What are the risks of giving cPanel access to a total stranger?

**gemini181** · November 25th, 2008, 07:07

I am helping to design several contests for webmasters.
Many of the contests will be much more easy and convenient, if I can give temporary cPanel access to people. What are the risks of giving cPanel access to a total stranger on "standard" shared hosting?

I'm not asking "will they steal my files?" The question is more about the danger of hackers busting in to other users accounts on the shared host, and / or people running "bots" and other programs which send spam, or spike the server load.

(Just for example) If I set up ~20 new cPanel accounts, and make it pretty easy for people to enter the contests, then (in your opinion) are the chances "very high" that a spammer or hacker will cause trouble.

Thank you

**katiekitty** · November 25th, 2008, 07:26

yes, they can.
once they uploaded a shell script and if ur server is not that secured,
then u will have to say bye bye to ur server.

**Dynash** · November 25th, 2008, 07:46

Even if they paid you, there is the chance they will hack the servers, or install bots. You just have to secure your server as much as you can, and don't just give hosting to anyone.

**gemini181** · November 25th, 2008, 16:28

Originally Posted by katiekitty

yes, they can.
once they uploaded a shell script and if ur server is not that secured,
then u will have to say bye bye to ur server.

Originally Posted by Dynash

Even if they paid you, there is the chance they will hack the servers, or install bots. You just have to secure your server as much as you can, and don't just give hosting to anyone.

Good advice, thanks.

For the shell script they would obviously need root or ssh access, is this correct?

**Dynash** · November 25th, 2008, 16:32

Not always. PHP shell_exec for example, can be ran by the user in the browser.
If you follow the security protocol properly, or even get a professional to do it for you, you'll be safe. Hopefully.

http://uk3.php.net/manual/en/function.shell-exec.php

**Junhosting** · November 25th, 2008, 18:20

Oh So free webhosting are not safe?

**katiekitty** · November 25th, 2008, 20:55

honestly, even the cronjob can do the work if a person wan to hack the server

**JLHC** · November 25th, 2008, 22:17

Originally Posted by Junhosting

Oh So free webhosting are not safe?

Of course it is not. Anybody can sign up and get access to your server while abusing it. Maybe some hosting provider are successful with it but I don't see the viability of doing it (providing free hosting).

**ParadoxalThought** · November 26th, 2008, 15:01

You have to remember that nothing is completely secure and that there are always gonna be hackers around the Internet looking to destroy others' things.

**Jan** · November 26th, 2008, 21:19

Originally Posted by gemini181

What are the risks of giving cPanel access to a total stranger on "standard" shared hosting?

I wouldn't do it for anyone. A couple have asked for it when I have bought a site from them, but I just tell them to zip the files and email it to me.

**sellwhm** · November 27th, 2008, 02:00

Free Hosting can be safe to give away. Its just that you have to know how to properly secure your server. shell_exec is very easy to disable if you know what you are doing.

**shakir** · November 29th, 2008, 02:06

Originally Posted by Junhosting

Oh So free webhosting are not safe?

yh .. its not safe and also now hosting is very cheap pay little amount and keep your site in the safe place

**.Andy** · November 29th, 2008, 17:10

Its not safe ask them to give you the files as jan said in a .zip file and just unzip them use filezilla or another ftp program to easaly transfer the files.