security

  1. R

    The chinese want to use my server to view websites which are censored in there

    Hello, I see allot of mod_proxy requests from chinese ip's that try to connect to certain websites voanews seems to be a populair one .The requests are being denied with a 403 forbidden by mod_security but i'm wondering why the Chinese are trying to steal my server resources for there crap and...
  2. M

    SECURITY information for vps.domain.com, user NOT in sudoers

    My client has gotten a few of these emails now with this warning: vps.domain.com : Jan 2 04:59:04 : username : user NOT in sudoers ; TTY=unknown ; PWD=/home/username ; USER=root ; COMMAND=/sbin/sysctl kernel.nmi_watchdog=0 I ssh'd in and the last ssh prior to that was back in August (based on...
  3. J

    SOLVED Suspicious symlink (->../../var/lib/mysql/mysql.sock)

    Error message received from csf. Trying to dig into this and some older articles reference cpanel but honestly, it's above my pay grade. Maybe someone can shed some light? Time: Wed Dec 30 14:06:02 2020 -0500 File: /tmp/mysql.sock Reason: Suspicious symlink...
  4. G

    Disable security tokens

    Is there an up-to-date way of disabling security tokens? They're a huge annoyance for me; no one can access my server but me, anyway, but my home internet provider changes IPs constantly so I'm having to log back in to PMA every hour or 2! On my old server, I added this to...
  5. E

    Problem in Security advisor: Failed to check whether active services are up-to-date: “/usr/local/cpanel/bin/needs-restarting-cpanel” reported error

    Hello, I have a cPanel&WHM version 90.0.19 and now I see error in Security advisor: Failed to determine if a reboot is necessary: An unknown error in the “Cpanel::Exception::ProcessFailed” package has occurred. Failed to check whether active services are...
  6. Jim Evans

    ET DNS Query for .su TLD (Soviet Union) Often Malware Related

    Started noticing suricata alerts based on this ET. Has anyone else been seeing this? network.data.decoded .............ns2.magicgenericmart.su..... UDP traffic (..5.?._X..............ns2.magicgenericmart.su..............W."[email protected] Exploring tcpdump to pcap...
  7. D

    Automated security file downloading needed

    I need a script (on server: Centos, or on client: Windows) to download the AutoSSL Let's Encrypt private key and certificate files for a list of domains I own, so I can update my local development computer whenever cPanel decides to renew my webserver certificates, making them invalid locally...
  8. T

    session.hash_function

    I'm using EasyApache4 I'm using PHP 7.3 I'm trying to increase PHPSESSID security and increase length.. I want set session.sid_length but it does not exist in MultiPHP.ini Editor But session.hash_function exist. (But it seems it is not effective in PHP 7.3) I set it to 1 and set Algorithm to...
  9. W

    mod_ruid2 under Security Advisor?

    Quick question I just noticed something on a the security advisor page: Apache vhosts are not segmented or chroot()ed. Enable “mod_ruid2” in the “EasyApache 4” area, enable “Jail Apache” in the “Tweak Settings” area, and change users to jailshell in the “Manage Shell Access” area. Consider a...
  10. J

    Recommendations on Linux SIEM tools?

    I've seen two threads here discuss OSSEC, Splunk, and LogWatch. However, both are well over 5 years old. What works best with dedicated cPanel server environments? Which is best for learning more about cybersecurity and incident response in general?
  11. R

    WHM access not by me

    Hello, today lfd notified me a new WHM/cPanel root access to my VPS by an IP from Romania (it's not mine). When i saw the email, i logged immediately into WHM and i blocked that IP. I changed also my root password. Apparently it seems that everything works fine. My VPS has CSF installed and...
  12. K

    AH01215: Use of uninitialized value $homedir in concatenation

    Hi I'm looking at this error but it doesn't make sense. I tried googling but I can't find any relevant results. [Mon Aug 31 15:38:14.060612 2020] [cgi:error] [pid 713883] [client 144.76.4.41:23578] AH01215: Use of uninitialized value $homedir in concatenation (.) or string at...
  13. O

    How to trace short lived suspecious-processes

    Hi My load-average started to go above its usual baseline today, so I kept on checking the process manager. From what I have seen, the server is getting each 1 second a process triggered by the user "nobody" and it is always calling the php-cgi as marked in red. Note: all my-websites use their...
  14. PCZero

    Security Advisor "Information" Spam Ads

    Please give us a way to turn off SPAM ads in Security Advisor such as this one. No legit software should support SPAMMING users. Had I known that the highly recommended Imunify in the new version of WHM came with SPAM ads I would have just stayed with Clam. SPAMMING users is very unprofessional...
  15. P

    CPanel Security Advisor Shows KernelCare error.

    Hey Dudes ! I have an issue please anyone help me to solve it. Actually today I installed KernelCare trial in my server , by these commands - curl -s -L https://kernelcare.com/installer | bash /usr/bin/kcarectl --register KEY and after something one hour I goes to CPanel Security Advisor , and...
  16. D

    I am under Brute Force attack?

    Hello Support, Since today Morning, my website is very very slow and sometimes it does not even load its pages completely. Also I have noticed that my website is having too many bot tries , checking CpHulk History I see many login attempts. This is getting annoying, the website is working...
  17. F

    LetsEncrypt Wildcard DNS verification when not using cPanel's name servers

    I want to create a wildcard certificate through the Lets Encrypt SSL page however I have to use DNS verification for this which is fine, yet cPanel does not display the TXT record it wants me to add it just blatantly assumes that we're using cPanel's DNS manager, how do I get the TXT record so I...
  18. C

    CSF Blocking - PHP Warning

    Hello, I have a few clients getting blocked on a website. They get blocked by CSF. I had a look on the error log and this is pretty much repeated: [Fri May 08 15:50:12.128269 2020] [:error] PHP Warning: session_start(): Cannot start session when headers already sent in...
  19. E

    iptables web based frontend

    Hi All, I use the latest WHM and cpanel. I am a visual type of guy and I don't like running firewalld commands to config iptables. I don't wish to install a host based firewall frontend that use either gnome nor kde - as I wish to keep my server minimal. I tried to use the csf plugin for whm...
  20. brianc

    SOLVED [ CPANEL-31659] Security Vulnerability found in Mailman

    Does cPanel have an ETA on when you will be patching Mailman to address the following 2 recently discovered security vulnerabilities? https://bugs.launchpad.net/mailman/+bug/1873722 https://bugs.launchpad.net/mailman/+bug/1877379 I have manually applied the to my cPanel servers but I am not...