Jump to content


Photo

What's the security situation with cpanel?


  • Please log in to reply
1 reply to this topic

#1 DmC

DmC

    Rank III Member

  • Members
  • PipPipPip
  • 125 posts
  • Gender:Male
  • Location:Athens

Posted 09 January 2019 - 12:42 PM

Hey guys,

It's already been mentioned by staff (if I recall correctly) that cpanel upgrades are complicated as many custom stuff are implemented to the servers.

I was considering though, as cPanel has unrestricted and unlimited access to the server, what's the security situation.

Without updates,there are no security patches issued by cpanel, right? 🤔
An artist is always alone - if he is an artist. No, what the artist needs is loneliness.
Henry Miller

#2 wolstech

wolstech

    Rank X Member

  • Root Admin
  • 10,409 posts
  • Gender:Male
  • Location:Pennsylvania

Posted 09 January 2019 - 01:19 PM

You're correct, we generally don't install the updates for cP. cPanel's updates are primarily feature enhancements anyway, so there's little in the way of issues there. The major things that need updates are PHP, Python, Apache, Tomcat, etc. and those do get updated when possible.

 

Our other big issue is obsolescence. Our custom software is one major reason, but the ancient hardware is another one. The software coming out these days isn't designed for hardware from the mid-2000s. Our oldest server is ~13 years old (Stevie/Ricky), and our youngest is going on 8 (Eddie/Tommy). Software today is optimized for hardware made in the past few years...

 

As our hardware ages, they become less and less capable of running the newer versions of cPanel that weren't designed for them. Take Ricky for example...he used to be blazing fast with a significant number of accounts back when he had 11.31 on him. After he was rebuilt due to disk failure, we were forced to upgrade him to one of the 6x versions (cPanel does not allow you to install old releases). Now we get significantly fewer accounts on that server before it becomes slow enough to be unusable, which further lowers our revenue from ads shown to users.

 

We do have a slightly newer server (Katie), but it's not advertised because it only contains VPSes (at the moment Ashoat and I share it). The VPSes can be purchased if you wanted your own OS to run whatever software you want: https://heliohost.org/vps (I believe at the moment these go on Eddie, Tommy's hardware, but Katie is I believe also intended for this use).


Edited by wolstech, 09 January 2019 - 01:30 PM.
Forgot about Katie

Please do not PM me for support. Posting on our forums lets all of us learn.
Do you play Minecraft? | Server Monitors | And the Dumbass of the Decade award goes to...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users