security

cPanel, L.L.C. has released a security update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social...

Hey there! I would like to know what solutions there are to increase security on Linux servers and for malware or detection of possible vulnerabilities in the server does anyone know any effective solution? Thanks!:)

Is there a way within WHM or the command line to get a list of sites have Mod Security disabled?

Hello, I'm trying to block access to WHM for rest of the world accept me. After denying whostmgrd from Host Access Control for others, I see the "HTTP error 401" page with cPanel logo, but I completely want to deny access without even showing this. Is there a different way of accomplishing...

hi guys in wordpress show me this error message : "...Warning: get_loaded_extensions() has been disabled for security reasons in ..." What is the function that controls this library? surely there is something in php.ini that is disabled. What should be activated in php.ini?

I've become aware recently that one or some of the security measures which can be run through WordPress Toolkit may potentially interfere with the REST API. Here are the steps to reproduce it - we've now seen 3 new customers recently with random REST API errors, like posts not saving, certain...

Hello. I hope everyone is healthy and safe. mod_security keeps flagging the following activity as malicous. When I reported it to Amazon they forward to party doing the scanning and their response is that they are just looking for robots.txt. However the log, below, appears a bit more than...

Curious if perhaps the security advisor should be updated to be better integrated with imunify360? Just checking on things, I notice SA throws warning for No brute force protection detected Enable cPHulk Brute Force Pr Outbound SMTP connections are unrestricted. Enable SMTP Restrictions in the...

cPanel, L.L.C. has released a security update for EasyApache 4! If you have additional questions, feel free to reach out on one of our social channels. ea-apache24 EA-11157: Update ea-apache2 from v2.4.54 to v2.4.55 EA-11167: Patch to fix sporadic 500 errors with 2.4.55 – CVE-2022-37436...

OS CentOS v7.9.2009 STANDARD kvm cPanel Version 106.0.13 I have gotten some emails the: attached are messages from ⛔ New Security Advisor notifications with High importance What action must I take?

ErrorException shell_exec() has been disabled for security reasons in php disable function clean

Had two of these over 2 days now. Not quite as bad as the CloudLinux spam ones, but still annoying. I know these are EOL but I have things running that are not yet stable on PHP 8 so I need to carry on with 7.3/7.4 on certain accounts. I'm hoping the warnings won't be every day. I just wish...

Hello, I have a strange security issue. I have deactivated sshd service but cpHulk gave security me this message: A device at the “139.59.26.69” IP address has made a large number of invalid login attempts against the account “root”. This brute force attempt has exceeded the maximum number of...

After receiving some inputs here, I finally switched the server we had from VPS to dedicated server that can run on CloudLinux. I am currently finalizing the transfer and making sure that the server runs smoothly without errors. Overnight, I received email notification that said: This...

Hi, I have been running a security scan on one of my website. A scanner has found that issue: SSL/TLS: Renegotiation DoS Vulnerability (CVE-2011-1473, CVE-2011-5094) Summary The remote SSL/TLS service is prone to a denial of service (DoS) vulnerability. Insight The flaw exists because the...

Using CSF firewall, I'm aware it's a plugin and not a cPanel product but it suggests doing so, the question is, should I: Mail Check Check exim for secure authentication (if I require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the...

⛔ High Apache Apache vhosts are not segmented or chroot()ed. Enable "mod_ruid2" in the "EasyApache 4" area, enable "Jail Apache" in the "Tweak Settings" area, and change users to jailshell in the "Manage Shell Access" area. Consider a more robust solution by using "CageFS on CloudLinux". Note...

OS: CentOS v7.9.2009 STANDARD Virtuozzo cPanel Version: 106.0.9 Root access: Yes Logs: No idea what logs to provide Additional support: Have not tried to get support elsewhere. Since logins involve security, I figured this should go here. If not, please move it to the correct location. Thanks...

Mod Security 2.9.6 security update released. Is it possible to update Mod security from 2.9.3 to 2.9.6? it is necessary in order to update CRS to 3.3.4 https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/

Today, One of my client, was hacked in a very very disturbing way. Because of nature of this hack i do not want to post details here. Can someone contact me ? The hack is connected to filter email function.