The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security between CPanel users

Discussion in 'Security' started by txaggie, Feb 27, 2012.

  1. txaggie

    txaggie Registered

    Joined:
    Feb 27, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    I am administering a centOS server with WHM/Cpanel.

    Say like I have multiple individuals who have cpanel accounts that are connecting to the server and uploading code, etc. One of the individuals are not experts or even intermediate; they are loading up insecure code. Person B has sensitive company financial information stored via mysql, /home/ files (meaning files that aren't available to the internet), and php code that is fairly secure against outside threats (they're assuming that the server is secure).

    If the first individual's code becomes compromised, what is the chances that the attacker can get to Person B's databases, files, or other sensitive infromation via the server or any other way?

    In other words, do I have to provide virtualization between each instance of the cpanel users to protect against person b's information being compromised by person a? Or is WHM/Cpanel building up walls that isolates the damage an attacker can do?

    Thanks.
     
  2. minosjl

    minosjl Well-Known Member

    Joined:
    Jun 4, 2011
    Messages:
    168
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,

    Its depends on the level of hacking in your server. Basically you need to secure your server not in the account basis.

    Thank you.
     
  3. KostonConsulting

    KostonConsulting Well-Known Member

    Joined:
    Jun 17, 2010
    Messages:
    255
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    San Francisco, CA
    cPanel Access Level:
    Root Administrator
    Each account is generally isolated from each other using linux users. If your files and folder permissions are set properly, one user will not have access to another user's files even if their account is compromised. This is a requirement as if it were not the case, someone could sign up for a hosting account and then go around accessing other account owner's files.

    To add additional security, make sure that 'jail shell' is turned on for your users and that only accounts who require shell access have it.

    If you have a customer with very sensitive information that could be hugely damaging if compromised, you should encourage them to upgrade to their own VPS or dedicated server. Saving $20 a month to be on shared hosting is not worth the risk of losing your customers or company should something happen.
     
Loading...

Share This Page