Hackers can get a list of users in /var/cpanel/users/ using
CAT command in a PHP script.
After they can change all pages INDEX of all sites using a simple
PERL script.
The other method used by hackers is running the FIND command to find all index pages in home partition.
To have better security, I would consider enabling SuPHP (and using this for the PHP handler instead of DSO). To make SuPHP available you would need to run EasyApache again and select SuPHP in the build options, then you could use WHM to switch from DSO to SuPHP.
Without SuPHP, PHP scripts that are exploited will run malicious scripts as the Apache user/group "nobody" and this includes the potential for Perl scripts to be executed.
With SuPHP, PHP scripts run as the user that owns the Virtual Host serving the request, so that if the user's PHP scripts are exploited and a malicious script attempts to run, it can only run as the regular user and not as the shared Apache user/group nobody, decreasing the potential for widespread damage.
Not hard to do . Only allow 8 charachter alphanumeric paswords where at least half the charachters are letters and secure DB access to a limited few. Corporate servers do it all the time.
But we have to be realistic a lot of these operators are amateurs when it comes to security
Where there is a will there is a way.
Where there is a will there is a way. LMAO amen Bro