cPanel University?! You’re doing it all wrong!

Today I was minding my own business at my desk when I stumbled upon university.cpanel.net, a site which allows you to obtain “industry certification” for the cPanel Web Hosting Manager.

The first thing I did was check the date; It’s not April 1st. So I sat there stunned for a minute or two, wondering if I should laugh or cry.

Upon further inspection, it actually seemed to be true. You can now go and do an online course and become a certifed cPanel technician!

For anyone who has done business with us in the past, we don’t make too much of a secret that we don’t think too much of control panels such as cpanel or plesk. In fact, we’ve quite openly published our thoughts on this in the past.

That said, trying to think about this a little, I’ve got to ask myself the question — “If you’re building a web-based interface which is designed to allow end-users to control their web-hosting service, then surely expecting certification is doing it all wrong?

Whilst digging further, the actual value of this certification is admittedly some what questionable:

  • The first level testing consists of a total of 18 questions, takes 15 minutes and you need to get 15 of the questions right.
  • You can continue to re-take exams if you fail
  • They can’t actually supply any technical theory or text books
  • The advanced levels of training require you to be proficient in perl — surely if you need to use a programming language to configure your “easy-to-use” control panel, you’ve pretty much missed the point.

As we’ve discussed in the past — cpanel significantly and drastically reduces the barrier of entry to becoming a hosting provider. It allows people who would otherwise not be capable nor qualified to run a fully fledged hosting company and hide behind the pretty exterior of the cpanel user interface. This is scary. Why? some of the approaches and methods which are used by cpanel are considerably questionable.

Some of the observations which we’ve made include:

  • Installing cpanel is like a unix security evolutionary throw back. A newly built machine had an extra 12 processes running as the root user.
  • The security history is so poor that it has a “Scan for Trojan Horses” dialog page.
  • There is no inbuilt firewall management utility, yet it is quite keen to change handcrafted firewall rules added by hand
  • MySQL is compiled without SSL support
  • The update dialog page has people have to chose between 4 different update sources — instead of just one which works.
  • http is run as the nobody user
  • It entirely ignores the Filesystem Hierarchy Standard and stores most files under /usr/local/x
  • If you want to add an SSL certificate for a subdomain that isn’t configured, when you paste the certificate file in, cpanel will successfully parse the cert, extract the correct CN, and map it to the correct user. But when you then paste the key and submit, it’ll bomb saying the CN doesn’t exist. If it doesn’t exist, how did you manage to find a user???
  • It actually comes with /scripts/fix_common_problems

Having courses which explicitly train people up to this level and little further is, to my mind, a grave misgiving. It suggests that anyone can spend some coin on an online test and become sufficiently proficient enough to comprehensively run a entire web hosting company.

Speaking as someone who has had 7 years experience in this industry, providing web hosting services is more complex than simply doing a handful of online tests and installing some random piece of software; doing it well requires the backing of a intelligent, experienced and knowledgeable team of system administrators. Thinking that any piece of software can replace this is not only naive, but a school of thought which potentially leaves the web-hosting industry, as a whole, to be brought into disrepute.

2 Comments

  • harum says:

    True, cPanel makes server administration and account management easy by hiding technical details. But those details are merely hidden, they do not disappear. When there are problems, you still need to have troubleshooting skills. Moreover, cPanel has gotten more complex over the years and to *use* it proficiently is also a skill in itself.

    But aren’t most certification program created mostly to make money? 🙂

  • skiingsean says:

    Ever consider that the certification might be for the engineers that support the cPanel product, and not so much the End User?

    BTW – I too dislike control panels, but then again, i’m not in the business of webhosting/reselling.