security

  1. R

    New Thread WHM access not by me

    Hello, today lfd notified me a new WHM/cPanel root access to my VPS by an IP from Romania (it's not mine). When i saw the email, i logged immediately into WHM and i blocked that IP. I changed also my root password. Apparently it seems that everything works fine. My VPS has CSF installed and...
  2. K

    AH01215: Use of uninitialized value $homedir in concatenation

    Hi I'm looking at this error but it doesn't make sense. I tried googling but I can't find any relevant results. [Mon Aug 31 15:38:14.060612 2020] [cgi:error] [pid 713883] [client 144.76.4.41:23578] AH01215: Use of uninitialized value $homedir in concatenation (.) or string at...
  3. O

    How to trace short lived suspecious-processes

    Hi My load-average started to go above its usual baseline today, so I kept on checking the process manager. From what I have seen, the server is getting each 1 second a process triggered by the user "nobody" and it is always calling the php-cgi as marked in red. Note: all my-websites use their...
  4. PCZero

    Security Advisor "Information" Spam Ads

    Please give us a way to turn off SPAM ads in Security Advisor such as this one. No legit software should support SPAMMING users. Had I known that the highly recommended Imunify in the new version of WHM came with SPAM ads I would have just stayed with Clam. SPAMMING users is very unprofessional...
  5. P

    CPanel Security Advisor Shows KernelCare error.

    Hey Dudes ! I have an issue please anyone help me to solve it. Actually today I installed KernelCare trial in my server , by these commands - curl -s -L https://kernelcare.com/installer | bash /usr/bin/kcarectl --register KEY and after something one hour I goes to CPanel Security Advisor , and...
  6. D

    I am under Brute Force attack?

    Hello Support, Since today Morning, my website is very very slow and sometimes it does not even load its pages completely. Also I have noticed that my website is having too many bot tries , checking CpHulk History I see many login attempts. This is getting annoying, the website is working...
  7. F

    LetsEncrypt Wildcard DNS verification when not using cPanel's name servers

    I want to create a wildcard certificate through the Lets Encrypt SSL page however I have to use DNS verification for this which is fine, yet cPanel does not display the TXT record it wants me to add it just blatantly assumes that we're using cPanel's DNS manager, how do I get the TXT record so I...
  8. C

    CSF Blocking - PHP Warning

    Hello, I have a few clients getting blocked on a website. They get blocked by CSF. I had a look on the error log and this is pretty much repeated: [Fri May 08 15:50:12.128269 2020] [:error] PHP Warning: session_start(): Cannot start session when headers already sent in...
  9. E

    iptables web based frontend

    Hi All, I use the latest WHM and cpanel. I am a visual type of guy and I don't like running firewalld commands to config iptables. I don't wish to install a host based firewall frontend that use either gnome nor kde - as I wish to keep my server minimal. I tried to use the csf plugin for whm...
  10. brianc

    SOLVED [ CPANEL-31659] Security Vulnerability found in Mailman

    Does cPanel have an ETA on when you will be patching Mailman to address the following 2 recently discovered security vulnerabilities? https://bugs.launchpad.net/mailman/+bug/1873722 https://bugs.launchpad.net/mailman/+bug/1877379 I have manually applied the to my cPanel servers but I am not...
  11. M

    New Account Creation Chrome warning popup “Your password may be compromise”

    Hi, I got this chrome warning popup where it says "You just entered you password on a deceptive site." while creating new account on SSL secure WHM I dont get this elsewhere Anybody has any idea ?
  12. R

    WHM purchase and install an SSL Cert is erroring out

    From WHM, I go to the "Purchase and Install an SSL Certificate" page - it lists my two domains. I click on the "Go To cPanel", it launches cPanel and I get the following error: The system failed to load the market provider module for “cPStore” because of an error: (XID kmvexq) The request...
  13. R

    CSF versus Host Access Control to lock down WHM/cPanel mgmt

    Which is a better method for locking down mgmt to the server - `CSF` or WHM's `Host Access Control`? From a security perspective, what is the difference on using one versus the other? My preference is to only provide login prompt to specific hosts/IPs and then have an implicit deny on...
  14. B

    SOLVED Webmail ssl on :2096 expired

    Hello, In Cpanel when i click Launch Webmail it goes to cpanel.mydomain.com:2096 and i gives error about the ssl not being valid. I check the padlock and it expired 2019. In WHM under Manage Services SSL the ssl expired 2021 In Cpanel the ssl for non :2096 domain is June 2020 (autossl lets...
  15. C

    Safari can't establish secure connection - but site works on all other browsers

    Mac users browsing on Safari are getting the message "Safari can't open the page "my website" because Safari can't establish a secure connection to the server "my domain name". The site is working on all other browsers. 3 of my students are having the same issue, all using Mac laptops, all...
  16. PCZero

    Security items displayed in cPanel for use who is not enabled for them

    Running the latest WHM/cPanel. No accounts are resellers. All account sites use a default package and feature set. The set has the parameters Yet even though all of the SSL options are disabled in the package and feature set, when some users log into cPanel there are several icons in the...
  17. D

    outlook old TLS

    I looked for everything. My server does not accept old outlook
  18. Tarak Nath

    APF to CSF Firewall

    Hello, Currently we have purchased a new VPS server and there is default APF firewall. But we are very familiar with CSF firewall as we are using CSF firewall in our dedicated servers. APF firewall is fully unknown for us and never use it. Is it possible to use CSF instead APF ? If yes then...
  19. A

    Free SSL with cPanel ?

    I signed up for a hosting and just realised that I have an ssl certificate included. It says DV certificate issued by cPanel for your domain dot com Is it free forever ? My domain is valid for an year but the SSL says its valid for around 3 months only
  20. J

    What are the best cPanel plugins for security?

    The cPanel security apps page doesn't show when plugins were last updated. I already know CSF an ClamAV are great.