if you need a free control panel (will not be updated and may have security holes), kloxo-mr might be a good choice.

I would like to take this time to point out that you're going to spend as much time and effort finding, installing, and troubleshooting a control panel as if you'd just not used one.  Installing a control panel just gives you two problems: learning all the things you needed to know to not use one to get it installed and keep it working, *and* learning the control panel.

@6
No.  It's fine until it's not.  All this means is that it hasn't exploded for you *yet*.  If that day never comes, consider yourself very, very lucky.

There's 3 things that work reliably: doing it yourself, using a fully hosted service, or using bigger tools that are overkill for this problem such as Salt or Kubernetes.  A control panel is the worst of all worlds.  It's hackable.  It's fragile.  It makes you feel like everything's great.  You've got a hosted service minus the backend team who's responsible for making sure it keeps working, a rootkit because it probably needs sudo access, and a small number of users because most/all of us who are competent enough at server management don't bother.

And to be honest I'd never use a free one.  Free control panels mean well.  But that's the kind of place where it gets thrown in because someone thought it was fun, and not maintained because there's no money in it.  There's places you should pay someone money.  This is one of them, if you're going to insist on it.  Money gives a business somewhere motivation not to have major issues, and to do things like security audits.  These are cool to play around with, sure.  They work, yes.  Until they don't, and when they don't it's just over, tear it down and reprovision, get banned because you're in the botnet, maybe can't get your data back.  And because you relied on it instead of developing these skills, when that day comes, you'll end up somewhere like here begging for help or something only to have us tell you exactly what I'm saying now.

I guess it's okay as a stepping stone or something, but you should be aiming to stop using them very quickly.  And if you aren't literally checking once a week to find out if it had any security vulnerabilities that you need to update for...well, enough said.

@8
You're so wrong I don't even know where to start.  You do realize that people can scan the entire IPV4 address space in an afternoon with automated scripts that identify what's listening?  And that random url suffixes are entirely beside the point?  Being open source helps with security, but only so much, and you realize that you need to literally put in time every week to make sure that you've updated the version?

Frankly, properly secured ssh access is more secure than this.  But also, the lack of the same skills that I'm saying you and others should develop are causing you to not understand even the basics of security.  You're literally saying "Hi, here is a server with a remote control engine that's powered by web browsers, have at it".  At least with SSH you're getting major security vulns on the order of months to years and you have to break cryptography to even log in.

But as with the BGT thread you're going to not listen to me, or to anyone else who backs me up, because you're overestimating your own experience and competence by miles.  But that's on you, suffice it to say if there's ever a billing system associated with you I'm not buying whatever you're selling, because you just lost any credibility with respect to being able to do something like process a credit card safely.

I use to have a free control panel known as ehcp until, well, shit happened. Now I'm using plesk over here with 0 problems. In a situation where you're only just hosting things yourself, I'd say, it's up to you. but I would recommend learning how to setup stuff manually that way you know the ins and outs of troubleshooting if stuff do go wrong, but if you're hosting stuff for people, a control panel is what I would go for. Hell I wouldn't wanna be woken up at 4 in the morning, just to create email addresses for people and what not, when, my panel does that. I would honestly say, save the money and get yourself cpanel or plesk, which are payed and more secure, and you can do even more things to secure it.

@12: Yes, your shitty Wordpress site pretending to be a professional business while hiding behind a Cloudflare IP address is impressive.

@10
I already acknowledged that you want to pay for this if you're going to do it, and if you're paying for it I'm more confident in it. But still not as confident as not having it.  There are ways of doing this where it's fine, but if you have to ask the questions then you don't know enough to get it right.  But if it's firewalled and only on a non-critical server, then sure.

@12
You realize that you're showing us all how ignorant you are, then turning around and telling us that you run hosting for others?  For one thing, running hosting for others *is* asking for people to try to hack you.  In fact it's even more likely to get you hacked.  Ask to be hacked and someone might do it for fun, run hosting for others and the same person will do it for the juicy, juicy data.

We're not objecting to Cloudflare.  CLoudflare is a good idea even. But thinking that we are just shows that you don't know the difference between DNS and the rest of what's involved.

If the site you linked is your site, please stop and actually learn what you're doing before you drag a bunch of other people down with you.  It's one thing to get this wrong for a personal server.  It's a much different thing to get this wrong when you claim you know what you're doing and encourage other people to run their stuff with it.  This is the kind of thing where if you have a disaster you destroy other people's lives and professional careers forever.  I try not to call people out.  But in this case what you're doing is dangerous to others and borderline unethical, so get your head out of your ass, drop the arrogance, and pay attention, because at the moment you're playing with fire.

@16
Look.  You just said two things.  1. You run hosting for others.  2.  You've been hacked multiple times and people have told you about it to show off.  Do you actually fail to realize the problem here?

To anyone else who might read this and who might consider trusting Simter with anything server related, don't.  This is no longer not having SSH skills, it's basic common sense and responsibility problems at this point.  Either they're genuine and this is the worst misunderstanding of anything to do with anything security I have literally seen in 10 years of doing this stuff, or it's trolling and they shouldn't be trusted for all the obvious reasons you shouldn't ever give a troll access to sensitive stuff.

@15: I misspoke. What I meant is it's entirely possible to run a completely secure, stable, and generally non-shitty server using a free control panel. I've done it. You do need to know what you're doing, and that includes picking your control panel so the software itself doesn't shoot you in the foot, and I 100% agree if you're one of the people asking questions in this thread you have no business anywhere near even thinking about it. But based on the conversation in this thread, I'd go so far as to say control panel or no, the only access to a server some of these folks aught to have is that of a basic user.

@16: No, I said the site is bad because it's shit. That I pointed out it was hiding behind Cloudflare just means I'd have to take a small amount of extra effort before the 2 minutes that would be required for me to find a hole. By the way, any idiot can point a domain name to cloudflare. They basically hold your hand through the process. You should still never be allowed admin access to a server.

Just for the record, that small amount of extra effort? About 30 seconds. I won't post your real public IP here, or what another 45 seconds of sniffing told me, but I will say whoever it is you're hosting had better be damn glad they're not paying you.

it depends on you to have a control panel or not
for someone who runs a web hosting, control panels are good (paid ones, not free ones as that will be stopped and security holes will be found out on them and you easily will be hacked). something like cPanel or direct admin can be chosen.
and believe me if your control panel gets hacked, your entire server will be. your control panel has root access to your server and you can't imagine how you will be screwed then.
also, as a hosting provider it is a most to be able to manage the server yourself without a control panel (things might go wrong and your control panel can't help you with correcting that).
if you have a personal website, don't go with free control panels for the sake of yourself and god (you will thank me).

@17 nice try.
@22 well if he is so experienced he should know that geting hacked from time to time is completely normal, but this one post more shows like he thinks that if you get hacked once you are a bad person and unsafe for ever. My password is secure, not gonna tell what it has here but it is a full sentence. My hosting is free because i want it to be free, heck i even have to pay for the server, so i practically lose money with this but since this is not my living money i don't really care. Did i forget something?