Over 90 contributors, fueled by pizza and coffee, produced mind-blowing results at the fourth edition of Cloudfest Hackathon. Our Pleskians contributed to many of the seven projects, with CTO Jan Löffler as team captain for the “Hack My Hoster” project. Here’s a closer look at our accomplishments this year.
Hack my Hoster – Jan Löffler from Plesk
How secure is your hosting provider? Who leads as a role model and who falls behind? The target of this project was to protect the customers of the most popular hosting companies against hackers. How? By revealing security vulnerabilities and pushing the liable providers to fix them before being exploited.
Jan and his team reviewed and tested settings for web server, PHP and database. Also, they reviewed and tested SSL certificates, and checked password security and authentication methods. In the end, they performed own scripted intrusion tests and uploaded Malware to test security scanners. Then, Jan presented how the different hosters performed in the tests.
We were happy to find two role models in this category: HostPress and Kinsta. Because the ways in which they protect their customers exceeded our expectations. As a result, the team stated they would like to team up with these hosting companies to offer an even better solution. And Jan went on to give his CloudFest keynote in front of 100s of hosters about better protecting their customers.
Let’s discuss the issues found and best practices to make the web a safer place in the comments below!
Domain Connect DNS Provider – Arnold Blinn, GoDaddy
Domain Connect is an open standard that makes it easy for a user to configure DNS. This is for a domain running at a DNS provider to work with a service running at an independent service provider. During previous CloudFest hackathons, this team worked on sample implementations and third-party integrations – including a full Plesk implementation in 2018.
But this year, Arnold and his team worked on a DNS Provider Library. So proof of concept implementations for cPanel, Bind and PowerDNS have been built on top of this.
Domain Connect Panel at Cloudfest 2019
Moreover, a Domain Connect panel took place with Arnold, our Jan Loeffler, Pawel Kowalik and Kellie Peterson. While representing Plesk, IONOS, and Automattic, they explained why Domain Connect is important to simplify DNS management for website owners. And how easy it was to implement it for their companies.
ID4me Plugin Fiesta – Pawel Kowalik, IONOS
ID4me is a new open digital identity service providing seamless user onboarding and authentication. They return control over digital identities back into the hands of users via an independent SSO solution. During the hackathon, this identity service was implemented for 12 client integrations, including Plesk, and two authority services. But it was 11 that ended up having a working solution.
The protocol has thus been proven and tested for interoperability. Besides IONOS, GoDaddy, OpenXchange and many others, Plesk will support login via ID4me similar to “Login with Facebook” or Google.
Application <=> Server Management Protocol (ASMP) – Alain Schlesser, Bright Nucleus
The ASMP protocol tries to enable management operations. Because they want to bridge the gap between applications and the server environment they run on. This keeps the initiative and responsibility with the application owner, while keeping the hoster’s full control of the actual implementation.
During the hackathon, the working group started work on an RFC and fleshed out an Open API 3-specification. Additionally, they did a proof of concept. Resulting in a PHP client library, a PHP sample server, and a WordPress plugin complete with docker setup. In order to run end-to-end tests with this new protocol.
Finally, several big players have stated their interest in this protocol, with the two biggest CMS systems on the application side, and Plesk/cPanel as well as major hosts like GoDaddy on the server side.
Hoster wtf – Marc Nilius from WP Wartung 24
The end-user hosting experience can vary dramatically, especially in the shared hosting environment. Most hosting companies have individual configuration backends as well as different configuration or infrastructure stacks. It can become quite challenging for an end-user to find the best hosting partner according to their individual needs.
So Marc’s team, which I had the pleasure to be a part of, established a list of quality criteria. So that we could test different hosting packages. The focus was set on easy registration and onboarding, end-user support and technical requirements (for CMS).
During the hackathon, we tested seven international and German hosting providers specialized in managed WordPress hosting. Marc briefly presented the results and showcased some true “Hoster wtf” issues we discovered during testing. The mid-term goals are to first add a ranking to the criteria list. Then, to provide a comparable list of shared hosting plans and providers. As well as to offer additional help for configuration pitfalls for these hosts.
Cloudfest Hackathon 2019
We’ll keep a close eye on these five projects to see what more comes out of them. Meanwhile, we look forward to the fifth Cloudfest Hackathon in 2020! See you there?