Don’t let fake cPanel licenses ruin your business. Fraudsters are on the rise, targeting both Partners and end-users. In this blog, we’ll expose their tactics, provide tools to protect yourself, and guide you toward legitimate licensing solutions. It’s time to take a stand against fraud and ensure the security and integrity of your cPanel environment.
Warning Signs
Do you ever encounter pricing for a high cPanel license tier that seems almost too good to be true? Do you attempt to contact your license provider for cPanel troubleshooting only to get the run-around? Does your license provider or host need to frequently “replace” the installed cPanel license on your server? These are some indicators of red flags with fraudulent retailers.
Fraudsters will also claim that they are using a “GPL” version of a cPanel license to back up their false claim of legitimacy. GPL stands for General Public License, a license type that allows users to copy, modify, and otherwise share applicable software for distribution as they see fit. To be clear, there are no GPL versions of cPanel & WHM.
The Risks
Due to how cPanel’s licensing system functions, fraudsters need to go to great lengths to “crack” the mechanisms we have in place by configuring license circumvention scripts and software. This software is installed at the root level and almost always contains additional backdoors. Independent security investigations have found known compromises related to these licenses.
Because these licenses also try to evade our licensing servers, they often will not receive important updates containing vital security patches. This can leave your server and website vulnerable to third-party exploits.
In the event a user of a circumvented license reaches out to cPanel support for assistance, unfortunately, we must consider the associated server as root compromised, and we will not be able to provide support. The only actions that can be considered to address a root compromised server reasonably are to perform a fresh Operating System and WHM/cPanel installation and restore account backups, or to migrate the accounts to a known clean server that has not been previously root compromised.
Is My License Legitimate?
You want to believe you can trust a vendor, but if some of the red flags we outlined above sound all too familiar then you need to verify claims that the license you purchased from them is legitimate. Fortunately, verify.cpanel.net is free and easy to use at any time.
How to verify a license
- Navigate to verify.cpanel.net
- Input your server’s IP address and click “Verify License”. If you do not know your server’s IP address, access your server via terminal and run the following command: curl -L https://cpanel.net/myip
- A legitimate cPanel license will appear like this:
- A license purchased directly from the cPanel store, with an “Active” status:
- A license purchased via a verified Partner (in this example, Siteocity), with an “Active” status:
- A fraudulent license will appear like this:
Or, sometimes using an inappropriate license type such as:
A note on DNSOnly licenses
The cPanel DNSOnly license type is for the creation of dedicated nameservers and can replicate DNS zones to create a DNS cluster with other servers. This license type is not intended to serve actual website data and therefore, cannot be used to create cPanel accounts. Fraudulent license providers often circumvent our licensing system with the use of cPanel DNSOnly license types.
What Do I Do Now?
As previously mentioned, we consider any servers the fraudulent licenses are associated with as root compromised. Firstly, you must procure a new server to prepare for a migration of your cPanel/WHM server data. If you also purchased hosting services from the same vendor of the fraudulent license, cPanel has a directory of verified Partners with a variety of hosting options to choose from.
These verified Partners will also bundle cPanel & WHM licenses with their hosting services. Alternatively, purchase a license directly from store.cpanel.net if you are self-hosting.
With a new server and valid license in hand, it is time to migrate your website data to your new server. If you still have access to the old server with the license intact, you can utilize Transfer Tool to automate the migration.
If you find that the circumvented license is non-functional, sites and configuration files will need to be migrated manually. We have guides available to help you in the manual transfer process, using either cpconftool script or using pkgacct and restorepkg.
A Helping Hand
If you have any questions about cPanel licensing, feel free to reach out to one of our verified Partners through our PartnerNoc directory, partnernoc.cpanel.net. Alternatively, contact cPanel Customer Service directly.
By staying informed, using the tools provided, and working together, we can protect our businesses and ensure a secure cPanel ecosystem for all.
