If you’re one of the more fortunate ones that has not been exposed (in all meanings of the word) to Zamfoo, it’s a suite of plugins that integrates with cPanel/WHM to add additional account management functionality for “easing the burden of web hosting providers” [SIC]. And by “easing the burden of web hosting providers”, it really means letting people have root access to your server because Kevin Quinn is too lazy to write a decent application. I don’t know about you, but I often stay awake at night wondering how I can expose my customers to severe and unnecessary security risks, because there just isn’t enough of that on the Internet already.
In case Mr. Quinn removes the install script before you get a chance to lol, don’t worry. There’s an online installer that is just as legit. Seriously. You’re going to need to change your shorts for this one:
All the while I was thinking: Ah, yes. Let me go ahead and put my ROOT credentials into this unencrypted PHP web form that’s nested into a TikiWiki installation. And good thing special characters in the root password might be a problem for this totally professional means of installing a server application. That means I can finally pick a root password that I can actually remember without wasting grey cells #YOLO.
Ok, all sarcasm aside, Zamfoo is among the biggest stagnant cesspool of shi*ty coding clusterf*ck I think the modern hosting industry has ever seen. And Kevin Quinn‘s people skills are just as competent as his coding (and his grammar for that matter, because English is hard), to say the least. Because when reputable security companies inform you that your software is rootable, a responsible developer completely ignores it and threatens legal action, right?
Zamfoo sucks and you shoudn’t use it.
As a people, we must stand together and not be part of this. Uninstall Zamfoo, grab a beer, and send Kevin an email to let him know how big of an a**hole he is for letting this debilitated piece of crap exist on the Internet.
PS: Oh, and this is for you Kevin.