Get free reseller access from any cpanel/whm based host
Nov 9, 2006 Tech
Before we start, i should say this isnt really a “legitimate” way of getting reseller access, more of a cpanel hack/exploitation, so as such i cant condone it 
So, i discovered this by accident, when i was checking out the reseller access option that my current host provides, it turns out that when using cpanel/whm to offer reseller access to your customers, cpanel keep the config in your “user settings dir” (lets call it that for now).
You dont have access to this directory yourself, only your host does, for example your homedir will be something like /home/username/ (where username is the username you use to login to cpanel) and you will have folders such as “.trash”, “ssl”, “tmp” & “public_html” (you may have more/less different folders than are listed here). your web accessibly files and folders will be in “public_html”. you dont have access to anything below /username/, but cpanel does.
Now there are two ways to do this, the manual way, which may not work depending on how big your site is or how your host is setup. or theres the “easy” way, which is a little more risky and involves using some “social engineering” (best way i could describe it) but theres a higher chance of it working. another thing i should say is theres more chance of this working on larger hosts that have lots of customers, that way they may not notice as quickly.
The first (manual) method:
Go into cpanel and generate a full backup, when the backup is generated, download it and extract it, keeping its folder structure.
Once you’ve extracted and opened the directory, you may see folders that you havent seen before, these are the settings that are kept in your “user settings dir” mentioned earlier. Now we are going to add “reseller access” to the backup. in your user settings dir create a directory called “resellerconfig”. in this directory you will create 9 files, that make up the settings for your reseller account. these files have no extensions (apart from one) First file to create is “reseller-limits”. you can use pretty much any text editor to make these files.
in this file type the following:
[source:c]username 0[/source]
replace “username” with your cpanel username.
the 0 means no limits.
The next file to create is “reseller-limits-bynumber”.
Leave this file blank for now.
Next, create the file “reseller-number-accounts”.
in this file type the following:
[source:c]username:0:[/source]
replace “username” with your cpanel username. The 0 specifies the number of accounts your allowed under your reseller account, 0 means no limit. The next file to create is called “reseller-resource-accounts”
type this into the file:
[source:c]username:,username_Single,username_new[/source]
this specifies the packages available on your reseller account, this is the default one, you can add more in cpanel later when you have access to the reseller part. replace instances of “username” with your cpanel login name. next create a file called “reseller-resource-limits”. In this file put this:
[source:c]username 1 bw=10000:disk=500:[/source]
replace “username” with your cpanel username. you can change the numbers to edit the amount of bandwidth and diskspace that is available to you. or it may be possible to change the 1 to a 0 to remove limits. next file to create isĀ ”resellers”. in this file put the following:
[source:c]username:add-pkg,allow-addoncreate,allow-parkedcreate,allow-unlimited-pkgs,create-acct,create-dns,disallow-shell,edit-account,edit-dns,edit-mx,edit-pkg,frontpage,kill-acct,kill-dns,limit-bandwidth,list-accts,mailcheck,mod-subdomains,news,onlyselfandglobalpkgs,park-dns,passwd,quota,resftp,show-bandwidth,stats,status,suspend-acct,upgrade-account,[/source]
This should all be on one line!
this file specifies what a reseller can offer to its customers, if you want to specifically allow something add ‘allow-’ infront of the name, if you want to specifically disallow something put ‘disallow-’ in front of the name. if the item is listed without an allow- or disallow- tag, it is allowed by default. replace “username” with your cpanel login name.
next up is a file called “resellers.chris”. im not entirely sure what this file does or wheather its needed, its probably best to create it anyway, but leave it blank. The Final file to create is “resellers-nameservers”.
In this file you specify the nameservers that you will use, these must be valid nameservers! you can usually just use your hosts nameservers (the ones you are using already) put them in this format in the file:
[source:c]username:ns1.mywebhost.com,ns2.mywebhost.com,,,[/source]
replace “username” with your cpanel login name, and change the name servers to your own.
Were nearly there now, not long to go!
ok, going back to the “homedir” now, create a file called “.whmtheme”.
in this file put and x and save it. (yes, just an x)
also in your homedir create a directory called “cpanelbranding”, and in that directory create a folder called “x”.
next, in your homedir create a folder called “cpanel3-skel”. this will be the “skeleton” of the accounts you will give to your customers, whatever you put in here, will be put in all new customers “homedir”, its wise to put folders such as “public_html” & “public_ftp”, just to make sure that nothing breaks and so your users know where to put things.
Once all thats in place, create a compressed backup of the directory, this should include the directory that holds the homedir. so for example you should add this directory to the archive:
(your backup name will generally be generated from the date/time it was created and your username)
for example if the directory holding the homedir is called backup-5.16.2005_13-16-53_username (where “username” is your cpanel username) then add that to the archive. (yes i know that sounds confusing).
e.g. backup-5.16.2005_13-16-53_username/homedir
If your doing this on windows, you’ll have to find someway of converting this to a .tar.bz archive, to make it a little more believable
Next, go into the backup section of cpanel and find the “upload a backup” section, browse for the archive file that was just created and click the upload button. depending on the size of your site, it may take a while and may even time out, this is because the archive is being uploade over http, and your host will mostl likely have a “script execution time” limit set which means if it takes too long to upload then it will fail. if this doesnt work you could always try the second method below.
And thats all there is to it Note that these instructions were based off settings on my own host, your host may differ in things such as directory / file names and paths. so if it doesnt work, that’ll most likely be why, you could always pay for the reseller access i guess, but then, you wouldnt be reading this if you were willing to pay 
Ok onto the Second Method:
This method is a lot quicker, easier and has more chance of working, since you will use files generated by your own hosts system. Although it is risky in the sense that its possible you’ll get found out easier. but if you think you can do it, lets go
Firstly you will have to find out if your host offers reseller access and how much they charge and if they’re willing to give you a ‘free taster’.If they do, thats good, contact them and ask them to setup it up for you, once thats done, you should see the reseller access icons in cpanel, have a play around if you want 
.
Now that your account has reseller access, go into cpanel and generate a backup of your whole account, this will generate a backup of all your files and databases including your reseller access config. once thats done download it and extract it, check to make sure the backup has the reseller config files in it by looking for a folder called “resllerconfig”, your host may use a different name, so look for anything thats reseller related
(if you can find anything, its possible that the generated backup did not include your recent account changes including the reseller config, the only thing i could suggest you do in this situation, is wait a day or so for cpanel to “catch-up”).
Once you’ve found its there you can delete the extracted files, but make sure you keep the compressed backup.
Next, contact your host and say you no longer want reseller access, if you do this straight away it may seem suspicious, wait a few days and then contact them. in the mean time you can play with your reseller access, test creating packages and limits etc.
So once you’ve contacted your host and had your reseller access removed, you’ll no longer be on thier billing system for added reseller access.
Now is where it starts to get tricky and a little risky, contact your host and ask them if its possible to upload a cpanel created backup into your home directory and have it restored to your account, if they allow it thats good, if that then there nothng you can really do about it, at least you have a backup of your site (if you switch hosts in the future and they use cpanel, you may be able to use if there if its accepted ) if the host says they will accept your backup, upload the one you downloaded a few days earlier, the one with the reseller access config files in.
Once this is restored to your account by your host, you reseller access will have returned, but because the billing system wasnt changed, you wont be billed for it, nothing bad will show up on a virus scan since your backup will be clean
It all depends on wheather the host accepts your backup and doesnt get suspicious like i said at the beggining of this little writeup, i discovered this by accident, i guess its a bug in cpanel/whm.
Disclaimer: you try these things at your own risk, i cant be held responsible if you loose your hosting account over this. im simply telling you how to do it, not forcing you too
When it “happened” to me, and i realised what had happened i cntacted my host a few days later to remove the reseller access from my account once again, just incase they found out a few months down the line and decided to charge me for the months that i had used it for
Enjoy :grinnod: