The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Feature Manager in WHM

Discussion in 'General Discussion' started by mitk, Sep 26, 2009.

  1. mitk

    mitk Well-Known Member

    Joined:
    May 14, 2003
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    Kind of curious on who has what enabled on Feature Manager and why
     
  2. thewebhosting

    thewebhosting Well-Known Member

    Joined:
    May 9, 2008
    Messages:
    1,201
    Likes Received:
    1
    Trophy Points:
    38
    I am not getting you, kindly elaborate bit more regarding your query what exactly you would like to have?
     
  3. mitk

    mitk Well-Known Member

    Joined:
    May 14, 2003
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    not sure how more clear i can be on ....


    "who has what enabled on the feature manager"
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,446
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    The why might be asking a bit much, the default list is long. Whats disabled might be easier. :p

    CGI scripts, no.
    Guestbook, no way.
    agora cart, nope, disabled.
    analog stats, disabled, large log files generated by this one IIRC.
    phpbb no.
    boxtrapper no way.
    CGI center no.
    Chat rooms, no.
    Java clock & countdown no.
    Counter no.
    Email scripts no.
    Entropy banner and search, no.
    Frontpage, no.
    Simple guestbook no way.
    Interchange cart, no.
    Mime types manager, no.
    Install perl modules, no.
    Install php modules, no.
    Install ruby modules, no.
    See PHP config, no.
    PhpPgAdmin, no.
    PostgresSQL, no.
    Random html gen, no.
    Ruby on rails, no.
    Simple CGI wrapper, no.
    Search engine submit, no.
    Server status viewer, no.
    Change language, no.
    SpamAssassin both, no.
    SSH connection, no. SSL host, no.
    SSL manager, no.
    Choose log programs, no.
    GameServer MGMT, no.

    That's the default list I use for most basic accounts. (all others not listed are enabled)

    Depending on the package and users needs, other lists are created and applied to packages as needed.

    HTH
     
  5. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Shouldn't that be ..... SSH Connection, HELL NO! :D ;)

    Seriously though, the default list that Infopro gave is a good basic starting point for a "default" list.

    There are some items I would flag from the disabled list ....

    SSH Connection
    Crontabs
    Boxtrapper
    Items pertaining to Loading Perl / PHP Modules
    A few of the System Information Items

    These are the things that are dangerous enough to typically restrict from all accounts.

    (Yes, I included "crontabs" on that list. Allowing cron access to end users is the same as full SSH access!)
     
  6. mitk

    mitk Well-Known Member

    Joined:
    May 14, 2003
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    A couple kind of shocked me ... maybe somene can shed some light

    CGI scripts
    boxtrapper
    Frontpage
    Ruby on rails
    SpamAssassin
    Crontabs
     
  7. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    CGI scripts - In reality hard to actually disable but probably don't want to give every user an open window to run possible exploit or spamming scripts. You might consider this an option for specifically named accounts but I certainly wouldn't consider it as a "default" option.

    Boxtrapper - This "feature" is known to have bugs and in some cases can cause your server to be erroneously blacklisted or misused for spam.

    Frontpage - Way beyond EOL (End of Life) and is no longer supported, updated, patched, and nobody is supposed to be using Frontpage anymore. As technology evolves, the extensions still floating around out there are becoming less and less compatible with current servers.
    The very few end users still using Frontpage have many other things to be concerned about anyway.

    Ruby on Rails - See CGI Scripts Note, same applies.

    Spamassassin - I might actually disagree on this one. Spamassassin is quite good and is a very effective spam reduction tool. However, in it's default unconfigured state, it wastes more resources than it helps.

    Crontabs - Anything that can be run as a shell user logged into SSH can also be run under a cron job which means if you allow your users to setup their own crontabs, you may as well allow full open SSH shell access to your users as well. (And no that's not recommended either! ;) )
     
  8. amorosso

    amorosso Active Member

    Joined:
    Aug 29, 2009
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    what about

    What Apache handlers ?
     
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,446
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    If it's not on my list above, it can be enabled. IMHO.
     
  10. kleinbaas

    kleinbaas Registered

    Joined:
    Aug 14, 2010
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    This was posted in a while back. Is this still the case? Is boxtrapper now safe (or safer) to enable?
     
Loading...

Share This Page