Suspended account and Cpanel

[bear]

It happens to all hosts once in a while; you need to suspend a client for non-payment. Recently, I had an otherwise good client decide they could no longer pay for their hosting, but instead of telling me so we could work something out, they simply stopped paying. A shame, but it happens.
So yesterday, I suspended the account via Cpanel. What I hadn't remembered at the time was that this client had a daily cron job that would back up and mail (to me) her database. It was only this morning that I realized I hadn't killed this cron, and since it was listed in the server's crontab (which exists outside of cpanel), it kept running despite the account being suspended.

Now, I could have gone in through the shell and edited the crontab file, but if done wrong, bad things© happen. Instead, I tried logging into her cpanel using the regular login (hers) and it didn't let me in, as expected. Good.
Then, using her name and my reseller password, it still allowed access (as it would have when the account was 'live&#39, much to my surprise. This allowed me to kill the cron job from within cpanel.

Just another one of those tips to recall when dealing with clients and cpanel servers. Account suspension does not remove crons, but you can kill them after the fact if you need to. This is useful if the client has not paid, and you want to "motivate" them by not providing access to their files and db backups until they do...I mean...they should have a backup on their local disk too, no?

[PULSE]

Code:

Then, using her name and my reseller password, it still allowed access (as it would have when the account was 'live'), much to my surprise

You can always enter a clients cPanel using their username and your password (root or reseller). The only ramification is that it leaves behind a 'last log in' IP trail.

I'm in mid-process of terminating an account because when I recently moved from PLESK to cPanel, the guy wasted no time in using the ol' ~/username bandwidth work around. In my book, that's grounds for immediate termination. I'm giving the guy 48 hours to find a new host before I remove his account all together.

[bear]

Originally posted by PULSE@Feb 19 2004, 03:59 PM
You can always enter a clients cPanel using their username and your password (root or reseller). The only ramification is that it leaves behind a 'last log in' IP trail.

I was aware of this, but frankly wasn't aware that the cpanel would still be accessible after suspension. I only log into live Cpanels with the users knowledge anyway.

As for the ~user, are you sure it was intentional to skirt bandwidth logging? Could be an honest mistake. You can disable/enable this for just one user, but the way. On one server, we use this method for sharing an SSL cert, and only enable it on accounts allowed to share the cert.
In httpd.conf:
<IfModule mod_userdir.c>
UserDir public_html
UserDir disabled user1 user2
</IfModule>

This can also be done right from WHM, under Tweak security", then "mod_userdir Protection", IIRC.

[PULSE]

As for the ~user, are you sure it was intentional to skirt bandwidth logging? Could be an honest mistake.

Well, this is the second time that this client has called attention to himself. I have no problem with honest mistakes, but the path to the file he was accessing was conveniently changed right after he was moved to the cPanel server.

I want to give my clients the option of using /~username, it&#39;s a handy feature. I would rather not serve people who even entertain the idea of taking advantage of my services. All of my other clients are very honest people, he was becoming a bit of the black sheep.

[bear]

I&#39;d definitely agree on this one. If he changed it after the move, that&#39;s intent to steal BW. Get &#39;im.