before performing the action.

Hope it helps \m/


-----------------------
Webuzo : Single User Control Panel
Join Webuzo :
Facebook
Twitter

IP: --   

Security update
peopleinside
Group: Member
Post Group: Super Member
Posts: 1394
Status:

Open source, web and security passionate
Thank you

Quote
Upgrade utility for system applications is not available at the moment.
Only way to have the new version is to remove and install the particular system application.
Please take a backup of configuration changes if any before performing the action.


Ok there are not upgrade and i don't know if it's possibile to have in future but there are not also one panel where check if server are upadte like apache, mysql, php all in one panel who check for important update and when it found let the user know where update.


-----------------------
PeopleInside  :angel:

Web, security, open source passionate.
IP: --   

« Previous    Next »

Threaded Mode | Print  



Jump To :


Users viewing this topic
1 guests, 0 users.


All times are GMT. The time now is March 19, 2024, 11:49 am.

  Powered By AEF 1.0.8 © 2007-2008 Electron Inc.Queries: 11  |  Page Created In:0.023