Installing LetsEncrypt SSL Certificates on CentOS + cPanel Servers

At the time of this writing, LetsEncrypt is in public beta and already in high demand. This service is a new certificate authority that allows you to generate your own signed certificates in an effort to improve security.  At present there is a feature request for providing this functionality in cPanel. You can also use…

Read more

Upgrading OpenSSH on CentOS 5 or 6

Note: This is an update from our 2011 post. If you’ve taken a peek at your PCI scan results lately, you may have noticed that your scan provider is now requiring OpenSSH 6.6 or higher due to CVE-2014-2532 – a version that is not currently available in the CentOS 5 or 6 repositories. A Yum update isn’t going…

Read more

CloudLinux or BetterLinux?

UPDATE 6/18: Shortly after this was posted and one of the major hosting companies I’m affiliated with removed BetterLinux from their servers due to stability problems, BetterLinux announced that they are shutting down, effective July 1st. Customers ask us all the time whether they should use CloudLinux or BetterLinux on their servers, and what differences exist…

Read more

de-POODLE-ing: How to Disable Support for SSLv3 on a cPanel Server

The latest security buzz this month is about the SSLv3 POODLE vulnerability, and how SSL version 3.0 is now officially designated as insecure, joining its predecessors versions 1.0 (unreleased) and 2.0.  This effectively concludes the life cycle of the SSL protocol in favor of TLS.  This post will give you a brief overview of what POODLE…

Read more

SSH Security for Shared Hosting

Web hosts often shy away from the idea of allowing SSH access to their clients on shared servers, typically due to security concerns bred by the hosting industry.  Some of the largest providers, however, are now offering SSH to make their services more functional for advanced users, so now we are often asked whether allowing SSH as a feature is a…

Read more

cPanel Configuration Clusters and Security Considerations

cPanel 11.44 introduces a new feature fresh from their feature request system that now allows server administrators to deploy the configuration of one server to multiple servers in what the they call a “configuration cluster”.  It will start by offering this capability to just the cPanel update preferences, but will eventually be expanded to work with…

Read more

OpenSSL Heartbleed Bug and What You Need to Know

Over the past few days, we have received an overwhelming number of questions about the OpenSSL Heartbleed bug and how cPanel system administrators should be handling this. First of all, if you haven’t read Codenomicon’s write-up on the bug, which thoroughly explains what it is, you should look visit heartbleed.com. Because their website already covers…

Read more

Exim Privilege Escalation in 4.69-23

The cPanel security team found an issue in Exim that can potentially allow a user on the system to potentially run commands as the root user. Luckily, cPanel has already released a patch which is available for immediate download via their Exim upgrade script. If your system is set to update cPanel automatically, you may…

Read more

Nasty Kernel Exploit in the Wild

I love waking up in on a nice Saturday morning to find out that one of my servers was rooted. A two-year-old kernel issue in Redhat distributions has surfaced in the form of a nasty exploit byAc1db1tch3z. Basically, a 32-bit binary is compiled and loaded to the server, and when run by any users (even…

Read more

Log in