Note: This does not apply if you are running phpsuexec on your server.
It appears to be easily possible for any cpanel account user to get free "unlimited" disk space.
1) Create a cpanel account with a disk space limit of 5mb.
2) Upload any PHP script that allows file uploads using html form posts.
3) Use the script to upload files... don't stop until the drive is full.
The files uploaded by the php script are owned by the "nobody" user, so the Cpanel quota system does not include them in the disk space usage calculation for the user. You can only see actual disk usage for a folder by clicking the "Disk Usage Viewer" utility in cpanel. If you rely on WHM or the "cpanel stats" quota system, then all the files uploaded by the php script will not be seen, and it's possible for any cpanel user to upload unlimited files with no way to know about it. Their account will never be frozen since they will never go over their cpanel account "limit".
If anyone knows about a solution to this problem, I'm interested to know what it is. We only became aware of this after seeing the daily backups for some accounts were very large, when the actual disk usage shown by cpanel for the account was very small.
Last edited: