This object is in archive!
Security audit of WHM and cPanel
Needs Review
I saw in the latest TSR cPanel sent out that Rack911Labs had found multiple vulnerabilities, and I've seen them find other vulnerabilities in popular hosting software like CloudLinux and R1Soft's backup software. Maybe cPanel has already done this, but if not, I was checking out their site and saw they do security audits, and I was thinking you guys should have them audit all of WHM and cPanel to see what else they can find.
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
cPanel already has a team focused specifically on the security of cPanel & WHM. If you check our past TSR releases you'll find that the majority of vulnerabilities in cPanel & WHM are identified by this team. Our internal team also identifies and fixes many vulnerabilities that are not listed in TSRs. We audit new major versions of cPanel & WHM before they are released to customers and correct many vulnerabilities while the software is still in development.
cPanel also runs a bounty program to reward security researchers that find and report vulnerabilities in our product. Our bounty program is very popular, has simple terms and pays rewards that are well above industry norms.
cPanel already has a team focused specifically on the security of cPanel & WHM. If you check our past TSR releases you'll find that the majority of vulnerabilities in cPanel & WHM are identified by this team. Our internal team also identifies and fixes many vulnerabilities that are not listed in TSRs. We audit new major versions of cPanel & WHM before they are released to customers and correct many vulnerabilities while the software is still in development.
cPanel also runs a bounty program to reward security researchers that find and report vulnerabilities in our product. Our bounty program is very popular, has simple terms and pays rewards that are well above industry norms.
This should be a given. If security audits aren't already being performed then much of the Internet is a playground for targeting cPanel servers. The same is true if externally discovered vulnerabilities aren't being immediately patched.
This should be a given. If security audits aren't already being performed then much of the Internet is a playground for targeting cPanel servers. The same is true if externally discovered vulnerabilities aren't being immediately patched.
Yeah cPanel should be audited. As said by @kray a lot of servers run cPanel and we're vulnerable to automated attacks as soon as someone finds an issue.
My main concern about this is the cPanel team response time: They usually take months / years to fix any mess they found.
Yeah cPanel should be audited. As said by @kray a lot of servers run cPanel and we're vulnerable to automated attacks as soon as someone finds an issue.
My main concern about this is the cPanel team response time: They usually take months / years to fix any mess they found.
cPanel already has a team focused specifically on the security of cPanel & WHM. If you check our past TSR releases you'll find that the majority of vulnerabilities in cPanel & WHM are identified by this team. Our internal team also identifies and fixes many vulnerabilities that are not listed in TSRs. We audit new major versions of cPanel & WHM before they are released to customers and correct many vulnerabilities while the software is still in development.
cPanel also runs a bounty program to reward security researchers that find and report vulnerabilities in our product. Our bounty program is very popular, has simple terms and pays rewards that are well above industry norms.
cPanel already has a team focused specifically on the security of cPanel & WHM. If you check our past TSR releases you'll find that the majority of vulnerabilities in cPanel & WHM are identified by this team. Our internal team also identifies and fixes many vulnerabilities that are not listed in TSRs. We audit new major versions of cPanel & WHM before they are released to customers and correct many vulnerabilities while the software is still in development.
cPanel also runs a bounty program to reward security researchers that find and report vulnerabilities in our product. Our bounty program is very popular, has simple terms and pays rewards that are well above industry norms.
Replies have been locked on this page!