A-Squad Certified Secure cPanel Hosting

mod_php "nobody" Exploit

You are executing as the nobody "god" user probably because you are using mod_php. Allowing different unprivileged users to execute arbitrary code as a common user is bad. Why? If you are the administrator of the server, it makes it more difficult to track which of your users are running programs that are grinding away the CPU or who is spamming or who filled up your /tmp partition with 800 GIGABYTES of MP3s, porn, warez, etc. If you are the user, it means that other unprivileged users on the system can execute AND VIEW SOURCE CODE of your all your programs and included files within your directory that need to be run as this common user. How can you stand to have a site hosted on a server like this?
NOTE: All the following issues are easy to fix by simply switching from mod_php to mod_phpsuexec.
Example 1: If you want to use any MySQL databases from within a PHP script, everyone else will know your username and password and database name and will be able to execute aribitrary SQL on any of your tables within that database. Hopefully, you don't have anything important in there.
Example 2: If your PHP script needs to write to any file (maybe a flat file database or HTML file like a blog or guestbook) then everyone else must also have rights to manipulate that file in any way they please without your permission. Hopefully, you're backing up your files every few seconds anyway so you can always revert back if someone decides to mess something up.
Example 3: Anyone can store an unlimited amount of data without effecting his quota. Not particularly advantageous to anyone unless that user is supposed to restricted to only 100 GB of quota or less.
Example 4: Any user must have the ability to send out emails without knowing where it came from on this machine. I sure hope you don't get your IP blocked because someone else on your machine sent out millions of illegal spam messages or phishing scams and noone can figure out which user they came from.
Example 5: Any methodology of allowing the nobody user to suexec as another user must expose the risk of allowing any user to execute arbitrary code as any other user. And if there DOES NOT exist a way to allow execution for at least its own user, then the user is forced into using this insecure environment without any choice. Either way, you're screwed.