Our security comlience test got failed due to following reason
Synopsis: The remote service encrypts traffic using a protocol with known weaknesses.
Description: The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients.
Solution: Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. See for Apache.
We have Cpanel RHEL server. Please advise how to:
'disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. See for Apache.'
I would like to disable SSL 2.0 and use SSL 3.0, my question how i can do this and which file i have to modify or i have to upgrade from SSL 2.0 to SSL 3.0 ?
I've seen for securing PHP recommends putting parse_ini_file() in the disable_functions line in php.ini but I cannot find an exact reason why. This being disabled is causing an error message to appear on some of my users sites but I'm trying to find a clear cut reason why it is disabled.
is it possible to disable log rotate? I can't seem to find the cron under my weeklys or dailys nor monthlys unless it's named "mad-db" but is there a way to make it say yearly? or just disable it all together? I say this because the script I use has a function already to clear the logs and when log rotate runs it kills all processes going by the script
domain.com:2082/scripts.php I have run phpinfo for looking for cpanel php.ini I have Configuration File (php.ini) Path /usr/local/cpanel/3rdparty/etc I renamed /usr/local/cpanel/3rdparty/etc to /usr/local/cpanel/3rdparty/etc.OLD then restart the server I am still get cpanel php work and phpinfo give : Configuration File (php.ini) Path /usr/local/cpanel/3rdparty/etc how to disable cpanel php to prevent some one exploit php to hacking my server?
I want to disable WHM/Cpanel.because client purchase dedicate server from us and he want to access from command line and no WHM/Cpanel so how can i do it and it will be effect on any service because i have installed all the service like dns, exim and http from WHM.
Does is possible to disable ftp capabilities of several websites run by cron at some specified time of the day? then re-enable it automatical at a certain time also?
I got the problem with email running on my server.
That mean, I using my domain email service with other server. Now I hosted a website for this domain on one other server.
Note that the IP for domain and email domains are different (Using managed domain service)
But I got the problem now when email sending from the server (using php email function ) with the website running that will confusing, not sending anymore.
Don't know that you understand my case. But I want to stop email service for this domain on my server, all email just send and receive through other email server.
I have placed .htaccess to block some ip, when the person ip matches, my server will gives this message "client denied by server configuration", got lots of them everday in my error log, how can I disable this message? I need other error log message but not this message, is there any way I can disable it?
I have Apache 2.2 using cPanel 11 how do I disable apache I was sure it was using this cmd, /etc/httpd/conf/httpd.conf off When I try that I get permission denied and im logged in with root! I also tried this /etc/httpd/conf/httpd.conf chmod 777 permission denied again. Anyways, I need to disable Apache so LiteSpeed will work and I can dump Apache the unforgiven pos that will dos it recieves a request to visit a webpage. (That is over doing it, Apache is really good just if it gets hit it's down easy.)
It possible to disable the disable function for all user expect one account for running few application i need shell_exec, passthru, exec these so for other account it possible to disable it?
I am using cPanel 11 one of my Linux server with O.S. as Fedora core 4. For one of my websites I had enabled spam assassin a few days before. But now I want to disable it but not getting any option to do so.
the biggest security issue i have with my clients is php c99 shell and similar php files, somehow these files uploaded on the website and from here they start attacking the websites. i have seen also that once you upload the c99 php file you are able to see the accounts information ( such as a user name ) on the same server
so is there any way to disable this kind of php file or at least disable some function within the file!
i have been thinking to install and run a antivirus on the server , but i see sometimes they upload the encrypted version of the file , so the antirus can't catch the file as a torjan!
way to disable my Wordpress's RSS feed, because I have figured out another website just copies my content via my RSS feed.
I have searched and found three interesting results, which actually all 3 do or suggest you to do the same thing. [url] [url] plugin: disable rss
This works perfectly to disable /feed, but unfortunately /feed/rss will still perfectly work?
I can't see why all those developers just post this, without having actually tested if it really disabled the RSS feed. But can somebody recommend me a good way to disable Wordpress's RSS feed?