Vulnerabilties Pleks VS cPanel - web-services

As a web hosting reseller i have a question: Pleks or cPanel
I mean, who is more secure ? With less hack vulnerabilities ? Some people tell me Plesk is more secure and with cPanel you have a lot of security breach.
Thank you.

I can tell you about Plesk, which is focused on security and provides a lot of solutions, such as ModSecurity, Fail2Ban, Security Advisor, out of the box to prevent your server, websites, mail, etc. from hacking.
Also Plesk has extension catalog with security extensions to secure your server and its services more.
WordPress toolkit, which is available in Plesk, allows you to secure WordPress installations.
Let's Encrypt extension will allow you to install free SSL Certificates on your websites.
With the help of Package Update Manager Plesk makes sure that all latest OS updates are installed.
Try Plesk for free and check it on your own.

I'm sure you were hoping to hear more than just from people that work for the companies involved, but I can similarly answer for cPanel.
cPanel is incredibly secure out of the box, and comes with the backing of a massive community of plugin developers and integrators, but we also allow administrators to make their own decisions about their configuration. The drawback for that is that some administrators make their server less secure, without fully understanding the consequences.
If you have any questions at all about cPanel, please do let me know, or you can try it for free. Any new cPanel server that's built is automatically issued a trial license, so you can try it for free for 15 days.

Both cPanel and Plesk have their pro(s) and con(s). While I like cPanel more (probably because I had to chance to use it more) there are some really nice default features in Plesk that make it, let's say, more attractive. One of them would be installing nginx and being able to run it as a standalone server for specific sites and not as a reverse proxy for apache. Same behaviour can be achieved on cPanel servers with nginxcp plugin (which is not free but the price is decent $5/month).
Both cPanel and plesk have mod_security, firewalls and a ton of other features. If you ask me, cPanel is more user friendly for the regular user while Plesk seems to be a little bit complicated sometimes. Another big difference will be that cPanel can be only installed on CentOS systems while Plesk can be installed on CentOS, Debian etc. If you ask me I was preferring cPanel since it was running really smooth with CloudLinux and configuring it properly resulted in a really secure server. As far as I know CloudLinux works on Plesk too now so...
It's really hard to say which one of them is more secure. It all depends on how you configure them both. I would say to try them both (both offer free trial licenses for a limited amount of time: cPanel 15 days, Plesk 30 days if I'm not wrong) and see which one you like best.
Oh, last but not least, cPanel staff provides really high tech support (which is included with the license). I think they are way ahead of Plesk at providing support for their customers (at least from my experience).

Related

Django hosting on a domain

So far, the only websites I've put in a hosted domain were with PHP. But since I work with Django I wonder if there would be any "barrier" or trouble when it comes about hosting a project, since Linux and IOS have Python installed by default but Windows not. Also it would be necessary to install tools such as Django itself, pillow, mysqlclient, etc...
I just want to know any possible barrier before going ahead. Thanks!
Everything depends on the server, if you have the necessary permissions to install and configure everything, you will not have any problem. How can be gunicorn, supervisor, nginx, etc.
For example services that you will not have any problem can be Amazon EC2, digitalocean, or any similar provider.
When I started with Django about 4 years ago I didn't know anything about servers, nginx and very little about databases but I found Djangoeurope on which I put my first websites.
They have managed databases (PostgreSQL and MySQL), one-click Django installs, reasonable prices and a very helpful staff.
I've since transitioned to using Docker on GCP, but for a beginner I can't recommend them enough: you can just concentrate on your Django code and you don't have to learn everything else at the same time.

What are the steps to deploy django project that warks localy to production

I am sorry for asking such a wide question. But i have built website with django that works locally and now i need to deploy it in production. I wanted to try to do it with first with free hosting like Heroku but it caused me with problems with my postgresql, so i decided to to post it in production and spent month for final testing in "real world". Can someone give me just steps that will lead me to that goal. this is my first website and i am really confused with the variety of options that i can use to do it. I found some articles but they were outdated mostly and most of them proposed different solutions that confused me very badly. Would really appreciate just a simple list of steps for deployment, like which hosting to use for starting, how will it work with local domain if i get it country in Central Asia. Will that cause my website work slower or not? Will be grateful for anyone's response and suggestion, cause this deployment process confused me so badly, that i can't solve it without help from experienced programmer
Deploying django app in production on your local system is similar to deploying it on VPS
You can use this link by Django project or this link by digital ocean to deploy your dango app on your local system. I would suggest you to use digital ocean link.
You can use this link by heroku devcenter or use this link by Marina Mele to deploy it on heroku
If you are primarily looking to test the app, then pythonanywhere is a good option for you. With its free account it provides you 500mb of disk usage, a domain name like "yourapp.pythonanywhere.com".
If your app has more requirements, then you can check out their paid plans.
How will it work with local domain if i get it country in Central Asia. Will that cause my website work slower or not?
The response of your website does not depend on the domain name you buy, it is just to route website users to your website using easy to use/remember address. The response of your website depends more on the performance of VPS or whatever that servers your webapp.
This is my first website and i am really confused with the variety of options that i can use to do it.
You have many cost efficient options like using free tier of Amazon Web Services. But as you have mentioned that this is your first website, you may find it difficult to use it, since aws is largest provider of Platform as a Service, and has lots of things in store to offer.
At this stage you may find using Digital Ocean very easy. In my experience, I have found that digital ocean is more user friendly than AWS.

Run Django development server as public website

What are the risks of doing this? I understand the documentation says not to do it, but I have password protected all the pages.
The point is that your "password protection" is useless if a hacker can simply bypass that and read your database directly. We don't know if they can, but - as the docs say - the dev server has undergone no security testing whatsoever, so they might well be able to.
Plus, the server is single-threaded. It will only ever be able to serve one request at a time. That makes for a very slow experience for your users.
Seriously, there is no reason to do this. Setting up Apache + mod_wsgi, or whatever your preferred hosting environment is, is a five-minute process if you follow the very detailed instructions.
If you mean, you want to deploy your Django project, you should use something like NGINX etc.
If you just want to tell, what if a development server is public, you have the same risks with any another project written in any platform.

WAMP servers... why just for web development

What is to stop you using a WAMP server (or similar) to run single-user business database applications day-to-day?
I read everywhere that WAMP and the like are intended for the development of web apps, but why can't they be used to deploy desktop apps - what're the downsides?
Personally I think WAMP/MAMP/LAMP are great applications that CAN be used for production servers.
I have started doing this myself as I do not have the complete knowledge in server administration on the linux end and my PHP applications are not compatible with IIS.
If you are a small operation than it should save you time then go for it.
If your business grows and you can afford to put on staff to manage dedicated servers with the Apache, PHP ect all installed separately then I also recommend this.
The main difference I can see is that WAMP probably wont be as scalable as the preferred setup. The binaries are all integrated and sometimes I have had issues trying to figure out which php.ini file the system is using.
WAMP is just as secure as any other server as long as you know how to do so, is provides a UI layer which cost CPU time but like I said if you are only serving small web sites/apps than this should be just fine.
My other recommendation is to install it on a Server (Windows 2008 RS or 20012) Windows servers are more reliable and powerful than the Windows User version. Just remember to turn off IIS and any other roles not used by the Windows Server.
Make sure you your WAMP folder backed up regularly!
Good luck
I haven't found one yet. I guess the speed won't be as good as a 'pure' setup, but it sounds like that isn't an issue.
I run an epos web app for a photo studio no problem at all!
WAMP usually stands for Windows, Apache, Mysql, PHP or whatever your particular choice for P is. It describes a stack meant for specifically for deploying/developing web applications and is a rough equivalent to LAMP. Most things that would be considered desktop applications wouldn't use a webserver and more than likely would not be written in PHP.
The issue is not so much one of downsides as it is Apples and Oranges: Desktop applications are usually built with a less web centric stack.
Actually i used with wamp for many purposes; I used it with VB.NET apps, PHP, etc...but I think if you want to use it for deployment, you should start by configuring it to do so.
For example, for PHP deactivation errors display in php.ini, start listening on all allow all in httpd.conf, activating safe mode, setting a password for MySQL; and many other options that have to be configured.
I personally prefer because it is a quick and lightweight tool.

Development server & production server

What is the right way to handle a production and development website on the same server? the development code shouldn't be available until it's used for production.
I'm using Apache and Django and VPS hosting.
What should I configure? Apache- so it will have a special prefix for development stuff, Django- and have some URL mangling in the urlconf, or just get another VPS for development?
Find an old computer and stick it in your basement. you really don't need tons of horsepower for a dev machine & should be able to do it for a couple hundred bucks.
The problem with developing on a production machine is that you could crash processes [apache?] with some 'not quite debugged yet' code and affect live services, even if you have configured separate subdomains or virtual hosts.
never never never develop live.
-sean
PS> another VPS is a workable solution if 'spare hardware' is not available. However you could have availability issues.