Ok, well thank you for the clarity. Even though the clarity does reveal more flaw, glad to hear a case is open to remedy. What does cpanel recommend for whm users to prevent this flaw from being abused until a solution is live?
What I've done is:
Home »Server Configuration »Tweak Settings...
Why is there a /home/user/.contactemail file?
If I, or some script change the email address directly in that file, why does Contact Information page still show the "right/orig" email address?
If the page shows one email address, and the file has a different email address, who gets the email...
I'm wondering if applying these three things to the server is a sufficient alternative to the jail/chrooted thing.
Using disabled_functions feature for php-fpm
Doing this: SOLVED - Adding open_basedir for multiple users
Looking forward to your reply.
Thank you for providing that information.
Is this open_basedir change along with the disable_functions and user_ini a sufficient alternative to the: "Apache vhosts are not segmented or chroot()ed."
Once I switched to a newer server, I started having problems with sending email on a windows 7 machine with outlook. My research lead me to:
- WHM/Exim default no longer supported older ciphers
Searching for that issue lead me to:
- Windows has a patch and registry change to enable TLS 1.2...
So I just found that a server seems to have been compromised. Still looking into what/how.
I've found the same foreign IP in the /home/account/.lastlogin of a couple accounts. I searched through access_logs and found the same IP had logged into all accounts all 2 seconds apart... like every two...
Right now, backups run as per whm. Whole /home/user directories are backed up as accountname.tar.gz
Facing a situation where one needs to restore say just public_html and/or database, one has to:
Located the .tar.gz
Download it (in this particular case, 7gb - long process)
Extract gz -> end...
After updating server just recently I also had this error.
In the php.ini I see:
extension_dir = "/usr/local/lib/php/extensions/no-debug-non-zts-20090626"
But that folder didnt exist, but in the extensions folder I found:
I just recently setup a server with WHM and cpanel. So far, everything seems to be working, I just have a few concerns that I cant seem to find answers to. I'm hoping one of you pro's might guide me :)
How do I set things up to where curl uses the ip address of the cpanel account...