1

Apr

2014

cPanel-EasyApache 3.24.14 / Apache version 2.2.27

News

SUMMARY
cPanel, Inc. has released EasyApache 3.24.14 with Apache version 2.2.27. This release addresses Apache vulnerabilities CVE-2014-0098 and CVE-2013-6438, by fixing bugs in the mod_log_config and mod_dav modules. We encourage all Apache users to upgrade to Apache version 2.2.27.

AFFECTED VERSIONS
All versions of Apache version 2.2 before 2.2.27.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-0098 – MEDIUM

Apache 2.2.27
Fixed bug in the mod_log_config module related to CVE-2014-0098.

CVE-2013-6438 – MEDIUM

Apache 2.2.27
Fixed bug in the mod_dav module related to CVE-2013-6438.

SOLUTION
cPanel, Inc. has released EasyApache 3.24.14 with updated version of Apache version 2.4 to correct these issues. Unless you have disabled EasyApache updates, EasyApache will include the latest version of Apache automatically. Run EasyApache to rebuild your profile with the latest version of Apache.

REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0098
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6438
http://httpd.apache.org/docs/trunk/new_features_2_2.html

21

Mar

2014

cPanel-Apache 2.4.9 / EA 3.24.13

News

SUMMARY
cPanel, Inc. has released EasyApache 3.24.13 with Apache version 2.4.9. This release addresses Apache vulnerabilities CVE-2014-0098 and CVE-2013-6438, by fixing bugs in the mod_log_config and mod_dav modules. We encourage all Apache users to upgrade to Apache version 2.4.9.

AFFECTED VERSIONS
All versions of Apache version 2.4 before 2.4.9.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-0098 – MEDIUM

Apache 2.4.9
Fixed bug in the mod_log_config module related to CVE-2014-0098.

CVE-2013-6438 – MEDIUM

Apache 2.4.9
Fixed bug in the mod_dav module related to CVE-2013-6438.

SOLUTION
cPanel, Inc. has released EasyApache 3.24.13 with updated version of Apache version 2.4 to correct these issues. Unless you have disabled EasyApache updates, EasyApache will include the latest version of Apache automatically. Run EasyApache to rebuild your profile with the latest version of Apache.

REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0098
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6438
http://httpd.apache.org/docs/trunk/new_features_2_4.html

18

Mar

2014

cPanel 11.42 Now in STABLE Tier

News

cPanel, Inc. is thrilled to release cPanel & WHM software version 11.42, which is now available in the STABLE tier.
cPanel & WHM version 11.42 offers a brand new theme, an upgrade to Horde Groupware Webmail, and more.

Paper Lantern Theme
As part of 11.42, cPanel & WHM introduces Paper Lantern, a modern, powerful theme. With its simplified design, beautiful icon set, and thoughtful feature names, this edition of Paper Lantern is only the beginning.

Horde Groupware Webmail Upgrade
cPanel & WHM now uses Horde Groupware Webmail Edition 5.1. This upgrade provides a simple webmail application for all users, regardless of experience level.

Detailed information on all cPanel & WHM version 11.42 features can be found at https://documentation.cpanel.net .* An overview of the latest features and benefits is also available at http://releases.cpanel.net.

To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the “Security Advisories and Product Release Announcements” mailing list here: http://cpanel.net/mailing-lists.

*Please note the updated URL for cPanel & WHM Documentation.

17

Mar

2014

cPanel 11.42 Expected in STABLE Tier

News

cPanel, Inc. tentatively plans to release cPanel & WHM software version 11.42 in the STABLE tier on March 17, 2014.

cPanel & WHM version 11.42 offers a brand new theme, an upgrade to Horde Groupware Webmail, and more.

Paper Lantern Theme
As part of 11.42, cPanel & WHM introduces Paper Lantern, a modern, powerful theme. With its simplified design, beautiful icon set, and thoughtful feature names, this edition of Paper Lantern is only the beginning.

Horde Groupware Webmail Upgrade
cPanel & WHM now uses Horde Groupware Webmail Edition 5.1. This upgrade provides a simple webmail application for all users, regardless of experience level.

Detailed information on all cPanel & WHM version 11.42 features can be found at https://documentation.cpanel.net. * An overview of the latest features and benefits is also available at http://releases.cpanel.net.

To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the “Security Advisories and Product Release Announcements” mailing list here: http://cpanel.net/mailing-lists.

*Please note the updated URL for cPanel & WHM Documentation.

11

Mar

2014

EasyApache 3.24.12 Release Announcement

News

SUMMARY
cPanel, Inc. has released EasyApache 3.24.12 with PHP versions 5.5.10 and 5.4.26. This release addresses PHP vulnerabilities CVE-2014-1943, CVE-2014-2270, and CVE-2013-7327 by fixing bugs in the Fileinfo and GD modules. We encourage all PHP users to upgrade to PHP versions 5.5.10 and 5.4.26.

AFFECTED VERSIONS
All versions of PHP 5.4 before 5.4.26.
All versions of PHP 5.5 before 5.5.10.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-1943 – MEDIUM

PHP 5.4.26
Fixed bug in the Fileinfo module related to CVE-2014-1943.

PHP 5.5.10
Fixed bug in the Fileinfo module related to CVE-2014-1943.

CVE-2014-2270 – MEDIUM

PHP 5.4.26
Fixed bug in the Fileinfo module related to CVE-2014-2270.

PHP 5.5.10
Fixed bug in the Fileinfo module related to CVE-2014-2270.

CVE-2013-7327 – MEDIUM

PHP 5.5.10
Fixed bug in the GD module related to CVE-2013-7327.

SOLUTION
cPanel, Inc. has released EasyApache 3.24.12 with updated versions of PHP 5.4 and 5.5 to correct these issues. Unless you have disabled EasyApache updates, EasyApache will include the latest versions of PHP automatically. Run EasyApache to rebuild your profile with the latest version of PHP.

REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2270
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7327
http://www.php.net/ChangeLog-5.php#5.5.10
http://www.php.net/ChangeLog-5.php#5.4.26

24

Feb

2014

New to using a VPS? We have 6 Security Tips for you!

News

SEO Hosting VPS SecuritySo you just got your new virtual private server (VPS) and your are excided about using it BUT you need to be aware of some import tips to help you secure it properly. Your VPS will open you up to a whole new world of possibilities and power. It will also open you up to a new world of security threats. If you are accustomed to having most security issues handled by your shared hosting provider, now might be a good time to learn some basic security tips for your new VPS.

1. Protect your logins – This means using strong secure password and limiting SSH access to only necessary users and disallowing root logins. The ‘root’ account has full control over the entire server, so allowing direct logins as ‘root’ via SSH is one of the biggest security risks. Hackers can brute force a server’s ‘root’ password and when they succeed, they will gain full control over your entire server.

2. Keep Your Software Up-To-Date – Keeping the software up-to-date is one of the most important tasks of securing your server. Everyday, numerous vulnerabilities are found in various linux applications, services and scripts and new fixed versions of them are being released very quickly. Installing the updates on your server is crucial and strongly recommended.

3. Protect your server – This means network firewalls, application firewalls, brute force detection and any other form of protection you can imagine. Take some time and research various preventative measures you can take with your operating system.

4. Monitor everything – A VPS administrator must be proactive. You cannot wait until your web host contacts you with a problem. Unlike shared hosting, this may not happen until it is too late. Setup system monitors and keep an eye on your virtual server.

5. Backup, Backup, and Backup – Backup your server regularly and be prepared for the worst. Test your backups to make sure they actually restore properly.

6. Stop/Disable Unnecessary Services – All Linux distributions usually have many services/daemons configured to start every time you start the server. The more services running on your server, the more ports are being open to potential external break-ins. Disabling unnecessary services can improve the security of your server and even the overall server performance.

To check which services are running on your server execute:
# chkconfig –list

The above command will show the startup status of all services.

To stop a service at startup time you can execute:
# chkconfig –levels off

When you start to think about the huge responsibility a VPS requires, it can be overwhelming, but it is definitely manageable if you have the right tools and a fair amount of education on the topic.

13

Feb

2014

Is WordPress Making MySQL Crash?

News

It is always frustrating when you go to check out your blog and you get a message saying a “database connection” error has occurred rather than your normal website displaying. Most of the times a simple restart of MySQL will fix the problem. Most problems such as this relate to your WordPress database and can be fixed without much difficulty.

Once you have determined that WordPress is the cause of your MySQL problems, you can usually repair the database tables that might be causing the problem. The first step is to verify each of the table’s integrity.

If you use phpMyAdmin, you can do the following:

1. Click the name of your database on the left-hand side

2. Click “Check All” at the bottom to select all tables

3. From the drop down menu, select “Check table”

4. If you find some tables do not have the status “OK”, choose “Repair table”

5. Select tables again and choose “Optimize table”

This may not fix all database problems, but it is a good place to start if you ever experience any. Normally, WordPress should not make MySQL crash, but it is possible, and if it does then you have a memory issue or even a bigger problem such as an uninvited guest on your server.

10

Feb

2014

cPanel 11.42 Now in CURRENT Tier

News

cPanel, Inc. is thrilled to release cPanel & WHM software version 11.42, which is now available in the CURRENT tier.

cPanel & WHM version 11.42 offers a brand new theme, an upgrade to Horde Groupware Webmail, and more.

Paper Lantern Theme
As part of 11.42, cPanel & WHM introduces Paper Lantern, a modern, powerful theme. With its simplified design, beautiful icon set, and thoughtful feature names, this edition of Paper Lantern is only the beginning.

Horde Groupware Webmail Upgrade
cPanel & WHM now uses Horde Groupware Webmail Edition 5.1. This upgrade provides a simple webmail application for all users, regardless of experience level.

Detailed information on all cPanel & WHM version 11.42 features can be found at https://documentation.cpanel.net. An overview of the latest features and benefits is also available at http://releases.cpanel.net.

13

Dec

2013

EasyApache EOL Items to be Removed in Early 2014

News

cPanel, Inc. tentatively plans to release a new version of EasyApache in early 2014. This version will include the removal of Apache 1.3/2.0, PHP 5.2, and mod_frontpage. As mentioned at http://blog.cpanel.net/introducing-easyapaches-optimal-profiles/ , these End of Life items will no longer be available in EasyApache.

These items will be removed for the following reasons:

– They are no longer supported by their respective developers.
– They include known CVEs (Common Vulnerabilities and Exposures).
– EasyApache provides the most up-to-date, supported versions of Apache (2.2/2.4) and PHP (5.4/5.5).

Keep in mind that viable alternatives to mod_frontpage exist, such as WebDAV and FTP. Also, PHP 5.2 and mod_frontpage will be available as custom modules (“opt mods”). More information can be found at http://docs.cpanel.net/twiki/bin/view/EasyApache/EasyApacheCustomModules

To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the “Security Advisories and Product Release Announcements” mailing list here: http://cpanel.net/mailing-lists.

6

Dec

2013

cPanel’s Removal of EasyApache EOL Items Pre-Announcement

News

cPanel, Inc. tentatively plans to release a new version of EasyApache on December 9, 2013. This version will include the removal of Apache 1.3/2.0, PHP 5.2, and mod_frontpage. As mentioned in Introducing EasyApache’s Optimal Profiles, these End of Life items will no longer be available in EasyApache.

These items will be removed for the following reasons:

– They are no longer supported by their respective developers.
– They include known CVEs (Common Vulnerabilities and Exposures).
– EasyApache provides the most up-to-date, supported versions of Apache (2.2/2.4) and PHP (5.4/5.5).

Keep in mind that viable alternatives to mod_frontpage exist, such as WebDAV and FTP. Also, PHP 5.2 and mod_frontpage will be available as custom modules (“opt mods”).

To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the “Security Advisories and Product Release Announcements” mailing list here: http://cpanel.net/mailing-lists.