How cPanel is Addressing Backup and Transfer Security Concerns
- June 4, 2013 12:00 pm
In recent days, it's been reported that there are security concerns around cPanel's transfer and backup systems for root users. The major problem that cPanel mentions relates to users restoring data from unsecured or untrusted sources. Despite warnings from cPanel to discourage this practice, users are still restoring their data using unapproved third-party packages.
Ever since feedback within the web hosting community brought this issue to light, cPanel has admitted that this is a more common practice than they first realized. As a result, cPanel developers are working on an immediate update. This update will warn users that using packages from untrusted sources is ill-advised within the current system they are running. At the same time, cPanel has also launched a high level project to design an alternative system that will allow root users to use backup packages from so-called "untrusted" sources.
A cPanel Project Manager named Kennith issued a statement in a recent blog post that explains in more detail what cPanel hopes to achieve with the new system. The goal is to allow a safer "limited" sub-set of data in the system restore that will not compromise the overall security. Kennith specifically states "The primary goal of the new restore tool will be to prefer the security of the restore over replication integrity. We will endeavor to provide as much of the current restore functionality with the new untrusted account backup package restore tool as possible. During the new transfer and restore process, you will be able to clearly select which system you want to use (trusted or untrusted) to restore an account backup package".
While cPanel has mentioned they are addressing the issue, some critics feel they are not doing enough. At HostPapa, our opinion is that the best approach root cPanel users can take in the meantime is to safeguard themselves. The easiest and most logical option is to not use untrusted backup packages from external sources.
Some web hosting providers offer a backup service that is both trusted and which works well with cPanel. HostPapa is no exception: Our Automated Website Backup is not only safe and secure to use with your HostPapa account; it's also easy to set up! Inquire with your hosting provider for an online backup service, if you are not sure if they offer one. It is usually a nominal monthly fee and you will have peace of mind that your website data is secure.
- Travis M.
HostPapa Account Services
Technology news is my niche!