The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Features to be disabled for security

Discussion in 'Security' started by Lord Wizard, Mar 18, 2011.

  1. Lord Wizard

    Lord Wizard Registered

    Mar 10, 2011
    Likes Received:
    Trophy Points:
    Hi all,

    There's an old thread in this forum with the list of the features to be disabled for security/performance improvement.

    As this list is posted back on 2009 and cPanel/WHM has improved a lot since, what do you think now about the features suggested to disable?

    In particular, my resellers require to run WHMCS for accounting purposes, and it needs Cron to function correctly but the above thread claims enabling Crontabs is equal to granting full SSH access to client. Is that so or I'm missing something here?

    Many thanks.

    Lord Wizard
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Oct 2, 2010
    Likes Received:
    Trophy Points:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You could add the crons for such users manually or create a script to add the cron. cPanel cronjobs area allows the users to add, edit, and delete crons, but not having that in cPanel doesn't prevent crons for being created for the users by someone who has the access. As such, you can still disable crons from being created in cPanel and create crons for those users to run the necessary cronjobs.

    I would agree that having crons can pose a risk. In the past when I helped to setup Ruby and Rails at a hosting provider, there was no interface in cPanel to create applications (this was several years ago), so I created some how-tos to use cronjobs for that task for users, since they could run functions normally performed in SSH via cron.

Share This Page