acer2k

Well-Known Member
Nov 12, 2001
107
0
316
First of all..

I'm just wondering, how does everyone else do theirs? I mean, when you create an account on cPanel, you give it space and bandwidth. Say a user purchased 1GB disk and 50GB transfer. You setup their account with that. But they also will be a reseller. So you give them reseller permissions. But they can't do anything until you go in there and give them the options and stuff. But then that is where you limit the space/transfer on their reseller account. So you put in 1GB disk and 50GB transfer again. This means they have DOUBLE resources. How do you go about that? Also, what features/options do you give them in the reseller section?

Second and more importantly..

I have found some MAJOR issues involving cPanel and reseller accounts. I bought a small reseller account from someone, and they have the newest version of cpanel (6.0, but this works on all versions). I was able to create accounts under my reseller account with 10gb diskspace and 150gb transfer. I went to create an account, and where it lists my reseller account resources..everything is in the negative!!
 

SprintSlash

Well-Known Member
Jan 18, 2003
163
0
166
I think you can create accounts for as big as you want, since majority of your reseller's clients won't reach the limit they're assigned to. It's just that when the actual limits are reached, they won't be able to go over.
 

acer2k

Well-Known Member
Nov 12, 2001
107
0
316
No, you aren't understanding. When you give a reseller the 'upgrade/downgrade' freature, they can change their subaccounts to the largest package configured on your server and it will just make their resources go into the negative. But it still works fine! I've also found ways around the quota limit thing and all that. Gimme a 1mb reseller account on your server and I bet you I can end up with every last kb of space on your server!!
 

SprintSlash

Well-Known Member
Jan 18, 2003
163
0
166
Oh I see what you mean. I thought they already fixed the problem that resellers should only be able to see the packages they created (prefixed by their username).
 

hostcp3

Well-Known Member
Jun 18, 2002
156
0
166
Can you still do this even after restricting them to only use their own packages?

click the global restriction in setup and only allow packages to be used which are owned by this reseller.

have you set it up this way?
 

acer2k

Well-Known Member
Nov 12, 2001
107
0
316
Yes..it still lets you do that. You can't create an account with someone else's package, but you can modify accounts you've already created and change them to someone else's package. Try going to "Upgrade/Downgrade account" and it'll let you change to any1. Also..the Quota limit thing lets you change the quota and it doesn't even subtract from your reseller resources.
 

Website Rob

Well-Known Member
Mar 23, 2002
1,504
1
318
Alberta, Canada
cPanel Access Level
Root Administrator
The items brought up in this thread are not, problems with WHM. They are created through the method used by the ServerAdmin to setup Reseller accounts. Some know how to lock things down and some don't. In all cases though, there should be an understanding and a certain degree of trust, to not use what you have not been given.

As for going over limits and seeing/using other Reseller packages, I can guarantee you that it does not happen with my Reseller accounts -- and I doubt I am the only one with this setup.
 

acer2k

Well-Known Member
Nov 12, 2001
107
0
316
OK rob..lets find out. Gimme a free reseller account on your server..1mb diskspace and 1mb transfer. :) Well see if I can get past it :)
 

acer2k

Well-Known Member
Nov 12, 2001
107
0
316
You get the satisfaction of knowing your server really is secure and prove me wrong.
 

Website Rob

Well-Known Member
Mar 23, 2002
1,504
1
318
Alberta, Canada
cPanel Access Level
Root Administrator
The challange has been met and the info sent. Time to setup Reseller account (from scratch) was about 5 minutes. Details are a Reseller account with 1MB of Web Space & Data Transfer plus typical options I give to Resellers.

We shall see what we shall see. :cool:
 

rpmws

Well-Known Member
Aug 14, 2001
1,822
8
318
back woods of NC, USA
if you change the ownership of the resellers main account to his username won't WHM include what his package is using in his total?
 

Website Rob

Well-Known Member
Mar 23, 2002
1,504
1
318
Alberta, Canada
cPanel Access Level
Root Administrator
There is something wrong, but cannot track it down immediately.

Invalid method in request \x80F\x01\x03

Have no idea what that means, but is what shows in the error_log.

Let me try another Domain Name.
 
O

ozzi4648

Guest
Originally posted by acer2k
OK rob..lets find out. Gimme a free reseller account on your server..1mb diskspace and 1mb transfer. :) Well see if I can get past it :)
You would be the type of person that i would catch doing something like this once, and you would be history. Kaput!
 

acer2k

Well-Known Member
Nov 12, 2001
107
0
316
Well, I was gone all day. I just now got to test it..I created an account, and now the login information doesn't work again.
 

acer2k

Well-Known Member
Nov 12, 2001
107
0
316
no, I would never do something like this without prior permission from the server's owner. I am only doing this to prove a point, that cPanel isn't worth 1cent! It's highly highly to unsecure. PLESK is more secure than this.