Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - earnolmartin

Pages: [1]
1
General / CRITCAL SECURITY FLAW - UPDATE IMMEDIATELY
« on: March 13, 2016, 04:29:02 pm »
Update to the latest version of EHCP Force immediately.  A security flaw has been identified where the MySQL root database password is revealed along with every MySQL user and password combination. 

The flaw was pre-existing in EHCP.  Thus, this flaw affects EHCP users as well!  I have notified the developer of EHCP regarding this flaw. 

Recommended actions (DO IN ORDER):

  • Update immediately to the latest version
  • Change MySQL root user password
  • Update /var/www/new/ehcp/config.php with new root MySQL user password
  • Change all MySQL user passwords via the panel as the admin account and inform your users!

To change your MySQL root user password, first connect to MySQL using your current root user's password like so:

Code: [Select]
mysql -uroot -p'YOURPASSWORDHERE'

Now, change the root user password by running the following:

Code: [Select]
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('MyNewPass');
flush privileges;

Now, update the root user password in the EHCP config:

Code: [Select]
sudo nano /var/www/new/ehcp/config.php

Connect to the panel using the admin account.  List MySQL databases.  Change the password for all users.  Update the applications with the latest password.

I apologize for the inconvenience this may have caused.  Believe me, I was not thrilled that I had to change 80+ database passwords on my own servers.

2
EHCP Force Edition Test Logs:

  • Full installation testing completed 2/29/2016 by earnolmartin on Ubuntu 15.10 x64.  Base nginx / apache2 webserver template changes were made to satisfy some changes made in the newest versions of phpmyadmin.  All features appear to be working properly.

EHCP Force Supported Versions of Ubuntu (x86 and x64):

The below supported Ubuntu versions have been tested thoroughly in the past.  For new versions of Ubuntu, the testing log above will be updated when a full installation test has been successfully completed for that version of Ubuntu.  Obviously, the below list will change since most versions of Ubuntu are not LTS and support for them ends after a specific date.

  • Ubuntu 15.10
  • Ubuntu 15.04
  • Ubuntu 14.04
  • Ubuntu 12.04
  • Ubuntu 10.04

3
After downloading official Ubuntu system updates and package updates, sometimes software that EHCP Force Edition relies on may stop working properly.  Maybe FTP connections no longer work, and your FTP client returns an error message from the server when you attempt to connect.  Perhaps apache2 stops working and outputs a syntax error.  Any issues that occurred after downloading official updates might be fixed by running the EHCP Force Edition update script.  The update script not only updates EHCP Force core files, but it also re-installs specific software packages that have been patched to work with our integration of EHCP and fixes various configuration settings to make sure your system will keep working properly. 

It is OK to run the update script more than once (your custom settings, domains, files, email, MySQL databases, and other EHCP settings will not be lost). 

To run the update script, please use the following commands:

Code: [Select]
sudo apt-get install subversion
cd ~/Downloads
if [ -e "ehcpforceupdate.sh" ]; then
    rm "ehcpforceupdate.sh"
fi
svn export "svn://svn.code.sf.net/p/ehcpforce/code/trunk/ehcpforce/ehcp/ehcpforceupdate.sh"
sudo bash "ehcpforceupdate.sh"


If your issue has not been solved after running the update script, please start a new topic in the Technical Help forum.

4
General / Need QA Testers
« on: August 26, 2014, 11:41:41 pm »
Hey Guys,

I'm adding some really cool, new features to EHCP Force Edition that I can't wait to share.  I've been testing these new features quite a bit, but I could really use some help.  While testing, I've also run into several other existing panel bugs that I hadn't noticed before.  I have fixed any errors that I personally have run into.  I'm also cleaning up the panel's UI.  There is a new highly customizable default theme that is coming to EHCP Force Edition soon.  It's really cool! 

But, I can't do everything myself, and it would be awesome if I could get anyone to volunteer to test and help me run QA operations.  Ideally, I would like to fix any problems that currently exist in the panel, from installation to functionality. 

If you run into a bug, please let me know how to reproduce it and how you think it should work.  This is a forked project.  Several bugs from the original code-base still exist.  If you think I'm aware of every possible little bug that exists, that couldn't be further from the truth.

I need everyone's help.  I want this panel to be a huge success, and I truly feel that this edition is better than the original.  The original is great, don't get me wrong, but EHCP Force Edition is the way it should work.  If anyone could leave feedback or reviews about this panel, that would also be extremely helpful.

Here's how you could help test EHCP:

  • Install VirtualBox
  • Create multiple virtual machines running different versions of Ubuntu (x86 and x64 editions).
  • Download the latest EHCP Force development code.
  • Install EHCP Force using the non-interactive mode when prompted during the initial installation phase.
  • Test features / see if everything works as expected.
  • Let me know about bugs, and I'll fix them!

Here's to hoping someone will be willing to help!

5
General / Update Log
« on: April 08, 2014, 06:53:24 pm »
EHCP Force Updates
Last Update:  November 2, 2017 (11/2/2017)



Things to Keep In Mind:

If updates are made to the base apache2 / nginx webserver templates, you may need to revert your Global Web Templates back to their defaults and then add your original changes and additions to benefit from the changes made in the base templates since database templates or domain specific templates take precedence over the base templates if configured.



Updates & Changes (November 2, 2017):
  • Redesigned SSL page to encourage users to use free Let's Encrypt SSL certificates.
  • Users can force HTTPS when the server is running in mixed HTTP and HTTPS mode if they use a certificate from Let's Encrypt or a custom one.
  • Various cleanup and enhancements.
  • UI improvements based on which features are enabled.
  • Minor bug fixes.
Post update operations: 

Login to the panel using the admin account so that the database structure will be updated.  On the home page, click on "Synchronize Domains".

This will fix SSL errors that were caused by the database structure not being up-to-date.

Updates & Changes (October 20, 2017):
  • Default allow all CORS requests.
  • Major security improvements and fixes.
  • Various cleanup and enhancements.
  • UI improvements based on which features are enabled. (picante theme only)
  • Better notification system for remote scheduled backup transfers.
  • Minor bug fixes.

Updates & Changes (September 20, 2017):
  • Added additional validation.
  • Update, upgrade, svn-update script is now in just one file.
  • Various cleanup and enhancements.
  • Better logging.
  • Use service instead of systemctl for greater compatibility on all systemd and non-systemd systems.

Updates & Changes (May 31, 2017):
  • Fixed custom and Let's Encrypt SSL bugs.

Updates & Changes (May 6, 2017):
  • Fixed Let's Encrypt automatic certificate renewal.

Updates & Changes (April 13, 2017):
  • Bug fixes.
  • Security enhancements in nginx

Updates & Changes (February 15, 2017):
  • Let's Encrypt SSL Certificate Integration and Support - Your domains can now be encrypted by free SSL certificates.  See The Video
  • SSL mixed mode has an option to default to using the server wide SSL default certificate for domains that don't have one configured or the SSL portion does not get included in the template at all.

Updates & Changes (January 15, 2017):
  • systemd scripts for EHCP and PolicyD if applicable for Ubuntu 16.04+
  • mod-security/mod-evasive cleanup
  • roundcube default mail server fix
  • Various bug fixes and changes.

Updates & Changes (December 7, 2016):
  • Minor security enhancements.
  • Minor bug fixes.
  • Default email client is now RoundCube (SquirrelMail can still be accessed via /webmail2)
  • Ubuntu 16.10 support.

Updates & Changes (July 30, 2016):
  • Added SpamHaus and SpamCop incoming email filtering to help reduce the number of spam email messages received and delivered by the server.

Updates & Changes (June 12, 2016):
  • Fixed bind9 issue during installation
  • Net2FTP and extplorer PHP 7.0 fixes and changes

Updates & Changes (May 5, 2016):
  • Fixed php-fpm bug for nginx (Ubuntu 16.04 specific)
  • Minor enhancements to picante theme

Updates & Changes (May 2, 2016):
  • Ubuntu 16.04 Support (x64 and x86)
  • MySQL to MariaDB seamless upgrade support (optional)
  • MariaDB is now the default DB option during installation
  • PHP 7 Compliance
  • Lots of bug fixes
  • Policyd / amavisd / spam assassin fixes
  • libpam-mysql replaced with libpam-python scripts in Ubuntu 16.04 since pam-mysql is broken... whereas pam-python is not.

Updates & Changes (March 29, 2016):
  • Minor security enhancements
  • Additional global template for password protected directories added.
  • Fixed PHP not working in password protected sub directories created under nginx.

Updates & Changes (March 13, 2016):
  • Several security changes.
  • UPDATE TO THIS VERSION ASAP!

Updates & Changes (March 4, 2016):
  • Enhancements made to Global Webserver Template functionality.
  • Added the ability to have a global template for the default enabled site (custom contents for /etc/nginx/sites-enabled/default or /etc/apache2/sites-enabled/default depending on the webserver)

Updates & Changes (February 29, 2016) Second Release:
  • Webserver apache2 / nginx base template changes for phpmyadmin functionality changes in Ubuntu 15.10

Updates & Changes (February 29, 2016):
  • Minor security changes
  • Logging changes for conglomerate access log so it shows the domain accessed in the log along with the request and referrer.
  • Changed conglomerate log name to have an extension of .log (/var/log/apache2/access_log_multi.log or /var/log/nginx/access_log_multi.log) so that logrotate will automatically process it daily.

Updates & Changes (February 18, 2016):
  • Template changes for nginx and apache
  • Configured password protected directories are now stored directly in the domain template instead of relying on and possibly overwriting .htaccess files.
  • /webstats directory for each domain is now password protected
  • New Global Domain / Subdomain Template Override Feature - Admin Only Operation - Manage Global Web Templates (Means changes to the default EHCP templates via updates will no longer overwrite any custom config you want for all domains and subdomains) - ?op=manageglobalwebtemplates
  • Lots of bug fixes
  • Changes made to template files to support the usage of base jQuery code.
  • Better input validation to prevent web server errors.
  • Logging changed and stored in "/var/log/apache2/access_log_multi" (for apache) and "/var/log/nginx/access_log_multi" for nginx
  • Fixed Slave BIND DNS issues
  • Other MISC fixes

Please see the following knowledge articles for possible issues after installing this update:

http://ehcpforce.tk/faq/index.php?sid=27500&lang=en&action=artikel&cat=4&id=10&artlang=en
http://ehcpforce.tk/faq/index.php?sid=27500&lang=en&action=artikel&cat=4&id=9&artlang=en

Updates & Changes (October 28, 2015):
  • Tons of nginx fixes
  • Trim issue in database causing some issues fixed.
  • New Custom Domain Server SSL Certificates Functionality
  • Other MISC fixes

Updates & Changes (August 24, 2015):
  • New:  extplorer file manager integration (url:  http://serverip/extplorer/)
  • Lots of Bug Fixes
  • FIXED:  Domain redirection for both apache2 and nginx

Updates & Changes (May 23, 2015):
  • NEW:  Ubuntu 15.04 x86 and x64 Support
  • NEW:  SystemD Init Support
  • New:  Create and define hosting plan templates.
  • New:  Create user accounts from hosting plan templates.
  • FIXED:  nginx php session handling
  • Enhanced:  Login functionality to redirect to desired operation post successful login if session timeout occurs and the admin or user is required to login again.
  • Enhanced:  Security changes to make the panel more secure
  • Enhanced:  Few picante theme changes and UI enhancements
To take advantage of the new EZ installation script functionality that actually works, please run this operation as admin:
http://{SERVERIP}/ehcp/index.php?op=updateinstallscriptsql

Updates & Changes (April 9, 2015):
  • FIXED:  Password protected directories now work correctly for both nginx and apache2
  • FIXED:  Easy install scripts now work properly.  There are currently 8 packages supported (MyBB, phpbb, Joomla, Wordpress, Drupal, phpCOIN, SMF, and more)
  • NEW:  UI Enhancements to make it easier to use the panel.
  • FIXED:  Template fixes for nginx and apache
  • FIXED:  Net2FTP works properly now thanks to some HTTPS fixes and permissions changes. 

Updates & Changes (January 21, 2015):
  • PHP 5.5.x minor fixes.
  • Webmail configuration is not overwritten during updates or upgrades.

Updates & Changes (January 5, 2015):
  • Latest version now using mysqli extension making EHCP Force Edition PHP 5.5.x compliant.
  • Ubuntu 14.10 VSFTPD Fix Now Inlcuded
  • EHCP Force Edition supports (QA Tested by Me) Ubuntu 14.10 x86 and x64
  • Fixed Apache2 SSL and Non-SSL Mixed Mode
  • Adjusted Apache2 templates.
  • Reworded some deletion functions.

Updates & Changes (December 11, 2014):
  • Fixed some fail2ban bugs.
  • Added support for postfix-sasl into fail2ban for all versions of Ubuntu.
  • Update hosts file fix for retrieving local IP address.
  • Fixed some of my original PHPMyAdmin mess.  It should be correct now. (You will have to redo all whitelisted IP addresses once for root MySQL login through PHPMyAdmin if you update)
  • Moved some install settings around.
  • Removed the original default theme (the new default is picante) which called ehcp.net for some reason.
  • Generic fixes
  • Some apache2 fixes which use Include instead of the newer IncludeOptional to maintain backwards compatibility for all Ubuntu versions.

Updates & Changes (November 29, 2014):
  • Enhanced the remote backup scheduling and backup scripts to log correctly what happens if the transfer of the backup fails.
  • Integrated all deb package fixes locally rather than pulling them from a web server.
  • Fixed some issues in Ubuntu 12.04 and Ubuntu 14.04.

Updates & Changes (October 28, 2014):
  • Changed the way the installer and upgrade/updater scripts work.
  • Fixed some installation bugs in latest run through of Ubuntu 14.04 testing.
  • Added server IP address in-front of backup name for scheduled remote backups so multiple backups from different servers should never have the same name.
  • More control over what gets installed.
  • Custom Apache VHOST Not Managed in the Panel along with Custom Ports Supported - See here.

Updates & Changes (October 7, 2014):
  • Faster account deletion that relies on recursion instead of you removing every domain one by one.
  • Resellers cannot create other resellers.
  • New - Master resellers (a new setting specified during account creation by admin) can create other resellers, but their resellers cannot create other resellers.
  • New - If a reseller account is deleted, all of its associated panel users, their domains, and settings are also deleted.
  • Bug fixes

Updates & Changes (Sept 9, 2014):
  • New Remote Backup Scheduling and Server Cronjob Functionality
  • New Picante Dynamic Theme
  • Bug fixes

Updates & Changes (May 2, 2014):
  • Email bugs dealing with ipv6 and pop-before-smtp fixed
  • mod security package bug has been fixed and should no longer keep Apache from running happily in Ubuntu 13.10-14.04
  • Additional minor changes and fixes / code cleanup

Updates & Changes (April 20, 2014):
  • New SSL-Only mode has been introduced in case you would prefer to only accept connections over https rather than mixed-mode SSL/NonSSL
  • apache2 SSL subdomain templates have been fixed
  • Ubuntu 14.04 is now supported and has been tested

Updates & Changes (April 8, 2014):
  • nginx SSL support has been added
  • apache2 SSL templates have been fixed
  • nginx integration has been fixed
  • Generic Fixes for Ubuntu 13.10
  • In advanced options, you can now switch between webserver software (choose between apache2 and nginx) - may take up to 30 seconds for changes to take effect
  • New pre-install script which can make installing EHCP Force a breeze without any prompts.

To Do:

Download  Latest Version Now

Please report all bugs and how to reproduce them!


6
Feature Requests / New Features
« on: November 02, 2013, 10:32:26 pm »
New Features
[/size]

Have a good idea or want EHCP to do something it doesn't already do?  If so, please create a new thread and post your ideas!

7
Bugs / Bug Reports
« on: November 02, 2013, 10:29:46 pm »
Bug Reports
[/size]

Please use this forum category to post bug reports.

If you notice anything not working properly that pertains to the panel software itself, please post a new thread including as much information as possible along with steps to reproduce your issue.

Please note that bug reports should only pertain to the actual panel software (the interface used to manage users, domains, email accounts, databases, etc).  For support regarding the services EHCP uses to make the web hosting control panel work (such as Apache2 and VSFTPD), please post in the technical help forum.


8
Technical Help / Need Help?
« on: November 02, 2013, 10:25:15 pm »
EHCP Force Edition Help

If you need help with EHCP Force Edition, please create a new thread and include as much information as possible.  Before we can help, we need to understand what it is you're trying to do and what steps you've already taken (if any) to assist in answering your question(s).  Please proof-read before posting. 

It is recommend that you search our knowledge base and forum to see if your question has already been answered before posting a new thread.

Also, consulting the oracle (also known as Google) is recommended and a great source of information. 

9
General / EHCP Force Edition :: Introduction
« on: November 02, 2013, 10:13:11 pm »
EHCP Force Edition

What is EHCP Force Edition?

EHCP stands for "Easy Hosting Control Panel".  The EHCP Force Edition is a fork of the original EHCP.

Why should I use the force edition over the original EHCP software?

The force edition of EHCP is thoroughly tested and updated as new versions of Ubuntu are released.  It contains new functionality that is not included in the original EHCP.  For example, in the force edition, administrators can create and manage custom FTP accounts using a custom path.  This feature is a must-have for allowing users to manage their game servers.

The force edition also runs both FTP and Apache software under the same user while still maintaining security by limiting the directories scripts may access.  This means that PHP scripts can modify file permissions of files that have been uploaded by a user through FTP because the owner in both operations is the same user.  Scripts such as WordPress and forum software install properly because the PHP chmod function works as expected.

Also, the force edition's code is managed via subversion (SVN), a file versioning system.  It is a central repository for the EHCP source code.  Using SVN, code changes can be tracked.  Anyone is welcome to create patches or develop EHCP.  It's open source!

What Does EHCP Do?

The Easy Hosting Control Panel (EHCP) is a fully functional, advanced, free, and open source website panel platform that provides a user interface for creating and managing multiple administrators, resellers, users, websites, FTP accounts, MySQL databases, email accounts, and more!  EHCP works on most Debian based operating systems and works best on Ubuntu.

EHCP even installs and configures your web server software for you while also providing additional security by slip streaming and including fail2ban and DDoS automatic banning (against Apache).

Features:

  • Manage and create other administrator, reseller, and user accounts.
  • Easily add domains and create subdomains.
  • Create user limits regarding the maximum number of email accounts, domains, MySQL databases & users, subdomains, bandwidth, and diskspace a particular user is allowed to use.
  • Easily add, edit, and interface with MySQL databases and MySQL virtual users via PHPMyAdmin.
  • Create different types of email accounts.
  • Create and modify custom BIND DNS entries.
  • Allow modifications to the Apache template for each particular domain (via a global security setting).
  • Configure a domain to use slave DNS to sync website DNS entries between multiple servers.
  • Creates and securely configures both custom and normal FTP accounts.
  • Comes with a pre-configured SquirrelMail email interface to view emails sent to virtual email accounts.
  • Backup all of your server's files and databases by using the backup and restore function.
  • EHCP can integrate into other applications through its API.
  • And more!

Download:

To download or upgrade your existing installation of EHCP to the force edition, please visit our download page on the main website.

Links:


EHCP is open source software! 

10
General / Knowledge Base
« on: November 02, 2013, 09:55:25 pm »
Knowledge Base

Please search and use our knowledge base which contains helpful information, guides, requirements, and how-to articles.

Articles are added and updated on a regular basis and serve as a great way to answer some of the more common questions you may have regarding EHCP Force edition.

If you can't find the answer in our knowledge base, by all means post on the forums.  Helpful forum posts might be converted into knowledge base articles.  Help others by sharing your knowledge! 

11
General / Rules
« on: November 02, 2013, 09:45:41 pm »
Forum Rules

Thanks for using EHCP Force edition and visiting our forums.  Before posting on our forum, please read and adhere to the following rules:

  • Follow the golden rule of treating others as you'd like to be treated.
  • Do not bump threads repetitively if no one has yet replied to your thread.
  • If reporting a bug or asking for help, please include as much information as possible including steps to reproduce your issue or what steps you have taken to fix an issue.
  • Do not flame or troll other forum members.
  • If you don't have anything helpful to say, please do not respond to threads or posts.
  • Please search forum posts for your issue before posting a new thread.

Following the above rules helps us better assist you with anything EHCP Force related.

Thanks for your cooperation.

Pages: [1]