This is not meant as a complaint as we have been long time users of PHPADSnew (PAN)and love it. As with any piece of online software, it is hackable. To decrease the risk of lost of data for the rest of our domains, is it correct to assume that if we install and run PAN on a separate domain with a new account created (using WHM) solely for this particular domain, if it is hacked, it will only affect PAN and our other domains (even though they are on the same physical server), will be left untouched?
Not sure how PAn can be hacked but I am thinking that configuring CPanel to only allow locahost can help minimize the risk. Anyone with thoughts abotu PAN and how to make this great piece of software more secure?
... it will only affect PAN and our other domains (even though they are on the same physical server), will be left untouched...
I would think that is a very naive way to think about "security".
It "may" be different if you put the software on another server (physically).
In short, PAN, because it's highly used and liked by many, hackers will try and exploit it. As I mentioned, I am not complaining but trying to come up with real world fixes which can benefit everyone who uses PAN. So I am not sure what you mean by the naive comment. Can you elaborate and perhaps share a non-naive way to secure up PAN?
A common security mistake most people make is to use their FTP username/password to connect to their MySQL database. In cPanel hosts, a MySQL user is automatically created with your account that allows you to do this. The smarter thing to do is to make a new user with a different password for your MySQL database. This way, if the script is compromised and your login details are revealed, the damage will be limited to your database (which you should be making backups of anyways).