How secure is vestacp?

I am sorry to ask this question here, I was not able to register at vestacp forum (They use some strange questions instead of a simple captcha).

My servers are centos, as far as I know Hestia doesnt work on centos.

How Vestacp is secure? Vestacp isnt receiving any update

I only use it to do
-Install SSL
-Check server load and Bandwidth in graph
-Sometimes checking if any email is going out of server.

I havent installed any apps (softaculous)

VestaCP is not safe it has multiple security issues. Switch to Debian/Ubuntu and install HestiaCP

Other option: GitHub - madeITBelgium/vesta: VESTA Control Panel at least it is more up to date…


Is there any other free centos control panel?

Can some one confirm this?

All these bugs required hacker to have a user in vestacp. I mean if I am the only user in vestacp, I am safe?

No, There are several bug that work without root access. How ever I don’t know what have been patched or not. I recommend to not install it. Very easy it is not developed at the moment.

For alternatives for VestaCP on CentOS I don’t know I don’t use CentOS…

You’re in the hestiacp forum here, the fact that you were not able to register at vesta forum should be already enough proof, that the project is dead. Most of the issues are root escalation issues, some are potential phishing attack - both combined = you’re fucked.

Vesta isnt maintained anymore, so it’s your decission to switch or not :slight_smile:.


Why do you specifically need CentOS if the panel takes care of everything you need?

Switch to HestiaCP in Ubuntu and you will have our full respect for that.

1 Like

That! Especially after the bad developments with the project :frowning: ?

1 Like

We just recived an notification for a possible security issue with Vesta

1 Like

They seem to be pushing a update tomorrow I think it is, I don’t know what the updates about but I do agree it’s very insecure and best left alone, there is one guy that pushes the odd update but it’s not often, infarct on gihib you can see when merges happen and it’s not often

Stick with hestiacp, the Dev team is awesome, pushes out regular patches and updates.
The forum support is top notch, documentary is great.

Hestiacp is used in commercial and personal systems (I run it personally to host my 2 websites and it’s easier than doing it manually) also hestiacp and the Devs been so awesome have seen me wanting to learn PHP etc etc…

Just my thoughts like

Honestly, nothing will happen. He wrote that also months ago…

Just in a small addition to the thread: expired · Issue #2060 · serghey-rodin/vesta · GitHub

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.