Welcome Guest. Please Login or Register  


You are here: Index > Webuzo > General Support > Topic : 6 Years of Experience with Webuzo :(



Threaded Mode | Print  

 6 Years of Experience with Webuzo :( (4 Replies, Read 732 times)
foreverme
Group: Member
Post Group: Newbie
Posts: 16
Status:
This was intended as a reply to my previous post where the update broke my server but I thought I should share it more widely to make people aware.
6 years with webuzo.
I know it from inside out, it’s never been a 1 click install, even had to reverse engineer at some point. It’s just not cool to break a production server running for 3 years without issues with webuzo. Thank god for enterprise backups. Thank god also I never do automatic updates for webuzo and this time it installed modules like Zlib and GD without any backups or restore options like other apps (php nginx etc.).

That is why even with a premium license I manually install most apps. Because webuzo is boss, on any update it overwrites CSF rules, PHP rules, Nginx rules etc. Even when CSF updates itself via CSF –u –u[/b] it merges the changes on the .conf  but webuzo doesn’t care.

This is the routine, for every PHP update,
1.    I have to compare php.ini / merge changes,
2.    set env[PATH] to /usr/local/apps/php56/etc/php-fpm.conf because Owncloud or NextCloud errors out,
3.    check if php-fpm ports have changed and apply changes to Nginx install.

How do you expect any type of security when the Nginx domain template is 5 lines from webuzo, when my NextCloud domain alone config is 128 lines of code, created following template from the provider. Every webuzo update, I have to overwrite settings, delete cron jobs hidden in many places (some are even Zend protected but I have identified which). And finally delete the “emp” user who has no business on my server.
IP: --   

6 Years of Experience with Webuzo :(
alons
Group: Administrator
Post Group: Super Member
Posts: 2254
Status:
Hi,

Thanks for posting your feedback.

Quote
How do you expect any type of security when the Nginx domain template is 5 lines from webuzo, when my NextCloud domain alone config is 128 lines of code, created following template from the provider.


Nginx / Webserver are not meant to be edited by users.
If you need to upload custom configuration, Webuzo has utilities to do it on a per domain based.

Likewise many updated confs are re-written when updates are pushed. Its meant to simplify it for users who don't know how to maintain confs.

Regards

-----------------------
For immediate support please email us at our Support email address. PMs sent to any Softaculous Team member or posting in the forums is not the official way to get support.

Virtualizor - The Next Generation VPS Panel
Webuzo - It is Softaculous Standalone for Enterprises, SMB, Developers. Deploy it on Dedicated Servers, VPS, Virtual Appliances or the Cloud
Pinguzo - Server and Domain Monitoring tool
PopularFX - Marketplace of WordPress, Drupal, Joomla, Bootstrap themes
Remote Installer - Use Softaculous over FTP/FTPS/SFTP
IP: --   

6 Years of Experience with Webuzo :(
foreverme
Group: Member
Post Group: Newbie
Posts: 16
Status:
So those of us who know how to maintain configs are not welcome here? or shouldn't consider webuzo?
On the bright side, I have learned most of linux and server configs because of webuzo. Because webuzo wasn’t maintaining them properly I had to teach myself how.

And for novice users, they don’t care about security? Or install apps open to vulnerabilities because of the plain configs you provide. Just consider how appealing webuzo is for small businesses who need basic features and gui installs because they lack corporate resources, this is how you protect the weak and the vulnerable. Just let them be for the sake of convenience.

I’m pointing all this out because I know you are amazingly capable. Look how well you secure yourself, it is incredible, the security in softaculous services and apps (php files) is mind-blowing and im talking without them being in an encrypted state as they are distributed.

At the same time, thinking back over the years, I would have easily quit linuxing if webuzo wasn’t so easy to use in the beginning, so I agree with you about the sophistication level of configs but users should be aware about using click installs for production purposes.
IP: --   

6 Years of Experience with Webuzo :(
radwebhosting
Group: NOC
Post Group: Newbie
Posts: 18
Status:
I can sympathize with your loss and struggle, but why even push the update? If everything is good on the server and you are not at risk of any exploits, why mess with it?

I may not be the best one to speak on the subject...All softwares are always pushing untested updates onto the "Stable" branch well-before I would personally consider them to be stable. That being said, I've had my share of difficulties with some other softwares to a much greater extent than any Softaculous product...I do feel as though Softaculous products are generally some of the soundest code to hit the "Stable" branches.

I also commend them on constantly started brand new projects from scratch (deskuss looks just right for a lot of helpdesk applications). I have perfected the art of server restoration from backup in response to faulty software updates that shouldn't be pushed to production environments, but I also see a lot more of that with other organizations...Just my two cents, man.

-----------------------
RAD WEB HOSTING
Custom Dedicated Servers
IP: --   

6 Years of Experience with Webuzo :(
foreverme
Group: Member
Post Group: Newbie
Posts: 16
Status:
You have to push updates man, do you see what’s going on out there. Equifax got hacked yesterday…
You are right Softaculous is pretty stable, I am just saying that a few modification or additional options for advanced users would make it great.
I’m not worried about backups either, I use Acronis Enterprise and I do a full drive image daily, which helped me restore when this happened. But still, I had to hear so much crap from Accounting when they had to redo 4 hours worth of work in Quickbooks after they were restored.
I think users should be more aware and research their application setup procedure before they do the 1 click install from webuzo. But webuzo in itself is very secure, last vulnerability reported was 2013 v2.1.3, that’s very hard to beat compared to others. https://www.exploit-db.com/exploits/31982/
IP: --   

« Previous    Next »

Threaded Mode | Print  



Jump To :


Users viewing this topic
1 guests, 0 users.


All times are GMT. The time now is February 19, 2018, 9:51 am.

  Powered By AEF 1.0.8 © 2007-2008 Electron Inc.Queries: 11  |  Page Created In:0.169