Full title: Lack of cPanel staffs response to client and general peoples questions causing frustration
Why? Well search on this forum...you'll find many threads like this: http://forums.cpanel.net/showthread.php?t=18511 where the lack of cPanel staff response and them just being overall hard to reach for non clients cause both clients and potential clients grief...even the proftpd developer expresses frustration with this:
When that post first appeared in the cPanel forums, a user
contacted me on IRC, asking if I had more details. I did not,
so I sought to contact the people at cPanel.
First, their website makes it incredibly hard to contact
_anyone_ unless you've purchased one of their contracts.
Attempting to send email to any contact address simply
resulted in an autoresponse saying to use a certain CGI form,
which of course would not work unless you supplied a valid
license ID. It took me about a week, with some help from the
user who had a valid license, to get in touch with a human there.
Once I had that, I asked about this vulnerability. I was told
that they could not provide details, wanting to protect their
customers. So much for responsible vendors. I then requested
logs, symptoms, descriptions, _anything_ that would help me to
duplicate whatever the problem was on my own. This went on
for another week or two while I pestered. Finally, I was told
that the engineer who knew the most would get in touch with me
-- once he returned from a few weeks of vacation.
So I waited. And waited. And waited. After a few weeks, I
start asking again. Still nothing. To date, cPanel has
provided absolutely _no_ useful details; they can't even
reliably reproduce the problem themselves, and so appear to
have only anecdotal evidence.
The _most_ I was able to get out of cPanel was a statement
saying they were going to put a [email protected] address on
their site, and a promise to respond to email sent to it
quickly. Too late to be useful for me.
At this particular point, I would recommend you to NOT use
cPanel, if at all possible. They are concerned primarily with
money, and will refuse to do *anything* unless you've paid
them. Even then, their service leaves much to be desired. As
for their demonstrated stance toward open source and
responsible disclosure, well...they don't seem to care. They
have, in my eyes, needlessly and irresponsibly smeared the
reputation of my project and offered nothing in return. I
leave it to you to decide if that's the kind of company and
people with whom you want to work.
Sorry for the long rant, but dealing with cPanel for the past
few months has been incredibly frustrating and irritating.
TJ
That comment by the developer was posted to the proftp-user mailing list in response to this thread: http://forums.cpanel.net/showthread.php?t=44820
I really hope cPanel cleans up their act and becomes more responsive with the help of their clients, potential clients and just answering everyones questions, especially when it's something important like that exploit or the password change flaw
Why? Well search on this forum...you'll find many threads like this: http://forums.cpanel.net/showthread.php?t=18511 where the lack of cPanel staff response and them just being overall hard to reach for non clients cause both clients and potential clients grief...even the proftpd developer expresses frustration with this:
When that post first appeared in the cPanel forums, a user
contacted me on IRC, asking if I had more details. I did not,
so I sought to contact the people at cPanel.
First, their website makes it incredibly hard to contact
_anyone_ unless you've purchased one of their contracts.
Attempting to send email to any contact address simply
resulted in an autoresponse saying to use a certain CGI form,
which of course would not work unless you supplied a valid
license ID. It took me about a week, with some help from the
user who had a valid license, to get in touch with a human there.
Once I had that, I asked about this vulnerability. I was told
that they could not provide details, wanting to protect their
customers. So much for responsible vendors. I then requested
logs, symptoms, descriptions, _anything_ that would help me to
duplicate whatever the problem was on my own. This went on
for another week or two while I pestered. Finally, I was told
that the engineer who knew the most would get in touch with me
-- once he returned from a few weeks of vacation.
So I waited. And waited. And waited. After a few weeks, I
start asking again. Still nothing. To date, cPanel has
provided absolutely _no_ useful details; they can't even
reliably reproduce the problem themselves, and so appear to
have only anecdotal evidence.
The _most_ I was able to get out of cPanel was a statement
saying they were going to put a [email protected] address on
their site, and a promise to respond to email sent to it
quickly. Too late to be useful for me.
At this particular point, I would recommend you to NOT use
cPanel, if at all possible. They are concerned primarily with
money, and will refuse to do *anything* unless you've paid
them. Even then, their service leaves much to be desired. As
for their demonstrated stance toward open source and
responsible disclosure, well...they don't seem to care. They
have, in my eyes, needlessly and irresponsibly smeared the
reputation of my project and offered nothing in return. I
leave it to you to decide if that's the kind of company and
people with whom you want to work.
Sorry for the long rant, but dealing with cPanel for the past
few months has been incredibly frustrating and irritating.
TJ
That comment by the developer was posted to the proftp-user mailing list in response to this thread: http://forums.cpanel.net/showthread.php?t=44820
I really hope cPanel cleans up their act and becomes more responsive with the help of their clients, potential clients and just answering everyones questions, especially when it's something important like that exploit or the password change flaw