1. cPRex

    EasyApache 4 March 29 Maintenance and Security Release

    cPanel, L.L.C. has released a security update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social...
  2. D

    Security tools for Linux servers

    Hey there! I would like to know what solutions there are to increase security on Linux servers and for malware or detection of possible vulnerabilities in the server does anyone know any effective solution? Thanks!:)
  3. davetanguay

    How to Find Accounts That Have Mod Security Turn Off

    Is there a way within WHM or the command line to get a list of sites have Mod Security disabled?
  4. Ekushey

    Block cPanel and WHM access

    Hello, I'm trying to block access to WHM for rest of the world accept me. After denying whostmgrd from Host Access Control for others, I see the "HTTP error 401" page with cPanel logo, but I completely want to deny access without even showing this. Is there a different way of accomplishing...
  5. J

    get_loaded_extensions() has been disabled for security reasons

    hi guys in wordpress show me this error message : "...Warning: get_loaded_extensions() has been disabled for security reasons in ..." What is the function that controls this library? surely there is something in php.ini that is disabled. What should be activated in php.ini?
  6. C

    WordPress Toolkit security measure breaks WordPress REST API

    I've become aware recently that one or some of the security measures which can be run through WordPress Toolkit may potentially interfere with the REST API. Here are the steps to reproduce it - we've now seen 3 new customers recently with random REST API errors, like posts not saving, certain...
  7. J

    crawler looks malicious but attacker says not

    Hello. I hope everyone is healthy and safe. mod_security keeps flagging the following activity as malicous. When I reported it to Amazon they forward to party doing the scanning and their response is that they are just looking for robots.txt. However the log, below, appears a bit more than...
  8. R

    Security Advisors False Positives with Imunify360 Configured

    Curious if perhaps the security advisor should be updated to be better integrated with imunify360? Just checking on things, I notice SA throws warning for No brute force protection detected Enable cPHulk Brute Force Pr Outbound SMTP connections are unrestricted. Enable SMTP Restrictions in the...
  9. cPRex

    EasyApache January 19 Security Update

    cPanel, L.L.C. has released a security update for EasyApache 4! If you have additional questions, feel free to reach out on one of our social channels. ea-apache24 EA-11157: Update ea-apache2 from v2.4.54 to v2.4.55 EA-11167: Patch to fix sporadic 500 errors with 2.4.55 – CVE-2022-37436...
  10. L

    attached are messages from ⛔ New Security Advisor notifications with High importance

    OS CentOS v7.9.2009 STANDARD kvm cPanel Version 106.0.13 I have gotten some emails the: attached are messages from ⛔ New Security Advisor notifications with High importance What action must I take?
  11. H

    hell_exec() has been disabled for security reasons

    ErrorException shell_exec() has been disabled for security reasons in php disable function clean
  12. P

    New Security Advisor notifications with High importance - PHP 7.3 and PHP 7.4 reached EOL

    Had two of these over 2 days now. Not quite as bad as the CloudLinux spam ones, but still annoying. I know these are EOL but I have things running that are not yet stable on PHP 8 so I need to carry on with 7.3/7.4 on certain accounts. I'm hoping the warnings won't be every day. I just wish...
  13. T

    cpHulk security warning on deactived sshd service.

    Hello, I have a strange security issue. I have deactivated sshd service but cpHulk gave security me this message: A device at the “” IP address has made a large number of invalid login attempts against the account “root”. This brute force attempt has exceeded the maximum number of...
  14. Crimpshrine

    Security Advisor Notification

    After receiving some inputs here, I finally switched the server we had from VPS to dedicated server that can run on CloudLinux. I am currently finalizing the transfer and making sure that the server runs smoothly without errors. Overnight, I received email notification that said: This...
  15. amstel

    SSL/TLS: Renegotiation DoS Vulnerability

    Hi, I have been running a security scan on one of my website. A scanner has found that issue: SSL/TLS: Renegotiation DoS Vulnerability (CVE-2011-1473, CVE-2011-5094) Summary The remote SSL/TLS service is prone to a denial of service (DoS) vulnerability. Insight The flaw exists because the...
  16. H

    Security Check Advice

    Using CSF firewall, I'm aware it's a plugin and not a cPanel product but it suggests doing so, the question is, should I: Mail Check Check exim for secure authentication (if I require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the...
  17. S

    ⛔ New Security Advisor notifications with High importance

    ⛔ High Apache Apache vhosts are not segmented or chroot()ed. Enable "mod_ruid2" in the "EasyApache 4" area, enable "Jail Apache" in the "Tweak Settings" area, and change users to jailshell in the "Manage Shell Access" area. Consider a more robust solution by using "CageFS on CloudLinux". Note...
  18. J

    lastlogin not updating properly

    OS: CentOS v7.9.2009 STANDARD Virtuozzo cPanel Version: 106.0.9 Root access: Yes Logs: No idea what logs to provide Additional support: Have not tried to get support elsewhere. Since logins involve security, I figured this should go here. If not, please move it to the correct location. Thanks...
  19. C

    Modsecurity 2.9.6 [Fix Security]

    Mod Security 2.9.6 security update released. Is it possible to update Mod security from 2.9.3 to 2.9.6? it is necessary in order to update CRS to 3.3.4
  20. M

    New very dangerous security bug/feature in cpanel filter function

    Today, One of my client, was hacked in a very very disturbing way. Because of nature of this hack i do not want to post details here. Can someone contact me ? The hack is connected to filter email function.