security

  1. X

    cPHulk

    Hello, Can cPHulk provide protection against Brute force logins for web serves like apache, nginx, litespeed?
  2. R

    Security Advisor Locks up at Apache

    Hello, Currently, we have about 10 VPSs running CentOS 7.x. All are similar in design and software. But, on a group of older servers, as Security Advisor starts to run, it is stalled at the following... Cpanel::Security::Advisor::Assessors::Apache 1.04 Nothing in the error logs (Cpanel or...
  3. J

    Looking to stop microsoft azure bots

    Trying to stop the onslaught of microsoft azure bots. I have a script that stops the amazon ones in csf but can't find one for the microsoft flavor. Also wondering if there is a third party provider that does this for the microsoft bots integrated into mod_security. Any advise appreciated.
  4. N

    Account Transfer: careful of Security Questions (security policy on the remote server forbids it)

    Hello, Here another "Security Questions" story :) I just took almost 2 hours to figure out why I got an error during cPanel Account Transfer between remote servers. Common check for troubleshooting : The TCP ports 2083/2087 was opened in CSF. Tried to temporarily disabling Imunify360/CSF...
  5. B

    Bug (security): Jailshell is missing /etc/crypto-policies so breaks crypto-policies(7) enforcement

    cPanel v94 on Alma 8. Out of the box, the cPanel jailshell environment doesn't include the files under /etc/crypto-policies. This breaks crypto-policies(7) and can cause unexpected/undesired behavior across various processes (kerberos, (lib)openssh, (lib)openssl, etc). As one example that...
  6. I

    New - The security token in your request is invalid.

    Hi an thank you for reading. ISSUE: Several open tabs, each with different domain, times-out to "The security token in your request is invalid." and need to login again. PROCESS: (can be repeated) Open WHM in Chrome In WHM, choose domain X and click CP (Cpanel). Domain X opens in new tab...
  7. N

    Security Advisor

    Security Advisor page does not load after cPanel updated to 102.0.7
  8. U

    WordPress Toolkit Security Measures

    Hi - I've had a few instances in which clients have other apps installed in subdirectories in public_html and, after applying security measures, those are no longer accessible. a 404 error is returned. In two cases, the last security measure to be applied is, "Restrict access to files and...
  9. J

    Cgi-bin directory security

    Hello I was wondering how secure the cgi-bin directory is. I need to read a Google spreadsheet and display some of its contents on a webpage. This means I need to have login credentials in a script inside of the cgi-bin directory. Since this is in the public_html/cgi-bin directory, does this...
  10. Spirogg

    SOLVED CPANEL-40005 - Ubuntu cPanel Security advisor still shows yum update instead of apt-get

    A KernelCare update is available. You must take one of the following actions to ensure the system is up-to-date: Patch the kernel (run “kcarectl --update” on the command line). Update the system (run “yum -y update” on the command line), and reboot the system. not sure where to post the...
  11. A

    token access security

    Hi, Just wondering about token access. We have a site on the server that a 3rd party wants access to via an API token. The token key will be stored in plain text on a config fiile in the sites public folder. I am aware that i can create a token in the accounts cpanel, and also within WHM. I...
  12. W

    SOLVED CPANEL-39815 - Not receiving security advisor notifications

    I have reported this to cPanel support and wanting to create a thread here so that I can follow it. Re: Not receiving "New Security Advisor notifications" After checking, I was able to get a Security Advisor state change notification 'sent' by briefly making a change that would warrant the...
  13. grindlay

    Files in .quarantine folder flagged as infected by ImmunifyAV

    I'm running the ImmunifyAV WHM plugin and have been for a while. Yesterday it scanned all my accounts in /home*/* and found a number of infected files. These are all in /home/user/.quarantine. They were easy to delete and subsequent manual scans showed clean. My question is: what application...
  14. B

    Disabling email forwarding in webmail for security reasons

    Hello we have noticed that when a customer clicks on a malware email, one type of malware installs in their computers and then send email/pass credentials to hacker, then at any given time hacker will send out spam with the credentials We have noticed that when they steal email/pass they also...
  15. J

    Anyone experience with Grype security scanner?

    Hello. Anyone have experience using grype security scanner? Pretty easy to use and fast. Report a lot of vulnerabilities that other scanners do not: https://github.com/anchore/grype
  16. cPanelTabby

    cPanel TSR-2021-0006 Announcement

    cPanel TSR-2021-0006 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated...
  17. B

    SOLVED dnsadmin has failed to restart.

    Hello team I have an issue when creating an account it gives me this error "The system failed to connect a UNIX domain socket to “/var/cpanel/dnsadmin/sock” because of an error: Connection refused" And I have noticed all services status in PENDING I have tried to restart DNS admin using this...
  18. J

    SOLVED list of updated files includes eggdrop.sym, ircd.sym and other suspicious files

    Hello. I normally receive updates on files not matching md5sums and check if it was the result of an update. But today I received a list of updated files the likes of the following: [2021-11-01 22:39:31 -0400] [/usr/local/cpanel/bin/dcpumon] Loading Symbol Table...
  19. U

    Severe attack case via POST /admin/ HTTP/1.1

    Hello, we have a rather difficult case of attacks to our VPS server (CLOUDLINUX 7.9 kvm [web] v98.0.9) Server Version: Apache/2.4.51 (cPanel) OpenSSL/1.1.1l Apache mod_bwlimited/1.4 mainly in the form: http/1.1 example-domain.com:443 POST /admin/ HTTP/1.1 that target the admin...
  20. Alongar

    Security Advisor in WHM & ImunifyAV

    Hello, If ClamAV is installed instead of ImunifyAV, why does the Security Advisor still show a notice to install ImunifyAV if another anti-virus program is being used that you can install through cPanel->Manage Plugins? Should this notice be dismissed by cPanel if ClamAV is installed?