As eCommerce continues to increase in popularity, the ability to comply with server management standards becomes more important. These standards are set by the industry that oversees debit and credit card transactions.
If you have questions about PCI compliance, then please join cPanel Technical Product Specialist David Grega and Strategic Partner Manager Mario Rodriguez on January 19, 2011 at 11:30 a.m. CST (GMT -600) for the first cPanel webinar of 2011, “Should I care about PCI Compliance?”
This webinar will introduce PCI compliance to hosting providers who use cPanel software. A webinar this significant might be the wisest 30-minutes you spend next year. The cPanel team will explain compliance in plain language and how it affects you.
Topics of discussion will include:
- What is PCI compliance?
- What is needed to comply?
- How to receive free PCI compliance scanning
Following this 30-minute webinar, David and Mario will answer live questions from webinar attendees. Questions can also be emailed to firstname.lastname@example.org.
If you wish to attend this free webinar, please note that registration is required. Interested guests can register at http://go.cpanel.net/pciwebinar.
Posted in News
A memory corruption vulnerability exists in Exim versions 4.69 and older (CVE-2010-4344). Exim is the mail transfer agent used by cPanel & WHM.
This update has been rated as Important by the cPanel Security team.
A memory corruption vulnerability has been discovered in Exim. This vulnerability may lead to arbitrary code execution with the privileges of the user executing the Exim daemon. cPanel previously released RPMs that mitigated the severity of the vulnerability on December 9, 2010 (CVE-2010-4345). This notification is for the release of new RPMs which remove the remote memory corruption vulnerability in its entirety. The vulnerability relies upon “rejected_header” being enabled (default setting) in the log_selector configuration. Continue reading
A privilege escalation vulnerability exists in Exim, the mail transfer agent used by cPanel & WHM.
This update has been rated as Critical by the cPanel Security team.
Research up to this point indicates the exploit is a buffer overflow vulnerability that takes advantage of the default Exim configuration settings related to altering Exim’s runtime configuration file along with overriding the macro definitions in the configuration file. This buffer overflow may lead to arbitrary code execution with the privileges of the user executing the Exim daemon. However, the Exim user retains root privileges when running the -C and -D command line flags. Through the creation of a temporary exim configuration which is processed with the -C or -D flags, the Exim user is able to execute arbitrary commands as root.
This vulnerability is tracked by CVE-2010-4345. Continue reading
We have been getting a lot of great feedback from our customers regarding our changes in 11.28. We are working hard to implement the best of those suggestions. We would like for all our customers to have a chance to have their voice heard. So if you have not done so already, then please take the time to tell us what you like or don’t like about 11.28. There’s always time for great ideas!
cPanel & WHM 11.28 is already available in the EDGE, CURRENT, and RELEASE update tiers. We try to avoid publishing major releases into the STABLE update tier during holiday periods in order to accommodate our partners’ scheduling. We have rescheduled our release date for the STABLE update tier to January 3, 2011.
We will continue to do maintenance releases for 11.28 throughout its life cycle. So keep those suggestions coming!
STABLE ETA: January 3, 2011
On December 1, 2011 the ProFTPD Project team announced that the Project’s main FTP server, as well as mirror servers, were compromised. The ProFTPD 1.3.3c source code was modified to include a backdoor.
The cPanel & WHM Development team obtained the ProFTPD 1.3.3c sources prior to the compromise. Additionally, the Development team has verified that the binary version distributed to cPanel & WHM servers is not affected by this issue. Currently, all product update tiers are set for ProFTPD 1.3.3c.
ProFTPD Compromise Announcement
ProFTPD Project Site
If you have recently started running your own server, are new to system administration, or currently serve as Level 1 technical support staff, then you may have a fear of SSH.
Have no fear because the ’30-Minute Webinar” is here! David Grega and Mario Rodriguez will close out 2010 by hosting this month’s webinar “Overcoming Your Fear of SSH,” on December 15, 2010 at 9:00 a.m. CST (GMT -600).
Knowing how and when to use SSH can be a critical component to keeping a server well maintained. Whether you operate a virtual or dedicated server, this webinar will contain valuable information for you.
Topics of discussion will include:
- Learning about specific commands
- How to connect via SSH
- Looking at logs with tails, tail -f and less
- Moving and deleting files
Following the presentation, David and Mario will answer questions from webinar attendees. You can also email questions to email@example.com.
The webinar is free, but registration is required. Registration is free at http://go.cpanel.net/sshwebinar.
Posted in News
The cPanel Conference may be over for this year, but the learning continues. We’ve posted all of the slides from our staff who presented at the conference. Also, in the coming weeks, we will be making available video recordings of each session at the conference. In the meantime, have a look at the sessions below and feel free to grab any of the slides you’d like. Stay tuned for more updates! Continue reading
The newest version of cPanel & WHM will include a number of new features and some important improvements to existing features. We anticipate publishing to the product tiers on the following dates:
CURRENT, October 20, 2010
RELEASE, November 8, 2010
STABLE, December 6, 2010
DNSONLY, November 29, 2010
More information about cPanel version 11.28 is available at the following locations:
If you missed cPanel Conference 2010, here is a recap video that summarizes the show in about two minutes.
Where’s the video?
When choosing a control panel, you may have several questions that arise. It is important that these questions are addressed so that you can be sure you are making the best decision for your web hosting needs.
In the next installment of the cPanel “30-Minute Webinar” series, Mario Rodriguez and David Grega will address “The Business Case for cPanel.” They will answers questions such as:
- What should you look for in a quality control panel?
- How does using a quality control panel help your customers?
- Why is cPanel consistently chosen as the only commercially-available control panel that America’s industry leaders use for their primary infrastructures?
While tech enthusiasts and novice webmasters have long enjoyed using cPanel software, we understand business executives also need to be empowered with the facts and confidence needed before choosing cPanel over competing control panels.
Please tune in on November 18, 2010 at 9 a.m. CST (GMT -600) to find out why cPanel might be the answer to your control panel needs. There will be a question and answer period after the webinar is finished. You may also email your questions to firstname.lastname@example.org.
To view this webinar, visit http://go.cpanel.net/bcwr.
cPanel now has a Video Library! Check out webinars, interviews and testimonials, product and sales information, as well as footage from past cPanel Conferences at http://www.cpanel.net/videos/.
Posted in News