security

  1. B

    New Thread Disabling email forwarding in webmail for security reasons

    Hello we have noticed that when a customer clicks on a malware email, one type of malware installs in their computers and then send email/pass credentials to hacker, then at any given time hacker will send out spam with the credentials We have noticed that when they steal email/pass they also...
  2. J

    Anyone experience with Grype security scanner?

    Hello. Anyone have experience using grype security scanner? Pretty easy to use and fast. Report a lot of vulnerabilities that other scanners do not: https://github.com/anchore/grype
  3. cPanelTabby

    cPanel TSR-2021-0006 Announcement

    cPanel TSR-2021-0006 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated...
  4. B

    SOLVED dnsadmin has failed to restart.

    Hello team I have an issue when creating an account it gives me this error "The system failed to connect a UNIX domain socket to “/var/cpanel/dnsadmin/sock” because of an error: Connection refused" And I have noticed all services status in PENDING I have tried to restart DNS admin using this...
  5. J

    SOLVED list of updated files includes eggdrop.sym, ircd.sym and other suspicious files

    Hello. I normally receive updates on files not matching md5sums and check if it was the result of an update. But today I received a list of updated files the likes of the following: [2021-11-01 22:39:31 -0400] [/usr/local/cpanel/bin/dcpumon] Loading Symbol Table...
  6. U

    Severe attack case via POST /admin/ HTTP/1.1

    Hello, we have a rather difficult case of attacks to our VPS server (CLOUDLINUX 7.9 kvm [web] v98.0.9) Server Version: Apache/2.4.51 (cPanel) OpenSSL/1.1.1l Apache mod_bwlimited/1.4 mainly in the form: http/1.1 example-domain.com:443 POST /admin/ HTTP/1.1 that target the admin...
  7. Alongar

    Security Advisor in WHM & ImunifyAV

    Hello, If ClamAV is installed instead of ImunifyAV, why does the Security Advisor still show a notice to install ImunifyAV if another anti-virus program is being used that you can install through cPanel->Manage Plugins? Should this notice be dismissed by cPanel if ClamAV is installed?
  8. M

    Backup Encryption Security

    BACKGROUND: Many customers of CPanel have over the course of over 5 years been looking and waiting for Backup Encryption ability on the server controlled backup processes. This can be found on the Feature Request here...
  9. cPanelTabby

    EasyApache 4 October 6 Release

    EasyApache 4 October 6 Release We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional...
  10. J

    SOLVED Can emails be sent outbound other than with smtp?

    Hello. I frequently monitor outbound email that uses a php script (phplist) and exim to send it out. However, if - and it's a big if - an account gets compromised, is there a way for someone to also send out emails say "under the radar" that are not included in domain email logs? Thanks.
  11. cPanelTabby

    cPanel TSR-2021-0005 Announcement

    cPanel TSR-2021-0005 Announcement cPanel has released its Targeted Security Release to address security concerns with the cPanel & WHM product. These updates are currently available to all customers via the standard update system. cPanel has rated this update as having a CVSSv3.1 score of 3.9...
  12. V

    Content-Security-Policy headers for WHM, cPanel, and webmail

    Has any thought been given to enabling better Content-Security-Policy headers on the WHM, cPanel, and webmail interfaces by default? I see threads in the forums about how to setup the Content-Security-Policy headers in the pre_main_global.conf but when you do that, it appears to apply to the...
  13. 7

    Fixed case CPANEL-37048: Remove support for legacy mod security 2 configuration.

    Updated WHM from 96 to 98 yesterday and CSF doesn't seem to be blocking using modsecurity rules. Then I noticed that update. Does Mod_Security still work with WHM 98? How can be get it working?
  14. M

    Any suggestions for online training about web security and hacking prevention

    Hello, I was wondering if you can suggest any good free or not expensive training+certification about this matter. Maybe something in the cPanel University -- Get Certified! ?
  15. cPanelTabby

    cPanel TSR-2021-0004 Full Disclosure

    cPanel TSR-2021-0004 Full Disclosure cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel...
  16. I

    WP-Toolkit: Security keys were not fully applied

    Hi, I've been getting this error when the toolkit tries to run the smart update on one of my sites. Smart Update could not be completed automatically. Please try running the update manually. Details: Failed to clone the installation: 'Security keys were not fully applied.' I'm not sure how to...
  17. 000

    exist some difference (in level of security) if I connect over IPv6 vs IPv4 ?

    hello, I believe the target of IP6 is transfer video and streaming. But... I can connect SERVER_USERS to PHP_LOGIN and then send requests from SERVER_USERS to SERVER_with_ip6, get ANSWER from SERVER_with_ip6 then send this to SERVER_USERS for this context, is the same if I connect over IP6 or...
  18. AndyX

    The security token is missing from your request.

    Please eliminate this erroneous message: In Firefox I have my preference set to delete all cookies when I exit Firefox. So the "The security token is missing from your request" will always show no matter what I do. I don't think the message serves any useful purpose and should be eliminated...
  19. T

    Help improving security

    Hello, I have a security red score on webpagetest.org as you can see here : WebPageTest Test Result - Paris - EC2 - Ch...mprunter-malin.com - 05/28/21 05:27:25. In order to improve security, a developer has asked me to do the follwowing : 1- Enable HSTS in Apache OR : Add the following code...
  20. A

    Origin of a root access

    Few days ago, I saw this in `bash_history` while looking for something else: 539 being MY last action on the server, connected as root by private key, and 554 being ConfigServer installing their stuff and making configurations. From where I'm standing, first the hacker couldn't get his hand...