Abdy Posted June 25, 2015 Report Posted June 25, 2015 Update: Hi, I'm started to work in the next update of this module, If you have ideas or suggestions for the next update, Please tell me or send me a PM. Best Regards. ------------------------------- Hi Blesta users Today I bring a module that it could be useful for some, a module based on theuniversal module. This module its extensible, you can implement your own api Features: Colocation Manager Client and Admin Side Information Web SSH Client Web FTP Client Statistics Off and Reset Button function without API Live Screenshot Automatic Detection of Control Panel Colocation Tab hides automatically if you don't use anything colocation parameter And lot of love Update June 25, 2015 Documentation Available. Internal Improvements [Thanks naja7host] Update July 04, 2015 If you don't provide an API for the Off and Reset Button, automatically the module uses SSH for make this actions. The On Button only appears if you are defined an API Requires SSH2 Extension of PHP Installed ServerTools its not more required, All data its get via SSH Optimised code (more fast) FTP Client its Self-Hosted and its included with the module Available on GitHub https://github.com/CyanDarkInc/Universal-Server-Module Update August 19, 2015 Update Software from Blesta Change Root Password from Blesta Change hostname from Blesta Internal and Important Changes Note: This module is not more in beta and you can use for production. If you want make a Donation you can send to order@cyandark.com, And thanks for your contribution. And Again, Sorry for my bad english. Enjoy You can Download the Module from my repo on GitHub https://github.com/CyanDarkInc/Universal-Server-Module Screenshoots PauloV, Blesta Addons, Michael and 3 others 6
Abdy Posted June 25, 2015 Author Report Posted June 25, 2015 You can read the Official Documentation in the GitHub Repository. https://github.com/CyanDarkInc/Universal-Server-Module PauloV and Joseph H 2
Blesta Addons Posted June 25, 2015 Report Posted June 25, 2015 is a great plugin again mr CyanDark , we are waiting your documentation . jus i little suggestion , - in the view put the .js and .css files in the images directory or add new directory for them . this is just to preserve the standard directory tree . - the tabs you have not aded a view for them , you are returning the output directly , is better to send the output to a view file (ex. ssh_console.pdt , client_ssh_console.pdt ...ect ) - in the view file, you have some regex that can be already done in the module function rather than the view file . i have not yet installed or tested your module , this observation is just from the first view of the code . al final un gran trabajo campeon ! PauloV 1
Abdy Posted June 25, 2015 Author Report Posted June 25, 2015 is a great plugin again mr CyanDark , we are waiting your documentation . jus i little suggestion , - in the view put the .js and .css files in the images directory or add new directory for them . this is just to preserve the standard directory tree . - the tabs you have not aded a view for them , you are returning the output directly , is better to send the output to a view file (ex. ssh_console.pdt , client_ssh_console.pdt ...ect ) - in the view file, you have some regex that can be already done in the module function rather than the view file . i have not yet installed or tested your module , this observation is just from the first view of the code . al final un gran trabajo campeon ! I take note of your advice for the next update. Tomare nota de tus consejos para la próxima actualización. serge 1
PauloV Posted June 25, 2015 Report Posted June 25, 2015 A Huge Tank You cyandark for your hard work P.S- love the root password from the first screenshot Blesta Addons 1
Michael Posted June 25, 2015 Report Posted June 25, 2015 Wow that's like amazing thanks mate. I do have to say this though mate, what's the server tools for?
Max Posted June 25, 2015 Report Posted June 25, 2015 Screenshots sure look nice. But I do think you should at least document that: FTP function is not implemented in module itself, but outsourced to https://file-manager.cyandark.com/ meaning the password the customer enters is sent there. SSH function is not implemented in module itself, but outsourced to https://ssh.cyandark.com/ meaning user's password is sent there. Furthermore the SSH function submits the user's password as GET parameter, meaning it can end up in the web browser history... <iframe style="width: 100% !important; height: 500px; margin-top: -10px; border: 1px solid #ccc; backround: #000;" border="0" src="https://ssh.cyandark.com/?host=<?= base64_encode($host) ?>&puerto=<?= base64_encode($port) ?>&user=<?= base64_encode($user) ?>&password=<?= base64_encode($pass) ?>"></iframe> I do not doubt your good intentions, but I do am pretty uncomfortable with the concept of sending customer's passwords through any third-party... Not a big fan of including resources from external sites either (like "@import url(https://fonts.googleapis.com/css?family=Inconsolata);") Some browsers like IE and Firefox allow Javascript inside CSS. If external site is compromised, so will your panel be. PauloV, Michael and Blesta Addons 3
Abdy Posted June 25, 2015 Author Report Posted June 25, 2015 A Huge Tank You cyandark for your hard work P.S- love the root password from the first screenshot The Best Password ever created. Michael 1
Blesta Addons Posted June 25, 2015 Report Posted June 25, 2015 this is a duplicated thread , no ? it prefered to make your plugin in one thread to group all the replies and is easy for us nd you to follow one thread . Moderators can merge the two thread if OP accept the deal . PauloV 1
EidolonHost Posted June 26, 2015 Report Posted June 26, 2015 Hooboy, this is quite the advanced module. I'm almost tempted to stop development of my Dedicated Server Module and let this one take over... but I think, that is probably not a wise idea. More modules may be a good thing... but I think this one will probably win out in the end. Blesta Addons 1
Adam Posted June 27, 2015 Report Posted June 27, 2015 Hooboy, this is quite the advanced module. I'm almost tempted to stop development of my Dedicated Server Module and let this one take over... but I think, that is probably not a wise idea. More modules may be a good thing... but I think this one will probably win out in the end. Merge the projects. @cyandark should post this on some public code repository (self-hosted git/svn or github, bitbucket, etc). /adam activa 1
Abdy Posted June 27, 2015 Author Report Posted June 27, 2015 Hooboy, this is quite the advanced module. I'm almost tempted to stop development of my Dedicated Server Module and let this one take over... but I think, that is probably not a wise idea. More modules may be a good thing... but I think this one will probably win out in the end. More Modules its better Merge the projects. @cyandark should post this on some public code repository (self-hosted git/svn or github, bitbucket, etc). /adam Good idea, We can merge our projects and make an unique but powerful module.
Abdy Posted June 27, 2015 Author Report Posted June 27, 2015 Wow that's like amazing thanks mate. I do have to say this though mate, what's the server tools for? Its for the Statistics Section Michael 1
Adam Posted June 27, 2015 Report Posted June 27, 2015 Why is servertools obfuscated? May you please undo that, along with posting this on a public source code repo .. so others can contribute to it? A lot of work needs to be done in order to make this more modular. Injecting HTML within the controller does not seem good MVC approach nor is using shell_exec without escaping the string with escapeshellarg. It also seems you are hard coding OS values, hard drive values rather then taking a more general approach of pulling from database via the Record object provided from the base class. -Adam
Abdy Posted June 28, 2015 Author Report Posted June 28, 2015 Why is servertools obfuscated? May you please undo that, along with posting this on a public source code repo .. so others can contribute to it? A lot of work needs to be done in order to make this more modular. Injecting HTML within the controller does not seem good MVC approach nor is using shell_exec without escaping the string with escapeshellarg. It also seems you are hard coding OS values, hard drive values rather then taking a more general approach of pulling from database via the Record object provided from the base class. -Adam The tools.php file generates an encoded string used by the module, and have the algorithm to encode the string, this its the reason that its encoded. for security reasons. Im working in a new update with some improvements of the code bunny 1
Adam Posted June 28, 2015 Report Posted June 28, 2015 The tools.php file generates an encoded string used by the module, and have the algorithm to encode the string, this its the reason that its encoded. for security reasons. Im working in a new update with some improvements of the code It is no secret what algorithm you use to encode that string .. since you told us how to decode it (via your module). I do not understand your argument on it being obfuscated for security reasons. You first output the server status via base64 encode as hex. Then each character is shifted by 13 places via str_rot13. After that you reverse the entire character stream via strrev. Finally, you compress the output via gzencode. All this for what appears to be server status. I say what appears as server status because I have not taken the time to reverse engineer the script to see if any malicious intent is also included. What is so secretive about the status of the server? With a little investigative work (thanks to your screenshot) I can see your server has 3 CPUs, ~25GB of disk and roughly 256MB of memory with an uptime of almost two days. If you are worried about attackers, outputting the version of Apache you use, along with OpenSSL and PHP can do more harm (which is what you currently have setup). Again, all this for server status. Yet, as Max pointed out, your passwords are sent as a GET parameter to a 3rd party site. Regardless if the connection is SSL or not, GET parameters are not part of the encrypted payload in TCP/IP (they are part of the packet header). It seems more focus should be addressed in other areas is all I am saying. I say these things not to make you feel bad, but because code review is an integral part of making software better. -Adam
Max Posted June 28, 2015 Report Posted June 28, 2015 Regardless if the connection is SSL or not, GET parameters are not part of the encrypted payload in TCP/IP (they are part of the packet header). That's incorrect. Only the hostname is sent unencrypted (by the SNI TLS extension, so the server knows which certificate it should use, if more than one site shares the IP). All HTTP communication including URL and request headers does is sent over encrypted SSL. Only problems are the GET parameters ending up in web browser history, and that URLs including GET parameters are usually logged in web server logs. Do note that this module is not the only one with security flaws regarding to GET parameters. When you enable Blesta's two-factor-authentication it submits your secret master seed code -of which all TOTP codes derive from- as GET parameter to chart.googleapis.com in order to generate a QR code of it... Reported over a year ago, but apparently it was not considered worth fixing. activa and Blesta Addons 2
EidolonHost Posted July 1, 2015 Report Posted July 1, 2015 Merge the projects. @cyandark should post this on some public code repository (self-hosted git/svn or github, bitbucket, etc). /adam Merge the projects? Hmm. I suppose that'd be doable... We'll see. Mine's on Github, though I've yet to push updates to the repository as I'm working out a few issues before I push a new updated build.
Abdy Posted July 1, 2015 Author Report Posted July 1, 2015 Im working in a new update and i put this on GitHub
EidolonHost Posted July 1, 2015 Report Posted July 1, 2015 Im working in a new update and i put this on GitHub Github link? Edit: Mine's at: https://github.com/EidolonHost/dsm
Abdy Posted July 5, 2015 Author Report Posted July 5, 2015 Github link? Edit: Mine's at: https://github.com/EidolonHost/dsm Available in github https://github.com/CyanDarkInc/universal_server_module
Fantasma Posted September 19, 2015 Report Posted September 19, 2015 Any thought given to integrating this module with the NOC-PS module? or taking the functions available in the NOC-PS module and putting them in yours so that a customer of NOC-PS could also get your features and awesomeness? This would give your Server Module the ability to reboot via PDU or IPMI, OS (Re)Installs, Rescue Boot Mode, Bandwidth Usage Graphs, etc if the user is also a customer of NOC-PS.
Michael Posted September 19, 2015 Report Posted September 19, 2015 Any thought given to integrating this module with the NOC-PS module? or taking the functions available in the NOC-PS module and putting them in yours so that a customer of NOC-PS could also get your features and awesomeness? This would give your Server Module the ability to reboot via PDU or IPMI, OS (Re)Installs, Rescue Boot Mode, Bandwidth Usage Graphs, etc if the user is also a customer of NOC-PS. That could be against @Max's terms and conditions for using their module, or as Blesta would say stealing code (taking it from the coder and then calling it your own).
Recommended Posts