News

← cPanel News

Spam Assassin Ruleset Bug

Posted on January 1, 2010 by Aaron

The Quality Assurance team discovered a bug within the SpamAssassin ruleset that will mark messages sent in the year 2010 (that’s today) and beyond with a higher spam score than expected.     This bug can result in legitimate mail being flagged as spam.

The cPanel Development team has issued a hot fix that will address this issue and will automatically update the SpamAssassin ruleset to resolve this issue.   If you have automatic cPanel updates enabled, no further action is required.

If you do not have automatic cPanel updates enabled, you can manually update  the SpamAssassin ruleset by executing the following commands in a root shell:

/scripts/autorepair spamd_y2010_fix

For a more detailed explanation and information on resolving this problem on a non-cPanel environment, please review: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6269

As always, the entire cPanel team has pulled together to provide a rapid response to this issue as we realize proper email delivery is mission critical.

If you need any assistance, our 24×7 Technical Analyst team is standing by to provide you with further instructions, answers, and solutions to this bug.   To reach them please submit a ticket via: https://tickets.cpanel.net/submit/index.cgi?step=2&reqtype=tickets&product=cpanel

You can also join the discussion on the SpamAssassin bug  at http://forums.cpanel.net/f43/spamassassin-fh_date_past_20xx-0-0-rule-bug-142725.html

Posted in Release Announcements | Tagged: ,

cPanel Cross Site Scripting Vulnerability

Posted on December 21, 2009 by cPanel

Summary
A cross site scripting vulnerability has been discovered in our 11.24.x versions of cPanel that has been addressed and fixed in our 11.25.x series of the product.

Security Rating
This update has been rated as having a trivial security impact by the cPanel Security team.

Description
The dofileop.html page in x3 for cPanel has been found to be vulnerable to a Cross Site Scripting vulnerablitly at the following URL:

http://site.com:2082/frontend/x3/files/dofileop.html?fileop=&opdir=&opfile=dir=%2fhome%2fuser%2ftmp&fileop=XSS%20Vulnerable

The fileop variable in the dofileop.html was not being fully santized or validated correctly and invalid data could be injected into the URL.

Solution
cPanel users should upgrade to our 11.25.0+ series of WHM/cPanel which contain a fix for this issue.

References
http://www.exploit-db.com/exploits/10519

Posted in News

Direct cPanel VPS Licenses Now Available!

Posted on November 23, 2009 by Aaron

cPanel is now officially offering VPS-based licenses for direct purchase. If you have your own virtual private server, cloud computing service, or are located at a data center that is not a cPanel Partner, a Direct License allows you to download, install, and license cPanel directly. You can purchase Direct Licenses from cPanel on an annual basis.

The cPanel VPS License is available for an introductory price of $200.00 annually, and includes:

  • Free installation.
  • Free migration assistance from other control panels via our Migration Services program.
  • Free software updates.
  • Free Priority Support.

Full details of the licenses are available via: http://www.cpanel.net/products/cpanelwhm/pricing.html

You can also get discounts for multiple license purchases:

  • 10% off for 2 licenses.
  • 20% off for 3 or more licenses.

To purchase a VPS License, visit https://www.cpanel.net/store.

Posted in Press Releases

cPanel Expands Its Technical and Customer Support Offerings

Posted on November 17, 2009 by Eric

Spurred by continued growth, cPanel has decided to expand its technical support services in three key areas:

  • By offering 24-hour-a-day, 7-day-a-week phone support.
  • By making a new Live Chat feature available on its website, http://www.cpanel.net.
  • By reorganizing its online discussion forums and providing a technical support analyst to monitor them full-time.

Technical Phone Support Now Available Around the Clock
In the past, cPanel has provided 24-hour technical support mainly via its online, ticket-based system, offering phone support only during daytime business hours. Now, that has changed.

“Our customer base is growing,” explained Technical Support Manager Sean Richards. “It makes sense to expand our support team, so that we can provide our users with help around the clock.”

The increased size of cPanel’s support team has provided customers with other benefits, too. “Adding a number of seasoned veterans and top talent has also allowed expanded support for migrations, bug review, direct API support as well as the direct involvement in many key areas that will be important for 2010,” Richards elaborated.

Phone support costs a nominal per-incident fee, which includes as many calls as needed to resolve the problem.

Customer Service Now Offers Live Chat feature at: http://www.cpanel.net
cPanel has also implemented a Live Chat feature on its website, available to customers during daytime business hours.

This free new service allows anyone visiting the site to send instant messages directly to cPanel’s Customer Service staff. The staff then provide quick, easy answers to customers’ billing and sales questions.

cPanel Community Forums Reorganized and Improved
One of cPanel’s most popular support channels, its discussion forums at http://forums.cpanel.net, has just been overhauled. “Customers will find the new forum layout more useful,” Richards commented. “There’s now a dedicated place for feature requests, and we’ve improved access from mobile devices.” Users of PDAs and smart phones can enjoy this enhancement by accessing the cPanel forums at http://m.forums.cpanel.net.

Additionally, a veteran cPanel Technical Support team member is now dedicated to locating and responding to customer questions and problems in the forums full-time. This will aid users seeking advice about configuring their servers, or help with technical problems, by cutting down on response times.

Posted in Press Releases | Tagged: , , , , ,

Thanks for attending cPanel Conference 2009!

Posted on October 20, 2009 by Eric

If you’re active on our forums, you may vote in our poll as we’re trying to determine which days of the week work best for attendees.  It’s a great way for you to influence our planning for cPanel Conference 2010.  The poll is located here.

If you didn’t attend the 4th annual cPanel Conference this month, you missed out. Attendees enjoyed some serious learning, great hospitality, and an overall fantastic time. Continue reading

Posted in News | Tagged: ,

cPanel Security Advisory: CVE 2008-2043

Posted on October 14, 2009 by cPanel

Summary
cPanel 11.25.0 provides mechanisms to prevent Cross Site Request Forgery attacks.

Security Rating
This update has been rated as having an Important security rating by the cPanel Security team.

Description
All versions of cPanel prior to version 11.25.0 are vulnerable to cross site request forgery attacks. Cross-site request forgery, often abbreviated as CSRF or XSRF, exploits the trust a website has in a user’s browser. By exploiting that trust a malicious user can execute unauthorized commands on a website.

Solution
cPanel 11 users should upgrade to version 11.25.0 which contain mechanisms to prevent these types of attacks. To insure full protection, the following options in Tweak Settings are strongly recommended to be enabled:

  • Require security tokens for all interfaces. This will greatly improve the security of cPanel and WHM against XSRF attacks, but may break integration with other systems, login applications, billing software and third party themes.
  • Validate the IP addresses used in all cookie based logins. This will limit the ability of attackers who capture cPanel session cookies to use them in an exploit of the cPanel or WebHost Manager interfaces. For this setting to have maximum effectiveness, proxydomains should also be disabled.
  • Disable Http Authentication for cPanel/WebMail/WHM Logins (forces cookie authentication.) This will help prevent certain types of XSRF attacks that rely on cached Http Auth credentials.

In addition it is recommended the following Tweak Settings be disabled:

  • Add proxy VirtualHost to httpd.conf to automatically redirect unconfigured cpanel, webmail, webdisk and whm subdomains to the correct port (requires mod_rewrite and mod_proxy)
  • Automatically create cpanel, webmail, webdisk and whm proxy subdomain DNS entries for new accounts. When this is initially enabled it will add appropriate proxy subdomain DNS entries to all existing accounts. (Use /scripts/proxydomains to reconfigure the DNS entries manually)

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2043
http://secunia.com/advisories/30027

Posted in News, Security | Tagged: , ,

cPanel 11.25 Tech Bulletin: updated bandwidth tracking requirements

Posted on October 9, 2009 by Aaron

In cPanel 11.25 we have made a few feature improvements to the bandwidth tracking system built into WHM and cPanel. While these new features grants you a much more accurate and granular view of client bandwidth usage, customers with inadequately sized /var partitions may run into issues related to partition size and disk space consumption.

It should also be noted that the creation of these files occurs during the first upcp that results in an upgrade to 11.25 and can require significantly more time than normal upgrades.

The notice for this change was in our release notes for 11.25 which can be found at http://docs.cpanel.net/twiki/pub/AllDocumentation/ReleaseNotes/1125releasenotes.pdf

Change: Bandwidth graph RRD files are split off for each individual service per domain and subdomain and stored in /var/cpanel/bandwidth/ .

Potential Issue: On some machines, depending on the partitioning schema and the number of domains on a server, there may be a disk space issue. This will only effect customers with large numbers of domains and a relatively small /var/ partition, i.e., 8-10G. In these situations, the /var/ partition may become full.

Workaround: For the time being, if you are affected by this issue, we are suggesting the following temporary fixes.

  • Disabling Bandwidth Stats Generation: ‘touch /etc/rrdtooldisable ’ . This will disable generation of the rrdfiles altogether. Removing this file will result in the graphs being generated again.

or

  • Symlinking /var/cpanel/bandwidth to a partition with more space.

mkdir /home/bwtmp; tar -czvf /root/cp-bandwidth-backup.tar.gz /var/cpanel/bandwidth

mv /var/cpanel/bandwidth/* /home/bwtmp/; rm -rf /var/cpanel/bandwidth

ln -s /home/bwtmp /var/cpanel/bandwidth

The above command will create a /home/bwtemp directory, copy the contents of /var/cpanel/bandwidth to it, create a backup in /root/cp-bandwidth-backup.tar.gz, and then symlink the old directory to the new one where there should be more diskspace.

If you have issues executing the fix for this change, please submit a ticket via https://tickets.cpanel.net and we will assist you with this fix.

Posted in Release Announcements | Tagged: ,

Now Hosting Humans by SoftLayer!

Posted on September 25, 2009 by Aaron

If by chance you convinced your boss that the cPanel Conference 2009 was more than 3 days of entertainment, we have  some bad news!    SoftLayer has announced they will host another event October 5th following the  Networking event & reception from 7PM-10PM.  This event will be held at the Hilton and the details are below.

cPanel_Invite_rev.jpg
* This event is open to all attendees of the cPanel Conference!

While Mr. Fun (an imaginary cPanel friend) will be floating around the conference we would also like to take this opportunity to remind you that in addition to 5 “special” events the cPanel Conference will also be packed with two full days of hard core learning, opportunities to network your business, and exclusive content from developers, technical analysts, and vendors.

To register or learn more about the cPanel Conference, please point your browser to: http://conference.cpanel.net.

Follow SoftLayer via Twitter
http://twitter.com/SoftLayer_News

Follow Events of the cPanel Conference
http://twitter.com/cpanelconf/

About SoftLayer
Founded in 2005, SoftLayer provides global, on-demand data center and hosting services from facilities across the U.S. We leverage best-in-class connectivity and technology to innovate industry-leading, fully automated solutions that empower enterprises with complete access, control, security, and scalability. With this insightful strategy and our peerless technical execution, we have created the truly virtual data center—and made traditional hosting and managed/unmanaged services obsolete.
Posted in Events

The Continuous Drink Party® (CDP) by R1Soft!

Posted on September 17, 2009 by Aaron

On Tuesday, October 6, R1Soft will host The Continuous Drink Party® (CDP)  in conjunction with the cPanel Conference. So, after you’ve filled your head with knowledge, your belly with great food, and your imagination with the great games at the Joystix arcade event, you can party at Pub Fiction, courtesy of R1Soft.

The Continuous Drink Party® (CDP)
Location:  Pub Fiction (http://www.pubfiction.com)
Address:  Midtown, 2303 Smith St, Houston, TX 77006-2313
Hours: 10:00PM – 1:00AM
Click Here for Map

How to attend The Continuous Drink Party® (CDP)?
RSVP via: http://events.linkedin.com/Continuous-Drink-Party-R-CDP-by-R1Soft/pub/127887 and stop by the R1Soft booth for final details!

Follow R1Soft via Twitter for up to the minute updates!
http://twitter.com/R1SoftCDPBackup

Follow Events of the cPanel Conference for up to the minute updates!
http://twitter.com/cpanelconf

Speaking of which, if you haven’t yet registered for the cPanel Conference, what are you waiting for? As always, the Conference promises knowledge, networking and, of course, good times — thanks in part to R1Soft.

To register or learn more about the cPanel Conference, please point your browser to: http://conference.cpanel.net

P.S. Don’t forget, registration closes September 25th. If you want to get in on the action, register TODAY!

About R1Soft.
R1Soft makes the only Continuous Data Protection® (CDP) backup software for Windows, Linux, and MySQL Servers.  R1Soft CDP provides backup, restore, and disaster recovery for over 100,000 mission-critical Windows and Linux servers around the world.  Their mission is to make the number one selling backup software in the world at a price everyone can afford.
Posted in Events

cPanel/WHM 11.25 EDGE Now Available

Posted on September 15, 2009 by Aaron

cPanel/WHM is published in four builds:

  • EDGE - The latest build, with the newest features and least testing. We do not recommend running this build on a production web server.
  • CURRENT - More mature and tested than EDGE.
  • RELEASE - The preferred build for a production server, as it is generally current enough to contain the latest fixes and new features.
  • STABLE – For conservative web hosts who do not wish to run the latest release.

Exciting news! We just published the latest version of our Linux web hosting software — cPanel/WHM 11.25 — to the EDGE build.*

While cPanel/WHM was already famous for its ease of use and reliability, version 11.25 offers several improvments, including:

Usability enhancements

  • Quicker access from mobile devices, due to fewer authentication requests from the server.
  • IMAP IDLE support for mobile devices, allowing near real-time mail delivery from Dovecot mail servers.
  • Streamlined cPanel interfaces, such as Email Accounts and MX Entry.
  • An overhauled language system that provides greater accuracy and language compatibility, with less memory consumption.

More info on usability enhancements.

Security features

  • Session tokens and blank referer checks, to help prevent cross-site request forgery.
  • Better cPHulk reliability, for improved protection against brute force attacks.

More info on security features.

Efficiency improvements

  • Lower memory consumption during synchronization of DNS clusters.
  • Quicker restart processes for both the Apache web server and the BIND nameserver.
  • Quicker load times for the cPanel home page.

More info on efficiency improvements.

And those are just a few of the upgrades you get with 11.25! For more detailed information, take a look at our cPanel/WHM 11.25 website.

For technical details, see our version 11.25 release notes.

Note:  As of version 11.25, cPanel will discontinue support for the x and x2 themes. During installation of 11.25, current users of the x and x2 themes will automatically be switched to the up-to-date x3 theme, which uses the x branding package.

Posted in Release Announcements | Tagged:
Page 17 of 22« First...10...1516171819...Last »
Loading...

Register Now to Learn About 11.38, SSL and More...