SysCP - Blog - Announcements

Happy Birthday SysCP!

nospam@example.com (Flo) — Sun, 15 Jun 2008 21:30:00 +0200

Hello SysCP-community,

it's now 4 years since the day we released the first version of SysCP. Again I want to thank everyone who supported us over the years. Thanks go to you who sent in comments, wishes, ideas, suggestions, patches, positive and negative feedback or just have downloaded and used SysCP. I especially want to thank our sponsors who donate all that glue which helps us work together and improve SysCP.

Some words about the current stage of development: Thanks to atari, d00p, EleRas, JamieWolf, Radiation (alphabetically) and all other which I might have forgotten (shame on me) SysCP made huge steps towards 1.2.20 which will contain many new features, bug fixes and improvements.
We now have support for lighttpd, powerdns, domain keys, exim4, pure ftpd, awstats and many more. SysCP now features native SSL support, a sparkling new logging facility and even a password-reminder. Needless to say that we fixed dozens of bugs and revised many parts of the code.

But we need your help: Due to the heavy changes we made we kindly ask you to test the current development trunk. We expect it to be pretty much stable at this time, but there might be some small glitches so don't test it on your production system.
Since 24c3 we have a snapshot service available at http://snapshots.syscp.org where you'll also find debian packages containing the current trunk.
Please report anything you stumble across at our forums. Thanks, your help is much appreciated!

Again, no cake this year, but stay tuned,

Flo and the SysCP-team

Update: SysCP 1.2.19 released

nospam@example.com (Flo) — Sun, 03 Feb 2008 18:30:00 +0100

Hello SysCP-community,

today we are releasing the next version of SysCP. SysCP 1.2.19 contains several Bugfixes and some new features.

Especially the nasty bugs regarding the hardcoded Listen and the incomplete Zonefiles are now fixed. I'm really sorry about this, it's not clear how we could have overseen them.
The fix of the Listen-Bug requires some attention when you are updating your installation, because the Listen statement is now switched off by default. You have two options: Switch on the Listen statements again for the affected IP/Port combinations before cron_tasks.php is executed or restore your /etc/apache2/ports.conf.

Thanks to Michael Kaufmann (aka d00p) SysCP now features a complete Ticket System. Your customers could easily create support tickets which can be answered directly at the admin panel. It's quite self-explanatory, so just try to use it, it's great fun ;-) Please also have a look at the settings where you can change the behaviour according to your needs.

One little thing regarding PHP4: Because the php dev team has quit supporting PHP4, we decided not to go for PHP4 compatibility anymore. Therefore SysCP will only work with PHP5.

All changes included in this release are listed at https://www.syscp.org/milestone/1.2.19. As always you'll find the packages at http://files.syscp.org. Direct link to the tarball is: http://files.syscp.org/releases/tgz/syscp-1.2.19.tar.gz. Debian users will get it with their next apt-get upgrade.

Flo and the SysCP-team

Update: SysCP 1.2.18 released

nospam@example.com (Flo) — Wed, 02 Jan 2008 17:30:00 +0100

Hello SysCP-community,

as the last release includes some nasty bugs we are releasing a new version of SysCP now. It contains the follwing bugfixes:

Safemode will be added again to vhosts at cron_tasks, formtoken is now correctly inserted into all admin_customer-scripts, so editing/adding a customer won't end with "The request seems to be compromised." and the installer now sets the mysql-access-hosts correctly.

These are all nasty bugs, so I'm sure all of you will update. But I also want to state, that with the safemode not being inserted in the vhosts your server might have a big problem, when safemode isn't activated globally. Therefore consider SysCP 1.2.17 insecure (1.2.16 isn't affected though) and update immediately if you're already using it!

As always you'll find the packages at http://files.syscp.org. Direct link to the tarball is: http://files.syscp.org/releases/tgz/syscp-1.2.18.tar.gz. Debian users will get it with their next apt-get upgrade.

Flo and the SysCP-team

Update: SysCP 1.2.17 released

nospam@example.com (Flo) — Mon, 31 Dec 2007 19:00:00 +0100

Hello SysCP-community,

today we are releasing the next version of SysCP. EleRas and I attended 24c3 over the last four days and we got quite productive, so here's the result:

This release features many bugfixes and new features. The biggest features we're introducing are: mod_fcgid, mod_log_sql, the support of dovecot, building real zonefiles, ips/ports with own vhost containers, reorganized and enhanced settings, wizard-style configuration, and much more. You can find the complete overview on http://www.syscp.org/milestone/1.2.17. At this place I also want to hint to our blog (http://blog.syscp.org) where we noted everything we did the last days.

Due to changes in the style the cronscript works you have to take care when updating: There isn't one big cronscript anymore. Instead you have to call scripts/cron_tasks.php and scripts/cron_traffic.php whenever you want to process tasks or calculate the traffic. This enables you to configure your system in a more flexible manner, e.g, you could calculate the traffic more than once a day if you want. Please change your /etc/cron.d/syscp accordingly. The complete file can be found in your panel, just click on "Configuration".

You'll find the packages at http://files.syscp.org. Direct link to the tarball is: http://files.syscp.org/releases/tgz/syscp-1.2.17.tar.gz. Debian users will get it with their next apt-get upgrade.

I also want to hint to our new snapshot service, which provides you with checkouts of the svn trunk. You'll find them at http://snapshot.syscp.org. Use the debian repository like the stable one, upgrading from stable to testing is just as simple as replacing the line in your sources.list with http://debian.snapshot.syscp.org/.

We wish you a happy new year,
Flo and the SysCP-team

SysCP Mailinglists closed - SysCP Forums reorganized

nospam@example.com (Flo) — Sun, 19 Aug 2007 22:50:00 +0200

Hello SysCP community,

today I want to drop a short notice about the current state of our mailinglists and forums.

First: The mailinglists
Because we had more technical problems than posts on our mailinglists we are closing them today. Traffic on our lists just was to low, so we think that the time the maintenance of the list consumed can be used better. An archive of old postings is still accessible through lists.syscp.org.

Second: The forums
We saw, that most members of the SysCP-community use our forums. Therefore we decided to make it again an official part of SysCP and moved it back to a subdomain of SysCP, forum.syscp.org. Although SysCP is getting more international from day to day we don't want to disclaim our german roots. To make things easier for you, we now just have one board per language where you can post everything releated to SysCP. No more deciding whether your question is a configation issue or general issue etc ;)

Third: The announcements
We are again using the forums to make announcements. For the ease of use, we created a shortcut for the newsfeed of the announcements board at https://www.syscp.org/announce-en.xml. Announcements will also be "mirrored" on our main site and on our blog.

Have fun with our new forums,
Flo and the SysCP-team

Security warning: Possible remote code injection when using Debian Sarge/Etch

nospam@example.com (Flo) — Thu, 12 Apr 2007 17:30:00 +0200

Hello SysCP-community,

this security warning concerns all SysCP users who use Debian Sarge or Etch together with our default configuration files.

As the Debian-package of proftpd adds a user "ftp" with password "!" (drop quotes) and the appropriate homedir at "/home/ftp", anyone can login as this user. Together with an enabled mod_userdir in apache, one could create a directory "public_html" in the homedir of user "ftp" and access everything (also bad scripts) through "http://your-servername/~ftp/" without openbasedir and safemode restrictions.

We recommend to add the following line to your /etc/proftpd.conf:
AuthOrder mod_sql.c

We also recommend to disable mod_userdir by issuing the following command:
apache-modconf apache disable mod_userdir

Big thanks go to Harald Kapper who informed me about this security problem and also provided appropriate solutions!

Just a short notice regarding Debian Etch: Yes, we are aware that Debian Etch became stable last weekend, but we just need some time to adjust the configfiles. New ones, which will also reflect the recommendations of this security warning, will be included in our next release.

Stay tuned,
Flo and the SysCP-team

SysCP 1.2.16 inside the official FreeBSD - Ports - Collection

nospam@example.com (EleRas) — Thu, 12 Apr 2007 13:06:06 +0200

Hi out there,

This will only be a very small announcement:
SysCP 1.2.16 is inside the official FreeBSD - Ports - Collection. Thanks to Janky Jay (ek) for managing and maintaining this port. If you want to see it and you aren't using FreeBSD, you may see the port in the cvs of FreeBSD (http://cvsweb.freebsd.org/ports/sysutils/syscp). Most of the patch will be integrated in future SysCP - versions. Stay tuned for a tutorial on our website about installing SysCP on FreeBSD ;)

So long,
Florian and the rest of the SysCP - team

Tweaking the SysCP-website

nospam@example.com (Flo) — Sat, 31 Mar 2007 23:55:00 +0200

Hello anyone out there ;)

just a short notice today: Over the next few weeks we are going to tweak our website, moving several services around our servers, so please expect some outages of SysCP.org, we are trying to keep them to a minimum. When the main stuff is done we'll inform you immediately!

At this place I also want to thank our great sponsors: Orth-IT has kindly donated a server last week and INWX is donating labour by allowing Florian Aders (EleRas) to work at SysCP in his working time. Thank you very much! (Please also have a look at our official sponsors-page at http://syscp.org/wiki/Sponsors !)
Some more cool things are currently in the pipeline, so stay tuned!

Best regards,
Flo and the SysCP-team

P.S: I just looked at the date, it's still March the 31st, so this ain't an April Fool's joke ;)

Update: SysCP 1.2.16 released

nospam@example.com (Flo) — Tue, 06 Feb 2007 22:56:21 +0100

Hello SysCP-community,

after the "breaking news" regarding the security hole last friday we decided to release SysCP 1.2.16 ahead of schedule. We also discovered another security hole and therefore we recommend to update your installation immediately! More about all security issues which were ever discovered in SysCP can be read at our new security page (http://syscp.org/wiki/Security).

This isn't just a security-fix-release, but it also contains some new features. We heavily improved our sorting algorithm, so it now sorts in a human style, for example it was "web1 -> web12 -> web2", now it's "web1 -> web2 -> web12". Also the sorting on the customers' mail list is now fixed when choosing sort by "E-mail-address" or "Domain name" and certain e-mail-adress combinations. An admin/reseller could now also "su" into an account directly from the domain list and it's now possible to edit the name and email of your own admin account, even of the main admin. We backported several regular expressions from SysCP 1.3 (development branch) and restricted usernames in general to just contain upper/lowercase characters and numbers to ensure they work with all services.

We also added three new language files: Thanks to Bystrik Kacer for the slovak, Sander Klein for dutch and Laszlo (Laci) Puchner for the hungarian language package. We are proud to state that SysCP now provides localizations for 14 languages which cover more than 25 countries worldwide!

With this release the version check now also transmits the currently installed version. In this way we are now able to spread news about possible security holes more efficiently.

SysCP 1.2.16 can be downloaded from files.syscp.org. The direct link is: http://files.syscp.org/releases/tgz/syscp-1.2.16.tar.gz

Detailed information about all bugfixes and features in SysCP 1.2.16 can, as always, be found at our roadmap at http://syscp.org/milestone/1.2.16

We hope you all enjoy using this new release,
Flo and the SysCP-Team

Security hole discovered in SysCP 1.2.15

nospam@example.com (Flo) — Fri, 02 Feb 2007 21:52:35 +0100

Hello all of you out there,

we are very sorry, but there is a security hole inside the latest SysCP version (1.2.15). Any customer could run malicious code as root. This vulnerability is only exploitable in SysCP 1.2.15, no other version is affected.
Since this is not the best thing, we are releasing a patch together with this announcement ;) It's only a tiny patch, since SysCP itself brings already all the code to prevent such code-injections. The problem: in this special case it accidentally wasn't used.
Many thanks go to Daniel Schulte, who found this vulnerability!

You can fix your installation by replacing "exec" with "safe_exec" in scripts/cron_tasks.php on line 255 or applying the patch provided on our homepage (http://files.syscp.org/misc/syscp-1.2.15s.patch) by executing "patch -p0 < syscp-1.2.15s.patch".

Thank you for your attention,
Flo and the SysCP-team

Merry Christmas and a Happy New Year!

nospam@example.com (Flo) — Sun, 24 Dec 2006 20:00:00 +0100

Dear SysCP-community,

the whole SysCP-team wants to wish you a merry christmas and a happy new year.

As we are looking back 2006, we see a year full of changes: many of us passed important exams, some of us changed from school to "real life" and we accepted new challenges. Some team members had to break new ground and left the SysCP project, but some others found their way into our team (again).

I want to thank everyone who contributed to SysCP, taking part in the progress of making a good product even better. We went on developing SysCP, versions 1.2.13 up to 1.2.15 were released so far, including a new design, new features and many, many bugfixes. We also made huge steps forward to version 1.4. Behind the scenes of SysCP the complete infrastructure was updated and stabilized - now the project server is powered by gentoo and our website is running on trac (with lighttpd serving the pages).

In 2007 we want to go on developing SysCP 1.4, taking the numerous steps to build the next generation Server Control Panel. One of the major things we plan for 1.4 is a complete modular codebase: If you don't want to use several services, just deactivate them or replace them with others. For example it will work fine with either Apache or lighttpd, MySQL or PostgreSQL and will even provide modules for managing the latter. There'll be a module for managing linux-vservers (nearly completed already!), one for managing your zonefiles easily, another to register domains while using robots of different providers and a module where you can translate SysCP directly within your browser. We'll deliver SysCP 1.4 as small as possible and you can extend it like YOU want.

We hope that you, the community around SysCP, keep up your good work helping us to find bugs and problems and giving us new ideas and perspectives. It was a real pleasure to work with all of you.

Again, merry christmas,
Flo and the SysCP-team

Update: SysCP 1.2.15 released

nospam@example.com (Flo) — Sun, 12 Nov 2006 18:37:27 +0100

Hello SysCP-community,

again it's time to announce another release of SysCP, named SysCP 1.2.15. This is mainly a bugfix release, so this mail won't be as long as the last release announcement ;)

We readded a border around the textboxes and also added newlines to the debug-messages in the cronscript-lockfiles. Paging system can be switched off again, webalizer now uses the standardsubdomain instead of the loginname for the statistics and ignores referrers from other domains which are owned by the same customer. You can now see which domains are aliasdomains for a specific domain in the adminpanel, so deleting domains with aliasdomains is much easier.

SysCP 1.2.15 now contains configuration files for SuSE 10.0. Thanks to Ron Brand and Florian Aders all howtos are now converted in a new beautiful design which integrates gracefully with the whole SysCP homepage

Florian Aders has rebuilt our main server to solve the heavy stability issues with trac and apache and Ron Brand integrated all SysCP pages into one identity, which looks pretty nice.

Thanks goes to Nickola Kolev for the bulgarian translation for SysCP. With this translation SysCP now includes 11 languages which cover more than 25 countries.

With this release the debian 4.0 (etch) package will contain several changes regarding the dependencies: php5 and apache2 are default now, but the package also allows other combinations, please have a look at our etch-howto. Due to pending tests and discussions about maildrop the etch package will be updated lateron. Furthermore, all debian packages are now architecture independent.

Detailed information about all bugfixes and features in SysCP 1.2.15 can, as always, be found at our roadmap at http://syscp.org/milestone/1.2.15 .

We hope you all enjoy using this new release,
Flo and the SysCP-Team

Team changes and introduction of blog.syscp.org

nospam@example.com (Flo) — Sat, 14 Oct 2006 18:04:00 +0200

Hello SysCP-community,

first of all I want to thank Martin Burchert alias eremit for his great work he did for the SysCP project and community. For almost two years Martin has helped to develop SysCP, administrate the project servers and webpages and helped some of you in the forums and irc channel. But as always, time's the only ressource we have too little. Due to his time-consuming job Martin decided to put his responsibilities into other hands of the SysCP team and work as an affiliate in future. Many thanks for everything, Martin!

Furthermore I want to announce that we decided to introduce an official SysCP-blog, where the team members will inform about the progress of development and other interesting news about the community, webpage etc.
You'll find it at http://blog.syscp.org.

So long and thanks for all the fish,
Flo and the SysCP-team