Resellers on your server can have unlimited bw and diskspace.

It seems like any reseller can easily use unlimited bandwidth and disk space, regardless of what limits are specifie in the reseller center?

It's simple:

1. Log into WHM as root and create a reseller account.

2. Log into WHM as the new reseller and a new cpanel account with unlimited disk space and bandwidth.

4. Now you can upload unlimited files to the new cpanel account, and it has unlimited bandwidth.

Am I missing something here?

 

Yes, but those limits are useless (not used) except when the reseller is actually creating a new package, and only if you have not allowed overselling.

So even if you set a limit of 1gb disk and 10gb bw... the reseller is still able to create an "unlimited" package and then upload unlimited amounts of files and use unlimited amounts of bandwidth. (Assuming you have checked the "allow overselling" boxes.)

The only time those values are used is when/if the reseller actually creates a new account. Then the WHM process checks the total usage and compares it to whatever limits you have specified.

So my example still stands. Even if you have set a limit of 1mb disk and 1mb bandwidth.. I can easily create an unlimited usage account on your server. (If you allow overselling, which most people do.)

 

Either way is the same. As long as the account has "unlimited" as the disk space limit and "unlimited" as the bandwidth limit...

... then the account has no limits. (ie: "unlimited")

Your thoughts?

 

Account Information

• List Accounts
• View Account Bandwidth Usage

Account Management

• (Un)Suspend
• Change Passwords
• Create
• Edit MX Entries
• Manage Frontpage®
• SSL CSR/CRT Generator
• SSL Site Management
• Terminate
• Upgrade/Downgrade

Dns

• Edit
• Park

Packages

• Add/Remove
• Edit

Troubleshooting

• Troubleshoot Mail Delivery

cPanel Management

• News Modification

Accounts

• Prevent Accounts from being created with shell access

Package Access

• Allow the reseller to use all global packages (global packages are any packages without a "_" in them)

Packages Creation

• Allow Creation of Packages with Addon Domains
• Allow Creation of Packages with Parked Domains
• Allow Creation of Packages with Unlimited Features (ie. unlimited pop accounts)

Account Management

• Account Modification (warning: this will allow circumvention of account creation limits, give shell access unless explicitly disallowed, dedicated ips, etc)
• Bandwidth Limiting Modification (Warning: This will allow circumvention of account package limits if you are not using resource limits)
• Quota Modification (Warning: This will allow circumvention of account package limits if you are not using resource limits)

Please note that being able to specify a limit of 999999999999mb is essentially the same as "unlimited".

 

The reseller can still create a package with diskspace and bw limits of 999999999999999.... and that is basically unlimited usage.

So removing Account Management permissions does not fix this problem.

 

Sure, except that makes it pretty difficult to offer any kind of competative reseller plans....

Just for your info, we actually do not oversell. We *do* have the "allow overselling" checkbox enabled for our resellers. However, as the server owners, we don't actually oversell our own diskspace which we've alloted to them in their reseller resource allocation limit.

But asking our resellers to not have overselling capability is not a good solution in todays very very competative hosting market.

I think if you did a quick survey of cpanel reseller settings, you'd find the vast majority of resellers have oveselling enabled.

So that makes your solution pretty difficult to swallow.

Any other ideas? Is cPanel going to implement some kind of monitoring feature so that admins/resellers can at least receive an email if the reseller is going over their disk/bw limits? Surely it can't be that difficult to do this, since you already do a disk/bw check for individual cpanel accounts. Why not just add up all disk/bw usage for each reseller account and do the same thing for resellers?

Otherwise.. we wind up with some reseller using up a huge amount of disk or bw and there is no way to know until server reaches its limits... and even then we must manually go through every reseller account stats page to see what is being used.

Let me know if cpanel is planning this.

 

That won't work.

As long as the "allow overselling" checkbox is checked in the reseller's resource limits... the reseller can create a cpanel account with practically unlimited diskspace and/or bandwidth.

My point is that this isn't good for any server owner, because there is literally no way to prevent your reseller from using ALL your server diskspace and/or bandwidth unless you:

1. Do not allow overselling. (ie: Do not check the "allow overselling" checkboxes.)

- or -

2. You manually monitor every reseller's disk and bw usage.. since cpanel is not capable of doing this automatically. (This won't actually prevent the reseller from using all your diskspace or bandwidth, but it will allow you to see if they are being bad and using more then you have alloted for them.

Here is a challenge for anyone who doesn't believe me:

- Create a normal reseller account on your server, just like it was for normal. Make sure it has disk space and bw overselling enabled.

- Send me a PM with the reseller WHM un/pw and I will create an account with practically unlimited diskspace and upload huge files to the server, so that you can see for yourself that this is possible.