Messages

A new alert has been issued by The Cybersecurity and Infrastructure Security Agency (CISA) today about active exploitation of a severe vulnerability in Control Web Panel (CWP) - a widely used server management tool for CentOS-based systems.

CVE-2025-48703 allows unauthenticated remote code execution via OS command injection. Attackers must know a valid non-root username, but these can be easy to guess.

CISA issued a remediation deadline of November 25, urging immediate action. The flaw affects all CWP versions prior to 0.9.8.1205, released in June 2025.

Help Net Security reports that system administrators are advised to upgrade to the patched version, restrict UI access on port 2083 to trusted IPs, and monitor for indicators of compromise such as suspicious shell commands, modified .bashrc files, or unauthorized user accounts. If no vendor patch is available, CISA recommends considering a migration to alternative hosting panel solutions. Organizations should also deploy web application firewalls and intrusion detection systems to detect ongoing exploitation attempts.

Hurry!

It's Halloween time so best time to get deals from the hosting providers.

Hi,

Welcome to the Forum!

Regards,
Kailash

[Issue:]

Issue:

On EL9 servers, EasyApache 4 reports the following error:

Code Select Expand

Error: API failure: "/usr/bin/python3" reported error code "1" when it ended: Traceback (most recent call last): File "/usr/local/cpanel/bin/packman_get_multiinfo_json", line 74, in packman.get_info_for_packages_and_prefixes( File "/usr/local/cpanel/bin/packman_lib/dnf_impl.py", line 203, in get_info_for_packages_and_prefixes _load_package_info_into_cache_for_packages_and_prefixes(pkglist, prefixes) File "/usr/local/cpanel/bin/packman_lib/dnf_impl.py", line 73, in _load_package_info_into_cache_for_packages_and_prefixes _create_pkg_map_and_package_name_to_possible_objs( File "/usr/local/cpanel/bin/packman_lib/dnf_impl.py", line 118, in _create_pkg_map_and_package_name_to_possible_objs cache_NewestByName[package_name].version AttributeError: 'NoneType' object has no attribute 'version' w/ /usr/local/cpanel/bin/packman_get_multiinfo_json --populate-provides --disable-excludes --prefix ea- Often errors like this can be resolved by running `dnf makecache`
This is preventing the use of EasyApache 4 on existing cPanel installations. New installations are prevented from proceeding due to the error.

Workaround

If the above error has occurred the dnf/yum cache needs to be cleared with:

Code Select Expand

dnf clean all
Then remove this file

Code Select Expand

rm -f /etc/cpanel/ea4/is_ea4
and then execute

Code Select Expand

/scripts/ea4_fresh_install

Code Select Expand

dnf install ea-profiles-cpanel -y
On CloudLinux servers run

Code Select Expand

dnf install ea-profiles-cloudlinux -y
New installs will not be impacted.

Please Note: If the previous workaround, disabling the EA4 repo was used, please be sure to enable the repo again.

Code Select Expand

dnf config-manager --set-enabled EA4

[Solution:]

You may see the following warning in the DNS Zone Manager and/or the cPanel File Manager:

Code Select Expand

A warning occurred while processing this directive. [show] [close]
'tech_domains' array in /etc/cpanel/ea4/ea4-metainfo.json contained only invalid or empty entries.
Solution:

An older version of the ea-cpanel-tools package is installed. You will want to remove the installed version by running the following command:

Code Select Expand

rpm -e --justdb --nodeps ea-cpanel-tools
and then install the newer version with this command:

Code Select Expand

yum install ea-cpanel-tools

[Issue:]

Issue:

When importing and address book card into the cPanel CardDAV address book data like personal and notes are missing when using Roundcube.

Workaround:

The only workaround presently is to import the card into the Personal Addressbook and then manually copy the data and save it in the cPanel CardDav Addressbook.

Is it MySQL database or Microsoft SQL server database? Also, is it deleted or corrupted?

- Kailash

Usually it should not happen frequently. There may be some changes or settings affecting this.

- Kailash

Most like some security tools or software is updated. Sometime ModSecurity can cause this problem.

403 is a forbidden error and it is not related to authentication. Only your hosting provider can check further for the root cause of this problem. If they can't figure it out, it's a time to change the host.

- Kailash

You can use the outbound spam filtering for your servers. This is easy to manage and track the spammers.

- Kailash

Dear Members,

We have added a new membership option for the hosting providers. This allows other community members to easily recognize the hosting providers. In addition, it will show the following blue verified icon in the profile:



This membership will also allow to use topic prefix to highlight the topic for greater reach.



For more information, you may refer the membership option from the following URL:

https://www.webhostingdiscussion.net/forum-membership/

Regards,
Kailash

[Features:]

Dear Members,

We are pleased to announce the addition of the new feature in the forum as follow:

Features: Topic prefix option with paid membership

This allows the members to set topic prefix like BlackFrirday, Halloween, CyberMonday, Offer etc. We add the new prefix on regular interval. This will highlight your post for the greater reach.

For more information, you can refer our membership page:

https://www.webhostingdiscussion.net/forum-membership/

Regards,
Kailash

[WHMCS vs Blesta]

You can use the billing systems like WHMCS, Blesta. Such systems allow the company to automate the billing, invoice and support systems.

You can refer our blog on WHMCS vs Blesta to review both billing and support systems.

Kailash

[Black Friday Deals at Liquid Web 2024]

Black Friday Deals at Liquid Web 2024

1. Fully managed hosting plans

Offer:  85% off for 3 months

2. Managed WordPress hosting

Offer: 75% Off On WordPress Hosting

Hoping to see amicable solution in the interest of WordPress community. If there is ongoing issue, it may be a trouble for WP Engine clients to use WordPress on their infrastructures.

- Kailash

For credit card, I recommend Stripe payment gateway.

- Kailash

[Issue Description:]

Issue Description:

In cPanel v120.0.12, cPanel has updated internal PHP version to PHP 8.3. When this update released, ionCube did not release supported loader for PHP 8.3.

Because of this, Softaculous and other scripts which depend on ionCube Loader, they are failing. cPanel has raised the internal case RE-532 with their developer team to address this.

Workaround:

If you are affected by this, you can refer the following guideline to apply the workaround while cPanel releases an update to address this:


Softaculous Not Working on cPanel v120.0.12

[Action Required:]

Stackpath is closing everything. Following is their official announcement:

------------------------
After careful consideration, it has been decided to close all StackPath products and liquidate all assets for the benefit of our creditors.

Effective immediately, we will begin the decommissioning of all StackPath services. The services impacted include:

• StackPath Edge Compute Services (VMs and Containers)
• StackPath Authoritative DNS Services
• StackPath Object Storage
• StackPath Network Transit Services
• StackPath Datacenter Colocation Services
• Server Density Monitoring Services

For customers who have storage with Wasabi Cloud object storage product, Wasabi is prepared to move your account from StackPath managed to a direct account or assist you in moving to another reseller/partner as required. Please email [email protected] for assistance.

We understand the importance of these services to your operations and urge you to take immediate action to transition your services and copy all data off of our platform.

Action Required:
   

• Move Services: Please begin transitioning your services to an alternative provider.
• Backup Data: Ensure all your data is backed up from our platform.

Invoicing:

• Customer invoicing was stopped on June 12, 2024.
• Please pay any outstanding invoices using control.stackpath.com.

Support:

• We are no longer offering technical support.
• For questions regarding final invoices, please contact us at [email protected].

We deeply appreciate your business and regret any inconvenience this closure may cause. Thank you for your understanding and cooperation during this transition.

StackPath
------------------------------------------------------------

If you are using any service from StackPath, be sure to backup the data immediately.

[To auto scroll UP a web page at regular interval:]

Sometime, we may need to scroll up/down a web page in Google Chrome for automation. You can do this without any third party Chrome extension. This is possible using the simple JavaScript code as follow:

To auto scroll UP a web page at regular interval:

• Open Google Chrome and navigate to the web page you want to auto-scroll.
• Open the Developer Tools by pressing Ctrl+Shift+I (Windows/Linux) or Cmd+Option+I (Mac).
• Go to the Console tab.
• Copy and paste the following JavaScript code into the console and press Enter:

Code Select Expand

setInterval(() => {
    window.scrollBy(0, window.innerHeight);
}, 60000);  // 60000 milliseconds = 1 minute

This script uses setInterval to execute the window.scrollBy function every 60 seconds (60000 milliseconds), scrolling the page by the height of the visible window each time. If you want to scroll by a different amount, you can adjust the second argument of window.scrollBy(0, window.innerHeight) to a specific number of pixels.

To auto scroll DOWN a web page at regular interval:

• Open Google Chrome and navigate to the web page you want to auto-scroll.
• Open the Developer Tools by pressing Ctrl+Shift+I (Windows/Linux) or Cmd+Option+I (Mac).
• Go to the Console tab.
• Copy and paste the following JavaScript code into the console and press Enter:

Code Select Expand

setInterval(() => {
    window.scrollBy(0, -window.innerHeight);
}, 60000);  // 60000 milliseconds = 1 minute

window.scrollBy(0, -window.innerHeight): This scrolls the page up by the height of the visible window (window.innerHeight). The negative value (-window.innerHeight) ensures that the page scrolls up.

Regards,
Kailash

Hi,

It appears that you have integrated Stripe account which is setup using Indian Address and company but you are attempting to use other currency i.e. USE, EUR etc. This is not allowed.

If you have an Indian Stripe account, your currency should be INR. To accept in other currency, you must have Stripe account from outside India.

Hope this will help to resolve your issue.

Regards,
Kailash

mod_lsapi is still not available for AlmaLinux 9.x version with cPanel. This may be available in the future.

If you need it now, you will need to go convert your AlmaLinux 9 to CloudLinux 9. mod_lsapi is available for CloudLinux 9 with cPanel control panel.

- Kailash

[Block Bad bots using .htaccesss]

The best way to block bad bots is, use CloudFlare and create a rule to block bad bots including Claudebot.

You can also block the bots using .htaccess rule. For more information, you can refer the following URL:

Block Bad bots using .htaccesss

[Vulnerability]

OceanWP WordPress theme is one of the most popular WordPress theme. There is a vulnerability identified in OceanWP <= 3.5.4 version as follow:

Vulnerability:

The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_theme_panel_pane function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose sensitive information such as system/environment data and API keys.

It is recommended to upgrade your OceanWP theme as soon as possible to avoid any security issue in your website.

- Kailash

Hello Chris,

It requires to enable couple of settings to allow end cPanel user to manage SSL/TLS status and AutoSSL certificate. You can refer our following KB to resolve this problem:

SSL/TLS Status is not showing in cPanel

Don't worry, you just need to adjust couple of settings. That's it!

Regards,
Kailash

It seems that new Kernel is not added in grub configuration. You can regenerate it using the following command:

Code Select Expand

grub2-mkconfig -o /boot/grub2/grub.cfg
You will need to reboot your server after executing the above command.

- Kailash

This should really affect their Exchange users and businesses depend on it.

cPanel informed its partners about a price increase which will come into effect from the 16th of December 2022. There is no official link for this price hike but you can refer the following external resource:

https://cloud7.news/hosting/cpanel-announces-price-hike-in-december/

PHP 7.4 is reached to end of life Today, 29th November 2022. That means there will be no official updates available for PHP 7.4 version. It's time to migrate to PHP 8.1.

https://www.php.net/supported-versions.php

Regards,
Kailash

[checkallsslcerts]

This is known issue in cPanel and as of now there is not direct solution to fix this.

As per cPanel support, their team is currently working to identify the exact cause of this issue, but they have identified that running  checkallsslcerts script at another time will result in a successful certificate installation.

As a workaround, you can set the following cron at different time:

30 8 * * * /usr/local/cpanel/bin/checkallsslcerts > /dev/null

- Kailash

So far there is no news or official announcement from cPanel. No news means it is good for us