The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Unhappy with EULA

Discussion in 'Security' started by John Nagle, Jan 12, 2012.

  1. John Nagle

    John Nagle Registered

    Joined:
    Jan 12, 2012
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I just ordered a new server from Codero, and on initial startup, was faced with CPanel's EULA. The EULA contains the terms:

    This is totally unacceptable. It implies that CPanel has a secret backdoor into a large number of servers. This doesn't seem to be widely known, so I've sent off copies of these EULA terms to some prominent security researchers and blogs.

    Of course, as soon as I read that, I answered "No", and rejected the EULA. I'll now have to have the server re-installed without any CPanel products.

    CPanel was once a useful product, and the 5-year old version I had on another server was quite useful. But with a backdoor like that, CPanel, Inc. can no longer be trusted for dedicated servers.
     
  2. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    The clauses that you mention refer to some anonymous usage data that we collect. The sole purpose of this data collection is to see what parts of our product our customers are using the most. We do not collect lists of domains, or data from domains, or mail from the server, or any other kind of information. We do not have a backdoor into the server. If you contact us for support, and we log into the server, we use only SSH and WHM, just like you would. We have no backdoor or other means to access the server, and we would never log in via SSH or WHM without your permission. In fact, once a ticket is completed and closed, the server passwords are automatically removed from the ticket.

    The component that collects the usage data is open-source. We want you to see the data we are collecting; there is no secrecy intended. The data that we collect are stored in files named icFAA in each cPanel account's .cpanel/nvdata directory. icFAA stands for "I see Frequently Accessed Areas". Again, the only reason that we do this is to see what areas of our product people are using the most, which helps us to know what areas to concentrate development effort on. We do not collect any other type of data from your server.

    To give you an example, here is an icFAA file from a test account on a test server:

    Code:
    # cat /home/cpanelte/.cpanel/nvdata/icFAA 
    {"filemanager":1,"mysql":1,"userfiltering":2,"spamassasin":2,"dfiltering":1,"hd":1}
    You can completely disable this data collection by clicking Main >> Server Configuration >> Tweak Settings and un-checking the box for Send anonymous usage data to cPanel. This will completely turn off the usage data collection, and it will never be enabled again unless you choose to do so. It is completely your choice not to participate in this anonymous system.

    The only other reason that your server would connect to our servers, except to update the cPanel software, is to verify and update the cPanel license. This is mentioned by another clause in the EULA that you mentioned, and it is correct that your server must be able to connect to our license servers. The purpose of this is only to make sure that the server has a valid license and is not used for any other reason.

    Again, there is no backdoor in cPanel. We do not access your server without your permission and we have no way to get any data from your server, except to verify the license, and to get anonymous usage data only if you choose to participate. Language files are also mentioned in the EULA; this is again to know what our customers are using, so we can focus our development on those areas. The EULA is written to make sure you are aware of this, but it is not meant to imply that we have built any kind of backdoor into cPanel.
     
  3. John Nagle

    John Nagle Registered

    Joined:
    Jan 12, 2012
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Your contract says one thing, and your support person says another. I have to go with the contract language here in judging the intent of your company.
     
  4. cPanelAP

    cPanelAP cPanel Chief Business Officer
    Staff Member

    Joined:
    Sep 24, 2001
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    John,

    I posted a reply in our ticket system to see if you wanted to schedule a call. Just so we are on the same page with the EULA.

    cPanel Data is defined as the following:


    1.6 “cPanel Data” means all data collected by cPanel in connection with the use of the Software by You or any Third Party Users, including (a) the licensed or unlicensed status of the Software; (b) the source from which the license for the Software was obtained (i.e., cPanel or a cPanel affiliate); and (c) information about the server upon which the Software is installed (including the Licensed Server) including (i) the public IP address, (ii) the operating system and (iii) the use of any virtualization technologies on such server. Additionally, “cPanel Data” may also include information collected by cPanel from time to time concerning which features of the Software are most often used in order to improve and make adjustments to the Software.

    I look forward to talking to you.
     
  5. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    983
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    John, as a long term cPanel client I can verify that cPanel doesn't actually collect any sensitive information from our servers. There are many scripts which you can use yourself to monitor the server and see what type of information is collected, and transferred to cPanel.
     
  6. nibb

    nibb Well-Known Member

    Joined:
    Mar 22, 2008
    Messages:
    301
    Likes Received:
    1
    Trophy Points:
    18
    There is a point about this. What if you spend hundreds of hours translating or creating your own locale? Now cPanel gets them for free?

    How is this any competitive advantage? You spend thousands of hours and money by paying someone to translate them and now and suddenly cPanel gets this for free and your competition benefits from your hard work? Don´t get me wrong. cPanel is not the competition but if they provide your translations and locale for free to others I see a legal loop here.

    Other companies pay your for translations or cannot use them if its your work without authorization.

    Why would I spend thousands of dollars fixing something and others get them for free without paying a dime?

    Not to mention I paid hundreds of bucks to a designer for icons and custom skins. Now all of this gets cPanel for free?
     
  7. cPanelAP

    cPanelAP cPanel Chief Business Officer
    Staff Member

    Joined:
    Sep 24, 2001
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Please refer to the reference made in Section 3.6.

    License to Language File Modifications. In order to improve the Software, cPanel may from time to time collect language file modifications from Licensed Servers. If You do not wish for language file modifications created by You to be collected and used by cPanel, You may check the checkbox next to “Do not send language file changes to cPanel” in the “Tweak Settings” area of WebHost Manager. If You do not make such an election within 15 days of installing the Software, cPanel may incorporate Your language file modifications into the language files distributed by cPanel with the Software or other cPanel products. In such an event, You hereby grant to cPanel a nonexclusive, irrevocable, royalty-free, worldwide, fully sublicensable and transferable right to distribute, reproduce, publicly display, create derivative works based upon and otherwise use the language file modifications to improve the Software or other cPanel products and services; provided, however, that (a) cPanel will not sell, share or otherwise distribute the language file modifications to third parties, except in connection with improved versions of the Software or cPanel products and services and as otherwise permitted in this Agreement; and (b) to the extent cPanel discloses the language file modifications to third parties, cPanel will not link the language file modifications to any user or account inan identifiable way.

    Not to mention I paid hundreds of bucks to a designer for icons and custom skins. Now all of this gets cPanel for free?


    Our EULA doesn't have mention of utilizing your icons or custom skins.

    Please review and if you have further questions, I would be glad to answer them.
     
  8. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    You can disable this in tweak settings:

    Send language file changes to cPanel
     
  9. MAKARO

    MAKARO Registered

    Joined:
    Sep 22, 2009
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Send language file changes to cPanel, enable by default :(, why not set off by default? if user want to send language file(s) to cPanel they can enable that.

    really disappointed
     

Share This Page