Webdude
09-03-2008, 12:58 PM
Subject: cPanel License Transfer Policy Update
You are receiving this communication because you are listed as the billing contact for Optiquest Internet Services Inc.
As of October 1st, 2008, cPanel will no longer be checking with any companies holding a prior license for an IP address when that IP is licensed at a new provider. If an IP is currently associated with a license on your account and a new license for that IP address is issued, the old license will be deactivated so that you are not being billed for inactive licenses. We will continue to manually review each transfer to deter fraud and abuse.
Since cPanel is not privy to our patner's billing records, we are unable to make a fair determination of account status when transferring licenses. Our legal counsel has advised us that it is not in any party's best legal interests for this type of information to be shared as it would create significant liability on all partners and cPanel.
We understand that this policy change may cause an inconvenience, however we believe this is a necessary change to protect all parties.
Thank you for your understanding,
Dave Koston
VP of Operations
cPanel
dave@cpanel.net
713.529.0800 x4004
Wait... So you going to allow license "slamming", like the long distance companies used to do to customers on phone service? If licenses for IP's we own and provide to customer servers get slammed, I think we will have issues with this.
So to cause a problem, all I have to do is go add an IP in the admin, apply a license to it... And the current ownership of that license is auto transferred. Then I can effectively shut the server down by disabling the license. Wow. Doesn’t seem like a very wise move, especially if a hacker gains control of a reseller's admin interface and the reseller doesn’t know it. Sounds like a recipe for disaster. Seems like you are doing some cost cutting or workload cutting at the detriment of security.
I realize there are measures in place, such as only allowing certain IP's to access the admin. However, there is no guarantee all companies use it, and even then, any good hacker knows how to forge ip's. This most certainly has me concerned. All it would take it a partner account to be comprimised to potentially affected hundreds or more servers, thousands if not caught in time. What a messy cleanup that would be...
Hope I'm wrong, but if I'm right, I hope they change their minds.. but this is how it read to me when I saw it.
You are receiving this communication because you are listed as the billing contact for Optiquest Internet Services Inc.
As of October 1st, 2008, cPanel will no longer be checking with any companies holding a prior license for an IP address when that IP is licensed at a new provider. If an IP is currently associated with a license on your account and a new license for that IP address is issued, the old license will be deactivated so that you are not being billed for inactive licenses. We will continue to manually review each transfer to deter fraud and abuse.
Since cPanel is not privy to our patner's billing records, we are unable to make a fair determination of account status when transferring licenses. Our legal counsel has advised us that it is not in any party's best legal interests for this type of information to be shared as it would create significant liability on all partners and cPanel.
We understand that this policy change may cause an inconvenience, however we believe this is a necessary change to protect all parties.
Thank you for your understanding,
Dave Koston
VP of Operations
cPanel
dave@cpanel.net
713.529.0800 x4004
Wait... So you going to allow license "slamming", like the long distance companies used to do to customers on phone service? If licenses for IP's we own and provide to customer servers get slammed, I think we will have issues with this.
So to cause a problem, all I have to do is go add an IP in the admin, apply a license to it... And the current ownership of that license is auto transferred. Then I can effectively shut the server down by disabling the license. Wow. Doesn’t seem like a very wise move, especially if a hacker gains control of a reseller's admin interface and the reseller doesn’t know it. Sounds like a recipe for disaster. Seems like you are doing some cost cutting or workload cutting at the detriment of security.
I realize there are measures in place, such as only allowing certain IP's to access the admin. However, there is no guarantee all companies use it, and even then, any good hacker knows how to forge ip's. This most certainly has me concerned. All it would take it a partner account to be comprimised to potentially affected hundreds or more servers, thousands if not caught in time. What a messy cleanup that would be...
Hope I'm wrong, but if I'm right, I hope they change their minds.. but this is how it read to me when I saw it.