Upgrading OpenSSH on CentOS

Note: This is an update from our 2011 post. If you’ve taken a peek at your PCI scan results lately, you may have noticed that your scan provider is now requiring OpenSSH 6.6 or higher due to CVE-2014-2532 – a version that is not currently available in the CentOS 5 or 6 repositories. A Yum update isn’t going…

Read more

CloudLinux or BetterLinux?

UPDATE 6/18: Shortly after this was posted and one of the major hosting companies I’m affiliated with removed BetterLinux from their servers due to stability problems, BetterLinux announced that they are shutting down, effective July 1st. Customers ask us all the time whether they should use CloudLinux or BetterLinux on their servers, and what differences exist…

Read more

Resolving MS15-055 on cPanel Servers

If you’re a hosting provider with cPanel servers that were set up prior to version 11.46, you may be hearing from customers using Outlook ever since MS15-055 was released by Microsoft on May 12.  This most recent Outlook upgrade prevents the software from connecting to a POP or IMAP server that uses DH keys that are…

Read more

de-POODLE-ing: How to Disable Support for SSLv3 on a cPanel Server

The latest security buzz this month is about the SSLv3 POODLE vulnerability, and how SSL version 3.0 is now officially designated as insecure, joining its predecessors versions 1.0 (unreleased) and 2.0.  This effectively concludes the life cycle of the SSL protocol in favor of TLS.  This post will give you a brief overview of what POODLE…

Read more

SSH Security for Shared Hosting

Web hosts often shy away from the idea of allowing SSH access to their clients on shared servers, typically due to security concerns bred by the hosting industry.  Some of the largest providers, however, are now offering SSH to make their services more functional for advanced users, so now we are often asked whether allowing SSH as a feature is a…

Read more

Configure Email Client Shows Wrong SSL Hostname

CPanel allows you to install a shared SSL certificate for email services so your users can connect securely to POP, IMAP, and SMTP.  The only real drawback here is that you can only natively use one certificate, which means your users should be connecting to the correct hostname under which the SSL certification is installed from…

Read more

How to Convert InnoDB to innodb_file_per_table and Shrink ibdata1

Years ago, MySQL started allowing InnoDB to possess separate tablespace per table instead of a massive unified ibdata1 file.  Tablespace is basically a logical storage area that contains table information – references, if you will.  Every table, regardless of the storage engine, has one, and without it the table will be unrecognizable to MySQL.  MyISAM stores…

Read more

Correcting Perl Scalar::List::Util Errors on CentOS 5

We started getting some reports from users on CentOS 5 trying to run EasyApache and being unable to due to the following error: Undefined subroutine &Scalar::Util::readonly called at /usr/lib/perl5/site_perl/5.8.8/IO/Uncompress/Base.pm line 1104. We found that this is due to an outdated Scalar::Util module that was unable to be loaded properly by system Perl.  To fix this, you…

Read more

cPanel Configuration Clusters and Security Considerations

cPanel 11.44 introduces a new feature fresh from their feature request system that now allows server administrators to deploy the configuration of one server to multiple servers in what the they call a “configuration cluster”.  It will start by offering this capability to just the cPanel update preferences, but will eventually be expanded to work with…

Read more

Log in