As of the second cPanel & WHM Targeted Security Release of 2018 (TSR-2018-0002), the Optimize .htaccess feature was removed from all supported cPanel & WHM versions. This difficult decision was the result of some security concerns with its implementation. In its place, we have released the mod_cpanel Apache module. This module will begin to improve upon the features that Optimize .htaccess provided. What is Optimize .htaccess and why is cPanel replacing it? When we released it, …
Archive for security
The Annual cPanel Conference is a staple in the webhosting community. Last year’s conference was such a blast! We met so many new people and got to catch up with all our old friends. The details of this year’s cPanel Conference (October 1-3, in Houston, Texas) are falling into place, and we’re looking forward to having you join us! Who will be there? Companies and disciplines from every corner of the hosting industry will be represented.
Here at cPanel, Inc., we want to empower our users to take control of their own cPanel & WHM server. This can seem very daunting at first, but we are here to show you anyone can build a cPanel & WHM server with a WordPress site. We will be addressing some very technical topics, but have linked additional tutorials with more information. Let’s begin! Getting Started By the end of this tutorial, you will have purchased …
It’s been just about two months since our last update. Our GDPR compliance efforts are moving quickly. We are in the final stages of preparing a privacy policy that meets the requirements of the U.S. / EU / Swiss Privacy Shield process. If are a customer, and you need an advance copy of our privacy policy to facilitate your GDPR efforts, please email gdprquestions [at] cpanel.net. Data processing agreements We will soon be updating our …
Greetings! Hello everyone! My name is Megan and I’m the newest Community Manager to join the team at cPanel. I’m really excited to join the team and ready to hit the ground running. I have a background in community outreach and digital marketing. Over the last year and a half, I became involved in the startup and tech community by participating in hackathons, organizing events, and learning to code. I am also one of the curators for Houston Startup Digest. My hobbies …
New Plesk Extensions on the Loose: May Edition
The post New Plesk Extensions on the Loose: May Edition appeared first on Plesk.
This past month saw a lot of preparation for upcoming events and releases across the WordPress project. Read on to find out more about these plans, and everything else that happened around the community in April. The WordPress 15th Anniversary is Coming On May 27 2018, WordPress will turn 15 years old — this is […]
The new and improved cPanel & WHM Version 70
It’s been almost two months since we announced the delay of cPanel & WHM Version 70. In that time, we’ve done a whole lot of work. We’re entering brand new territory for us, and Version 70 is at the center of it all. Why the Delay? In late January of this year, we found a performance issue in our backup system that we needed to address before v70 went to the RELEASE tier. Our research revealed …
Hidden Website Threats: How to deal with Site Malware
Greg Zemslov, Guest Author from our Plesk partner Revisium talks about the websites threats that we don’t see, like site malware, and how to get rid of it.
The post Hidden Website Threats: How to deal with Site Malware appeared first on Plesk.
Celebrate the WordPress 15th Anniversary on May 27
May 27, 2018 is the 15th anniversary of the first WordPress release — and we can’t wait to celebrate! Party time! Join WordPress fans all over the world in celebrating the 15th Anniversary of WordPress by throwing your own party! Here’s how you can join in the fun: Check the WordPress 15th Anniversary website to see […]
As of cPanel & WHM version 74, we will begin to deprecate our support of SquirrelMail, one of our bundled webmail applications. We expect to stop shipping SquirrelMail for new installations of cPanel & WHM in version 76 and will remove our support with version 78. As this change will disrupt many users, we are taking this opportunity to explain the reasons behind our decision. We also are opening a dialogue with you, our community, about …
GDPR compliance is an important consideration for all WordPress websites. The GDPR Compliance team is looking for help to test the privacy tools that are currently being developed in core.
Prevent Outgoing Spam from Webmail Accounts
We’ve added greater flexibility to how cPanel users can manage, protect, and administer email addresses on their mail server. You can now suspend or queue the outgoing mail from a single email account on your server. In case you’re not already familiar with the full administrative capabilities of Webmail, here’s a short run down. Receive Notifications of Send Limits Get alerts about accounts that are sending massive amounts of emails by entering Tweak Settings …
Last night, we pushed an update to EasyApache4 wherein after the update was installed Apache service may fail to restart properly. Upon checking the Apache error log, you may see error messaging similar to the following: Server xxxxxxx.com Primary IP Address xxxxxxxxxx Service Name httpd Service Status failed Notification The service “httpd” appears to be down. Service Check Method The system failed to connect to this service’s TCP/IP port. Reason Service check failed to complete …
WordPress 4.9.5 Security and Maintenance Release
WordPress 4.9.5 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented […]
* This post was originally posted on September 27, 2016, and has been updated for accuracy. The Tiered Release System The tiered release system was introduced early in the development of cPanel & WHM. We knew it would be important to appeal to all types of users, from the risk-taking early adopters to the stability-seeking delayers. Each tier represents a different risk vs reward ratio, and today we’re here to talk …
With a significant new milestone and some great improvements to WordPress as a platform, this month has been an important one for the project. Read on to find out more about what happened during the month of March. WordPress Now Powers 30% of the Internet Over the last 15 years, the popularity and usage of […]
Training Your Employees in cPanel & WHM: Best Practices
There are multiple factors that contribute to your hosting company’s success. One undeniable factor that separates good hosting providers from great hosting providers is the level of technical support they provide their customers. Providing customers with easy, fast solutions when they need it is the best way to increase loyalty, retention, as well as promote evangelism for your business. We want to make sure your technical support staff is at …
Last week was the annual CloudFest conference (previously WHD.global) in Rust, Germany. cPanel, Inc. was a Diamond Sponsor, and we showed up in force! Twenty-seven eager cPanel employees from four departments came along. We all got to meet with existing and potential customers and to pass out some pretty handy gloves. Celebrate the Cloud! Most of us in the technology industry have a love/hate relationship with …
[20180301] – Core – SQLi vulnerability User Notes
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 3.5.0 through 3.8.5
- Exploit type: SQLi
- Reported Date: 2018-March-08
- Fixed Date: 2018-March-12
- CVE Number: CVE-2018-8045
Description
The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the User Notes list view
Affected Installs
Joomla! CMS versions 3.5.0 through 3.8.5
Solution
Upgrade to version 3.8.6
Contact
The JSST at the Joomla! Security Centre.
General Data Protection Regulation and cPanel
As the internet evolves — so do the policies that govern the way we store and share information. One of the latest policies to come into effect is the General Data Protection Regulation. This policy, also known as GDPR, comes out of the European Union and its goal is to protect certain types of personal information. We began preparing just over a year ago for this regulation, which comes …
Judging by the flurry of activity across the WordPress project throughout February, it looks like everyone is really getting into the swing of things for 2018. There have been a lot of interesting new developments, so read on to see what the community has been up to for the past month. WordPress 4.9.3 & 4.9.4 […]
Security is a huge priority for the cPanel team. Not only do we make sure we are providing everything we can to keep our customers protected, but we also provide ways for our customers to keep their clients’ information safe as well. One of our most prized features for both web, email, and server security is cPHulk. This feature, which provides great protection against brute force attacks, has been a part of our security suite …
When we originally launched the cPanel & WHM documentation, we also included a Software Developer Kit (SDK). Our goal was to build it into an actual kit of tools and help that would support and enable our integrators. Unfortunately, as the documentation evolved and the documentation team took on more responsibility, the actual ‘kit’ was never created. That’s created a ton of confusion that we’re hoping to alleviate today. Announcing: Developer …
WordCamps are informal, community-organized events that are put together by a team of local WordPress users who have a passion for growing their communities. They are born out of active WordPress meetup groups that meet regularly and are able to host an annual WordCamp event. This has worked very well in many communities, with over […]
WordPress 4.9.4 is now available. This maintenance release fixes a severe bug in 4.9.3, which will cause sites that support automatic background updates to fail to update automatically, and will require action from you (or your host) for it to be updated to 4.9.4. Four years ago with WordPress 3.7 “Basie”, we added the ability […]
WordPress 4.9.3 is now available. This maintenance release fixes 34 bugs in 4.9, including fixes for Customizer changesets, widgets, visual editor, and PHP 7.2 compatibility. For a full list of changes, consult the list of tickets and the changelog. Download WordPress 4.9.3 or visit Dashboard → Updates and click “Update Now.” Sites that support automatic […]
Things got off to a gradual start in 2018 with momentum starting to pick up over the course of the month. There were some notable developments in January, including a new point release and work being done on other important areas of the WordPress project. WordPress 4.9.2 Security and Maintenance Release On January 16, WordPress […]
[20180104] – Core – SQLi vulnerability in Hathor postinstall message
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 3.7.0 through 3.8.3
- Exploit type: SQLi
- Reported Date: 2017-November-17
- Fixed Date: 2018-January-30
- CVE Number: CVE-2018-6376
Description
The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.
Affected Installs
Joomla! CMS versions 3.7.0 through 3.8.3
Solution
Upgrade to version 3.8.4
Contact
The JSST at the Joomla! Security Centre.
[20180103] – Core – XSS vulnerability in Uri class
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 1.5.0 through 3.8.3
- Exploit type: XSS
- Reported Date: 2017-November-17
- Fixed Date: 2018-January-30
- CVE Number: CVE-2018-6379
Description
Inadequate input filtering in the Uri class (formerly JUri) leads to a XSS vulnerability.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.8.3
Solution
Upgrade to version 3.8.4
Contact
The JSST at the Joomla! Security Centre.