cPanel & WHM Version 98 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!
This object is in archive! 

Security audit of WHM and cPanel

a289 shared this idea 6 years ago
Not Planned

I saw in the latest TSR cPanel sent out that Rack911Labs had found multiple vulnerabilities, and I've seen them find other vulnerabilities in popular hosting software like CloudLinux and R1Soft's backup software. Maybe cPanel has already done this, but if not, I was checking out their site and saw they do security audits, and I was thinking you guys should have them audit all of WHM and cPanel to see what else they can find.

Best Answer
photo

cPanel already has a team focused specifically on the security of cPanel & WHM. If you check our past TSR releases you'll find that the majority of vulnerabilities in cPanel & WHM are identified by this team. Our internal team also identifies and fixes many vulnerabilities that are not listed in TSRs. We audit new major versions of cPanel & WHM before they are released to customers and correct many vulnerabilities while the software is still in development.


cPanel also runs a bounty program to reward security researchers that find and report vulnerabilities in our product. Our bounty program is very popular, has simple terms and pays rewards that are well above industry norms.

Replies (3)

photo
1

This should be a given. If security audits aren't already being performed then much of the Internet is a playground for targeting cPanel servers. The same is true if externally discovered vulnerabilities aren't being immediately patched.

photo
1

Yeah cPanel should be audited. As said by @kray a lot of servers run cPanel and we're vulnerable to automated attacks as soon as someone finds an issue.


My main concern about this is the cPanel team response time: They usually take months / years to fix any mess they found.

photo
2

cPanel already has a team focused specifically on the security of cPanel & WHM. If you check our past TSR releases you'll find that the majority of vulnerabilities in cPanel & WHM are identified by this team. Our internal team also identifies and fixes many vulnerabilities that are not listed in TSRs. We audit new major versions of cPanel & WHM before they are released to customers and correct many vulnerabilities while the software is still in development.


cPanel also runs a bounty program to reward security researchers that find and report vulnerabilities in our product. Our bounty program is very popular, has simple terms and pays rewards that are well above industry norms.

Replies have been locked on this page!