I looked at Engintron more closely today. What it says it does looks useful, but looking at the script itself raises a few concerns. There’s a lot of “wget –no-check-certificate” happening in it, which is often a warning sign, but then I noticed that in the function used to install the “ui”, it basically disables cPanel’s AppConfig. For “compatibility with newer versions”, instead of actually learning to register with appconfig, it changes a cPanel setting so that it allows unregistered things to run as root. So not only does the plugin not register itself correctly, it without even warning of it disables checking anything else. That seems very “strange” to me. I was hoping that after they fixed the open proxy issue that it would be mostly-fine–that maybe that had been a one-off issue they had forgotten or didn’t know how to check–but it looks like security might not have even entered their thought process in the first place.
I probably should submit bug reports for these things, but if their first response to a new security feature in the panel interfering with their plugin is to disable the security feature (rather than learning how plugins are supposed to work with the feature) I don’t exactly feel confident that they’d bother to fix it.
I’m kind of disappointed. It sounds like a lot of the features would be very nice, and could be better than the other ones I’d heard of so far, if it didn’t have this problem (and “polished” a few other small things to not require manual configuration).
I’ll definitely want to look more closely at nginxcp before trying it again too, in case it has any hidden “surprises” too.