NginxCP.com's Nginx installer for cPanel is modifying the server's signature...

fevangelou

Member
Oct 10, 2010
24
5
53
Athens, Greece
cPanel Access Level
DataCenter Provider
Twitter
I found out that the NginxCP.com installer is modifying the server's signature from "nginx" to "nginx admin".

A friend posted on their site and his comment was deleted.

If they "tweaked" the signature for some reason, they could have tweaked the entire installer to do other things too.

I'll investigate this further. Let's see what the NginxCP.com guy responds to this...
 

kernow

Well-Known Member
Jul 23, 2004
1,015
55
178
cPanel Access Level
Root Administrator
If they "tweaked" the signature for some reason, they could have tweaked the entire installer to do other things too.
At best your overly suspicious, at worst paranoid? There are several versions of nginx around, I see nothing wrong with changing nginx to "nginx admin" to reflect the version being used.
BTW I'm not involved with developing this version, just someone who uses this very helpful script.
 

fevangelou

Member
Oct 10, 2010
24
5
53
Athens, Greece
cPanel Access Level
DataCenter Provider
Twitter
@kernow It's a good practice that the server maintains it's correct signature for various reasons.

@all
Having searched a part of the files, I don't see anything suspicious, but then again, Python is not my programming weapon of choice...

Maybe a more experienced "eye" could have a look as well.

Having compared NginxCP's files with blargman's original installer, I can distinguish 3 things:
1) NginxCP offers a GUI
2) NginxCP treats subdomains & domains differently upon installation, compared to Blargman's script
3) NginxCP uses same versions for the side scripts used (e.g. mod_rpaf etc.), but some files (most are binary) are changed. This could be due to different "sub versions"... or something totally different.

Anyway, thought people should know. When you're installing any script on your server you always have to be careful not to open a backdoor anywhere and this is common sense, not paranoia. ;)