• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Few Concerns with Presence Builder

V

vhJayE

New Pleskian
Hi All,

Having a terrible time trying to get through to somebody or even submit a ticket so thought I'd try here instead. I'm installing a trial version of Presence Builder to use as a cPanel plugin but I have a couple of issues, which I'll detail below:

1. We don't allow insecure FTP access to our servers, so publishing doesn't work at the moment - is there a way to set PB to use SFTP instead?

2. /usr/local/cpanel/etc/webpresencebuilder.ini needs to be world-readable for the plugin to work - this file contains the admin password for the sitebuilder server, so this isn't an option - is there a way around this?

Any help or advice would be really appreciated!

Thanks

Jay
 
1. SFTP is not supported.
2. Thank you for report. We consider it as a bug. Corresponding bugreport was submitted (#142500 for your reference)
 
Hi Igor,

Thanks for getting back to me. I'm assuming Presence Builder runs its own cut-down FTP server - do you know if it's technically possible for us somehow to tweak this to run SFTP instead? Also - thanks for logging the security issue, do you know how far off a fix this is? We can't purchase the software and begin using it until this flaw is resolved.

Thanks again,

Jay
 
I'm not sure about tweaking FTP to SFTP.
Mentioned bug under developer's investigation now. Fix is planned for one of next version of cPanel plugin. Unfortunately I have not any ETA.
 
I don´t think any provider runs insecure FTP this days.

So this is not only a bug but a security bug. Sending logins clear and plan on the wire is just asking for nasty problems. The publication should support SFTP or in either case use a https tunnel, there are many ways to connect to a remote server. Hell, the plugin could even use a SSH user and publish data if it likes. Plain FTP should be an option but not a requirement.

I hope they address this as this is just sloppy integration in 2013 connecting via plain FTP does not speak highly about security.
 
Hi Igor,

It's been about a month now, and I notice a new cPanel plugin version has recently been released v1.1.1-37? - albeit with no release notes. Have either of these bugs been fixed yet?

Thanks

Jay
 
Thanks for noticing and reporting the issue, we have fixed it. You can download the latest version of the plugin from our website right now. Please note that it requires cPanel version at least 11.38.
 
Hi Custer,

Sorry for the late reply - thanks for fixing this bug, we're still left with the insecure FTP security hole though. Is there any time-scale to get SFTP implemented? We really can't compromise the security of an entire server just to let our would-be WPB users publish their sites.

Alternatively, a fix to let us run WPB on the same server as the cPanel plugin would remove the issue completely as it'd have local access - if that's easier to implement please let me know.

Thanks

Jay
 
Hi,

It's a lot harder to run WPB on the same server as cPanel, because WPB requires separate web-server, it will require to resolve a lot of conflicts.

What do you think about FTPS support (not SFTP)? Will it suits for your security policy? Implementation of FTPS is planned for WPB 12.5 currently (a very rough estimate).
 
Sorry for the delay Egor, and yes FTPS would be perfect for our needs. Can you let me know how your release numbering works? I see that we're currently running 11.x, so roughly how far ahead is 12.5 going to be?

Thanks

Jay
 
Hi Jay,

WPB 12.5 is planned for release somewhere in March 2015 (very rough estimation).
if you have a serious intention to use WPB and FTPS blocks you, then we can discuss with our PM this separately (via PM or email). Maybe FTPS publishing will be implemented earlier.
 
You must log in or register to reply here.
Back
Top