I've been all over the Net trying to find a solution to the 'mismatched' certificate error when a user tries to access cPanel.
I'm on a VPS and have discovered that if I use [url]that FireFox (bless them) doesn't popup with a warning. It will if I use my Shared IP like [url]
IE7 on the other hand ( may the wrath of Khan be on its head) displays it's egregious Red Seal with a warning that Kafka would have a hard time outdoing.
So here's the question with an IE7 gotcha:
Do I purchase a WildCard cert for "hostname.com" so that when a user tries to access cPanel via my.hostname.com they won't get a warning from IE? I've been all over the M$ IE forum and I couldn't find anyone that has a workaround for a shared SSL. I'm concerned now, that even a WildCard cert won't fix the IE problem.
After click webadmin its shows a security warning conform box as following on Firefox ...
Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.
Are you sure you want to continue sending this information?
And if click " OK" the page display " Server not found " error
somewhere on my cpanel server a script has been able to be used by a spammer and im now getting tonnes of returned mails from aol etc. 1000's are coming in every hour.
I think i have found the culprit, but i can't be sure. how can i find out for sure which script this was? the email headers dont even show the user from what i can see!
When I try to access my CPanel, I get the following error message r00t-x...here ]
your Security...Get DoWn
sorry ..
YOU ARE OWNED! #my Email :: Members:: HaCkeR Al-MaDiNaH~_~eVil CeLL
Is it a problem with my account, or a server problem. Is there anything I can do to prevent this problem? Mods please remove anything which is not as per TOS
I just signed up for a shared hosting plan that uses cpanel and got a simple page up and running with no problems. I need to know if there are any steps I need to take as far as security. I have read info about password protecting directories but I'm not sure if that needs to be done on directories that are already there like /etc /mail /accesslogs or just ones that I create like /myimages for example.
I don't have visitors yet and don't think I will for awhile but would still like to take all precautions early and get them out of the way.
How do I stop the common cpanel/whm "domain mismatch" security warning popup for good WITHOUT the need to install a server hostname certificate and access through that.
Is there a way to save the cert in the browser? I could not find that option and I am using Firefox 2.
Just have some questions regarding server settings and security
1) What will happen if Open_basedir in php.ini is changed to Open_basedir = /home:/tmp ?
2) What will happen if all hosted users in passwd file are set to /sbin/nologin ??? Dose it effect running the web site?
What are the effects if Sync if set to /sbin/nologin default is /bin/sync shutdown if set to /sbin/nologin default is /sbin/shutdown halt if set to /sbin/nologin default is /sbin/halt news if set to /sbin/nologin default is empty netdump if set to /sbin/nologin default is /bin/bash Mysql if set to /sbin/nologin default is /bin/bash mailman if set to /sbin/nologin default is /bin/bash cpanel if set to /sbin/nologin default is /bin/bash
3) How to make /bin/bash in passwd file is the default path for each new user added (automatically) in cpanel/whm server
4) What is the effect if base64_encode and base64_decode if been added in disable functions?
5) How to secure host.conf and nsswitch.conf to prevent DNS lookup poisoning and also provide protection against spoofs?
6) How to secure the system configuration file sysctl.conf to prevent the TCP/IP stack from syn-flood attacks?
I run a web hosting company and one of my servers is a LAMP server running CentOs 5. A user of mine has a Joomla installation running to manage his website and he has run into the following problem that I am puzzled by.
When Joomla adds a component or module to itself, or when a user uses the Joomla upload functionality, Joomla will add the new files under the user name "apache". This makes sense as it is the apache service running PHP that is actually creating the files.
However, when he FTP's into the account to modify these files, he doesn't have the appropriate permissions to do so as he doesn't have a root level login, just permissions on his home directory which is the site. Any help would be much appreciated.
Also, does anyone know how to change the owner/group of a directory and all of its sub directories in Linux without changing the actual permissions? I.e. some of the files in the folder have different permissions (0644 as apposed to 0755) than its parent but if I do a top down user/group change on the folder it will change everything in that folder to 0755.
I just signed up for dedicated server at Softlayer with cPanel, mySQL and CentOS. I'm moving a site that is on a VPS with WHM. I know that cPanel has a transfer site feature.
I was considering hiring a service to migrate my site and to harden my server. Is this necessary or should I simply move it via cPanel? Things are tight and I don't want to incur an unnecessary cost if I don't have to. I defer to the members here at WHT for your recommendations.
I keep receiving this error message from my server.
I checked with my system admin, they told me it is ok.
Any opinion here ? S.M.A.R.T Errors on /dev/hdc From Command: /usr/sbin/smartctl -q errorsonly -H -l selftest -l error /dev/hdc Please note the following marginal Attributes: ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE 190 Unknown_Attribute 0x0022 074 040 045 Old_age Always In_the_past 250116374554
In my linux vps i am using WHM and enabled tomcat hosting for one of virtual host ,the tomcat shows 404 error for .jsp pages,remaining virtualhosts are working properly.When i view the log file i found the following line,
INFO: Container org.apache.catalina.core.ContainerBase.[Catalina].[vhost].[/] has not been started
In above line vhost is domainame.How to solve this issue?
"220-server.domain.com ESMTP Exim 4.69 # 1 Wed, 10 Jul 2008 13:33:22 -0500 220-We do not authorize the use of this system to transport unsolicited, 220 and / or bulk e-mail"
I'm trying to use cPanel API to grab my disk space usage and I'm getting the following error - I'm using cPanel API.
Warning: fsockopen() [function.fsockopen]: unable to connect to mywebsite.com:2082 (Connection timed out) in /home/mywebsite/public_html/cPanel.php on line 53 Disk Space Used: 0 MB This is my small test code (my real login parameters removed): include "cPanel.php"; $cPanel = new cPanel('mywebsite.com', 'username', 'password', 2082, false); echo 'Disk Space Used: ' . $cPanel->getSpaceUsed() . ' MB<br>';
i have a dedicated server with CENTOS Enterprise 4.6 i686 on standard i have main problem that there is an account on my server that the password can enter the FTP account normally but not enter the Cpanel i see that if the coanel pass is 951753 he can not log in the cpanel but can enter FTP why this problem ? and how to resolve it