Simply allowing root access via ssh (assuming u mean from a different machine, not so bad if limited to a subnet or something I suppose if thats part of the process) is enough to wave a huge red flag. I would urge anyone to turn that off (in /etc/sshd/sshd_config) given the recent attempts out there. I had wondered how certain things were done, especially how they would add users etc without root (can actually be done ok, and hoping they are using the alternate means, but now not so sure), but that does worry me. I'd probably ask them to put peoples minds at ease and put a faq on their site about what permissions are needed remotely and as a running process as thats fundamental for what people can run and security as I'm sure thats not fully the case or there's alternatives, or they've just opened a nice big hole to all of their customers.
On Wed, 20 Oct 2004 13:06:50 -0500, hondaman <[EMAIL PROTECTED]> wrote: > So, after the long discussion about game control panels here on this > list, I decided to give GameCP a shot. It offers a free trial, so what > do I have to lose, I asked myself? > > 3 full days with nothing to show for it. Thats what I lost. > > I wont go into detail on every part of the install, because this really > isnt an official review. However I though you guys should know what you > are getting into before shelling out the minimum $150.00 to purchase the > software. > > 1. The install documentation is worthless. Its outdated, and doesnt > even remotely apply to the current version of the software. > 2. Support was hit and run. And not only for me, a trial customer. I > witnessed several other people in his IRC channel who where left hanging > with unanswered questions. I didnt attempt to call him, so I cant say > how well phone support works. > 3. The software itself is broken. It tells you to do things during the > install that, because of updates, arent required anymore. When I asked > about performing certain functions during the install, I was told "Dont > do what it says. Its outdated." Well, where does that leave me, the > poor guy installing this? No documentation, no support. I can even > trust the installer to tell me what to do. > 4. Be aware that GameCP *requires* root access via ssh. Not a good > thing in my opinion especially considering all the brute force attempts > at root access we have all seen. > 5. The documentation, as does William (GameCP coder) says to su to the > user running apache and perform some install operations as that user. > First of all, my apache user is "nobody" and doesnt have a shell. I was > told to enable the shell for the user "nobody" BAD idea. > 6. GameCP requires php globals to be turned on. Not a bad thing > necessarily, but certainly not good for the security-conscience. > 7. The install failed at another point, and it was a permissions > problem in the web directory for gcp. I was told to simply chmod 777 > the file. This too might not be bad in and of itself, but when you > consider that this is closed source, and being told to chmod 777 a .php > file arbitrarily without rhyme or reason gave reason for concern. > > These are most of the major concerns I had, and I believe justified. > GameCP certainly could be, with a lot of work, something that should be > considered for a GSP. Its simply not ready right now. William on IRC > (I spoke with him a lot when he was available) was polite and helpful, > but I came away with the impression that he is an open source coder, > with an open source attitude about coding, i.e. "I write it, you figure > it out, and if you cant, write your own code" One can get away with > that writing open source software. However, it simply isnt tolerable > when you are charging $150.00 per box. There is an extreme lack of > detail in the software, the documentation, even in the maintenance of > his own website. All these things combined should throw several red > flags in your head and cause you to look closer before making a GCP > purchase. > > If nothing else, please TRY this software before you buy it. > > hondaman > www.hardgaming.com > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
