Hi Guys, cPanel thank you for a great product and quick patches to updates and security. Having said that, heads up. Last night's update broke my remoteIP and proxy server config.
FYI I have the "remoteIP" module (ea-apache24-mod_remoteip) installed and the cpanel update last night threw my cpanel config for a loop. That is to say that it "rpmsaved" it (as 360_mod_remoteip.conf.rpmsave) but replaced it with a vanilla config (370_mod_remoteip.conf) without my proxy server IP in them. So please check your cpanel configs (/etc/apache2/conf.modules.d/) and your web logs this morning.
We were alerted this morning to many hacking attempts. When we looked closer we realized the remoteip module was not working correctly. So in the weblogs all the hacking looked like they from the proxy IP and not from the true originating IPs. Normally we block all untrusted IPs to login pages.
This update will undoubtedly open up security policies implemented via .htaccess files and proxy servers. Please note and check your logs. This is how we found out about this issue. Hope this helps anyone seeing strange traffic today.
Again, thank you cPanel and all forum users for the best support and product. This is the first time I've had an issue with an update and wanted to post to help others, just like this forum has helped us so many times before. Thanks all.
FYI I have the "remoteIP" module (ea-apache24-mod_remoteip) installed and the cpanel update last night threw my cpanel config for a loop. That is to say that it "rpmsaved" it (as 360_mod_remoteip.conf.rpmsave) but replaced it with a vanilla config (370_mod_remoteip.conf) without my proxy server IP in them. So please check your cpanel configs (/etc/apache2/conf.modules.d/) and your web logs this morning.
We were alerted this morning to many hacking attempts. When we looked closer we realized the remoteip module was not working correctly. So in the weblogs all the hacking looked like they from the proxy IP and not from the true originating IPs. Normally we block all untrusted IPs to login pages.
This update will undoubtedly open up security policies implemented via .htaccess files and proxy servers. Please note and check your logs. This is how we found out about this issue. Hope this helps anyone seeing strange traffic today.
Again, thank you cPanel and all forum users for the best support and product. This is the first time I've had an issue with an update and wanted to post to help others, just like this forum has helped us so many times before. Thanks all.