Over the past month, Rack911 has been conducting a security audit of web hosting control panels, and they recently published their results on Web Hosting Talk. It was a very thorough analysis, and they found A LOT of room for improvement:
“It has been approximately thirty days since we started making a concentrated effort in finding security flaws in software being used by web hosting companies, and to say that we are shocked at what we found would be a huge understatement…To give everyone an idea of the numbers, we’re talking 43 security flaws in total with 25 different vendors of all commonly used web hosting software.”
These weren’t small bugs, either:
“Of the 43 security flaws that we discovered, 23 of them were root level flaws meaning that we were able to obtain the highest level of access possible.”
During this whole process, the Rack911 team got in touch with us when they found something in InterWorx, and we promptly fixed the issue and put out a release. They were very courteous and professional, and we can’t thank them enough for all the time and effort they put into their analysis and for their efforts to make the web hosting community safe. However, their reception from other control panel makers was apparently not as forthcoming:
“Unfortunately, not every company was as receptive as InterWorx. Their biggest competitor, cPanel, decided to take a more relaxed approach when it came to the same security flaw, and to this date still have not released a solution to address it. To add insult to injury, cPanel issued a statement to WHIR that frankly libeled us by stating that we stopped communicating with them regarding that flaw which is 100% false.”
At InterWorx, there is no such thing as a low-priority security bug. If you ever find a security flaw, file a support ticket and we’ll take a look ASAP.
We have a pretty good idea of how we stack up against cPanel and Plesk outside of this, but what do you think? Have you been surprised by a customer care experience with other control panels that’s like/unlike Rack911’s?