security

Hello, If ClamAV is installed instead of ImunifyAV, why does the Security Advisor still show a notice to install ImunifyAV if another anti-virus program is being used that you can install through cPanel->Manage Plugins? Should this notice be dismissed by cPanel if ClamAV is installed?

BACKGROUND: Many customers of CPanel have over the course of over 5 years been looking and waiting for Backup Encryption ability on the server controlled backup processes. This can be found on the Feature Request here...

EasyApache 4 October 6 Release We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional...

Hello. I frequently monitor outbound email that uses a php script (phplist) and exim to send it out. However, if - and it's a big if - an account gets compromised, is there a way for someone to also send out emails say "under the radar" that are not included in domain email logs? Thanks.

cPanel TSR-2021-0005 Announcement cPanel has released its Targeted Security Release to address security concerns with the cPanel & WHM product. These updates are currently available to all customers via the standard update system. cPanel has rated this update as having a CVSSv3.1 score of 3.9...

Has any thought been given to enabling better Content-Security-Policy headers on the WHM, cPanel, and webmail interfaces by default? I see threads in the forums about how to setup the Content-Security-Policy headers in the pre_main_global.conf but when you do that, it appears to apply to the...

Updated WHM from 96 to 98 yesterday and CSF doesn't seem to be blocking using modsecurity rules. Then I noticed that update. Does Mod_Security still work with WHM 98? How can be get it working?

Hello, I was wondering if you can suggest any good free or not expensive training+certification about this matter. Maybe something in the cPanel University -- Get Certified! ?

cPanel TSR-2021-0004 Full Disclosure cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel...

Hi, I've been getting this error when the toolkit tries to run the smart update on one of my sites. Smart Update could not be completed automatically. Please try running the update manually. Details: Failed to clone the installation: 'Security keys were not fully applied.' I'm not sure how to...

hello, I believe the target of IP6 is transfer video and streaming. But... I can connect SERVER_USERS to PHP_LOGIN and then send requests from SERVER_USERS to SERVER_with_ip6, get ANSWER from SERVER_with_ip6 then send this to SERVER_USERS for this context, is the same if I connect over IP6 or...

Please eliminate this erroneous message: In Firefox I have my preference set to delete all cookies when I exit Firefox. So the "The security token is missing from your request" will always show no matter what I do. I don't think the message serves any useful purpose and should be eliminated...

Hello, I have a security red score on webpagetest.org as you can see here : WebPageTest Test Result - Paris - EC2 - Ch...mprunter-malin.com - 05/28/21 05:27:25. In order to improve security, a developer has asked me to do the follwowing : 1- Enable HSTS in Apache OR : Add the following code...

Few days ago, I saw this in `bash_history` while looking for something else: 539 being MY last action on the server, connected as root by private key, and 554 being ConfigServer installing their stuff and making configurations. From where I'm standing, first the hacker couldn't get his hand...

cPanel TSR-2021-0003 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated...

Is it possible to disable cookies using WHM and achieve a cookieless domain warning? As I understand it can be created an Amazon bucket and connect cookies warning inside a new domain An example: <?php define("WP_CONTENT_URL", "http://domain.com.s3.amazonaws.com/assets/")...

Just tried to log into whm, get the following screen (attached) I cant do anything till I change my root pw - however I dont wish to do this - any way in ssh (I have access via ssh keys) to manual edit this so I can get into whm and not have to change my password ?

Hello, The cPanel/Whm "security advisor" feature tells me : Important add kernelcare's free symlink protection Information Use kernelcare to automate kernel security updates without reboots I have imunify360 so the last message is strange as kernelcare is included and i did have that symlink...

Hi! I have got contacted by one of my Freelancer client. He was have virus issue in wordpress website. I have tried to clean virus from site. I was have marked that some files was getting automatically added again. Now I have backup my public_html folder and deleted all files from public_html...

We are configuring a new server with a client with cPanel 94, CloudLinux and CSF on CentOS 7. The CSF Server Service Check script suggests that Shell Fork Bomb Protection should be enabled , but pressing the 'Enable Protection' button doesn't change the status from disabled. `/etc/profile` was a...