cPanel is Not Linux, cPanel is Proprietary Software
I believe (from some very distant recollection) that the first time I used cPanel was in 2003 or 2004. Prior to that FreeBSD hosting was used for my personal site, but I had heard of cPanel and it sounded rather useful. It is written in Perl and it turned 30 just 2 weeks ago.
cPanel as a software (not LLC) isn't bad. I won't lie. Some things in cPanel I found very useful and I used cPanel extensively when I was a student. Some time around 2006 I used it less and less, even if it was generally 'there'... available in case command line-based server administration had a high learning curve.
It's fair to say I've used cPanel for 23 years (the software was first released in 1996) and still have it on about 7 sites. I'm no longer a 'cPanel guru' because I've not "kept up" with its features for many years and I generally dislike all the redesign and bloat they added to it (first it was not mandatory because there was a 'classic' mode, then they took away that mode).
cPanel nowadays feels like bloatware and I don't easily find my way around it (they're moved everything around).
That cPanel has security issues is neither new nor surprising. It's even less surprising these days given the bloating effect. The more functionality or the more lines of code get added to cPanel, the higher the risk of defects including severe security holes.
Connor Jones at The Register MS has just published this article entitled "Critical cPanel, WHM flaw probs exploited as 0-day, pros say". "For the uninitiated," he says, "cPanel and WHM are both Linux-based control panels. The former is used to manage websites, databases, file transfers, email configurations, and domains, while WHM is used for servers."
Calling them "Linux-based" is like calling WordPress "Linux-based". cPanel runs on top of systems, typically GNU/Linux systems like RHEL or CentOS. cPanel has no kernel, so it's not "Linux-based" and this sort of phrasing encourages a confusion, at the very least a baffling and misleading misconception.
As we sometimes say, as we have many times before, Microsoft money corrupts the press (the above publisher is controlled by a Microsofter now); the media wants us to think that anything not Windows or Microsoft is "Linux" - more so when it's in some negative context like a system breach (which may be due to some rogue WordPress extension, neither WordPress 'core' nor Linux... or PHP, MariaDB etc.) and it's not an accident.
"cPanel is proprietary software," a reader said, yet "the Reg tries to spin this as a "Linux" problem" (a topic we've explored a lot in past year).
So basically there's some proprietary piece of software with a bug in it. It is exploited before a patch is made available and because it is proprietary the users (or sometimes someone they collectively hire) cannot fix it themselves, they're at the mercy of some company that can exercise control over them (e.g. charge them more for a faster delivery of a much-needed patch).
The main lesson here is, proprietary has security problems. We'll say more about this in relation to the NHS in a separate article. █