Really no solution to limit cPanel access?!

[onklmaps]

We are a SAAS-provider, and will under no circumstances give our customers access to cPanel, ftp or database.

However, we love the automation in WHMCS, the way it sets up a cPanel-account, domain, installs our software, and e-mail.

 

I have successfully removed the "login to cPanel"-links, and also the "Change password"-link. (by adding a hook to remove sidebar-links).

I removed unwanted c-panel icons from the client area. (By editing theme file).

I disabled welcome-mail - to prevent the cPanel password to be sent to the customer.

 

I intentionally kept the "Quick-add e-mailaccount"-form and the link to webmail. That's really all the client needs to see..

 

HOWEVER, and these are important problems!:

1. If some of our more experienced users would write &dosinglesignon=1 while at Product Details-page, then they are magically redirected to cPanel.
   
2. If the same user writes #tabChangepw, he can easily change his cPanel-password so he can login.
   
3. I tried deleting the cPanel-password from the client details in WHMCS-admin. Still the user can both login and change password.
   
4. THE ONLY way I found that disables those features, is to remove also the cPanel username from the client/product-detalis in whmcs-admin, but offcourse, that also disables the ability to create e-mailaccounts, it prevents whmcs automation to suspend accounts when payment is not received etc.
   

 

Well... The options I have found so far aren't really secure at all

 

So... What to do?

[brian!]

on my way to bed, so this'll be brief - but surely 2 would be easily solved by either removing the tabchangepw code from the bottom of productdetails.tpl or, if only for cpanel, wrapping it in an if statement to hide it/display alternate message for cpanel users?

I deeply suspect 1 could be got around too...

[onklmaps]

Thanks again Brian

# 2 is solved like you said!

 

I'm starting to understand how configurable WHMCS is.

Now trying to fix #1