Messages

[Forex VPS hosting]

I have never heard of them but you can refer our recommended Forex VPS hosting providers from our following blog post:

https://www.webhostingdiscussion.net/blog/forex-vps-hosting-platforms/

[Forex VPS Hosting]

Forex market is one of the largest financial market. Anyone can invest and trade in Forex market from anywhere. You just need a system which is connect during Forex market days/hours.

Usually it is preferred to find Forex VPS Hosting provider and get a VPS to run it as Forex Trading. We have comprehensive list of Forex VPS hosting provider in our blog. That can help you to select right provider for your Forex trading.

For more details, kindly refer our following blog:

Best Forex VPS Hosting for Uninterrupted Trading

Regards,
Kailash

Hi,

We have used AccuWeb Hosting Magento Hosting plans for several projects and they just work perfectly. You can give it a try.

- Kailash

Hi,

I have never heard of their name but I recommend AccuWeb Hosting Dedicated servers. They have wide range and global locations available for Dedicated servers.

- Kailash

It looks like company is no longer exists hence closing this thread.

- Kailash

Microsoft has released a security update to address a critical vulnerability in Windows Print Spooler. The vulnerability called "PrintNightmare," that was discovered last week, allows attackers to remotely execute malicious code with system privileges and install programs, make changes in the existing programs, and create new accounts with full user rights.

Fore more details, you can refer Microsoft's official website:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

It is strongly recommended to apply this security update in your desktop or server as soon as possible.

- Kailash

[4th of July Independence Day Sale! - Save 25% - Limited Time Offer]

Astra Premium WordPress theme is giving 25% discount on 4th July Independence day sale. This is limited time offer so it is right time to grab your 25% discount.

Fore more details, 4th of July Independence Day Sale! - Save 25% - Limited Time Offer

Astra WordPress theme offers three different editions and you can select as per your need.

- Kailahs

xpertDNS announced that they are closing the business on May 15, 2021. They announced as follow:

------------------------------------------
We want to inform you that we shall be closing our company Xpert Group Technologies, Inc from May 15, 2021 onwards. We are not taking any more orders and user data will be user data will be deleted on that date.

For the past 15 years that we have been in business it was our sincere effort to offer excellent customer service to our customers, and we hope we were successful in our endeavors.

We request you to contact us in case you need any explanation for any issue.

ACTION REQUIRED:

    DNS Zones will need to be migrated to another hosting provider. ( Zones can be exported from the DNS Manager using "Zone Export". )
    Domains no longer use our name servers.
    If you have a domain registered through us, you will need to transfer to a new registrar before May 15, 2021 as we will not be processing domain renewals.

Yours Sincerely,
------------------------------------------

If you are using xpertDNS, you will need to find the alternative DNS provider to avoid any service outage.

- Kailash

[@salesforce is experiencing a major disruption due to what we believe is a DNS issue causing our service to be inaccessible. We recognize the significant impact on our customers and are actively working on resolution.]

Salesforce faced a service outage on May 12, 2021 and it was confirmed by them on Twitter:

https://twitter.com/parkerharris/status/1392253069690343424

@salesforce is experiencing a major disruption due to what we believe is a DNS issue causing our service to be inaccessible. We recognize the significant impact on our customers and are actively working on resolution.

As per their status page, all services were restored and operational. For more information, you can refer the status:

https://status.salesforce.com

Regards,
Kailash

[ElegentThemes]

ElegentThemes is offering 20% OFF on WordPress Divi theme as a part of their "Anniversary Sale". This is a good time to buy this theme if you are looking for a multi-purpose WordPress premium theme.

[WHMCS 8.0 Release Candidate]

WHMCS has release WHMCS 8.0 in release candidate now. This should be available for production release within next few days. To check what's New in WHMCS, refer our blog post on WHMCS 8.0 Release Candidate.

Thanks you!

CVE-2020-1530 and CVE-2020-1537 – Windows Remote Access Elevation of Privilege Vulnerability

Microsoft has recently released a security update for all supported operating systems. An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.

To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.

The security update addresses the vulnerability by correcting how Windows Remote Access handles memory. A privilege elevation vulnerability (CVE-2020-1530 and CVE-2020-1537) affects all supported versions of Windows server so far.  This vulnerability exists when Windows Remote Access improperly handles memory or file operations. The exploit requires an attacker to have execution capabilities on the victim system. Systems hosting websites or with web-accessible services are particularly vulnerable.

For more information refer the following URL:

https://www.webhostingdiscussion.net/blog/cve-2020-1530-cve-2020-1537/

- Kailash

You install only script? or you also install theme / plugins / modules and etc?

We install plugins, themes, modules etc. as well.

- Kailash

Self-hosted tools are less effective unless you have large number of IPs without any reputation issue. That is the reason most of the users go for transactional email service.

- Kailash

It seems that you are referring to integrated WHM with WHMCS. It is very easy. You can refer their official documentation from the following URL:

https://docs.whmcs.com/CPanel/WHM

- Kailash

[CVE-2020-1350 Windows DNS Server Remote Code Execution Vulnerability]

Microsoft DNS servers are affected by critical security vulnerability. There is remote code execution vulnerability exists in all DNS servers used in Windows Server 2008 and higher operating system. Microsoft has released an update for Windows Server 2012, Windows Server 2012 R2, Windows server 2016 and Windows server 2019. They have released an update for end of life operating system Window Server 2008 R2 but it looks like it is available to those users who have opted their paid addon to continue use Windows Server 2008 R2.

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.

For more information, refer CVE-2020-1350 Windows DNS Server Remote Code Execution Vulnerability.

- Kailash

[SolidCP Error in Web Sites section after Windows updates]

Hi,

If you have recently applied .Net updates on your Microsoft Windows server, it may break "Web sites" section in your SolidCP. SolidCP has yet not releases official update but there is a work around to fix this issue. It requires to edit your portal's web.config file to apply workaround. For more details, you can refer our KB on SolidCP Error in Web Sites section after Windows updates.

- Kailash

Hi,

Are you really looking for their reviews? You are already using their service. You can check your own post here:

https://www.webhostingdiscussion.net/forums/index.php/topic,34051.msg22337.html#msg22337

[Accuweb Hosting]

You can try Accuweb Hosting shared hosting. They have Linux shared hosting from UK location.

- Kailash

[Notable changes in 2.0.16 & 2.0.17]

Simple Machines has released a new patch to the 2.0.x line of SMF, bringing our latest release version to 2.0.17.

We consider this patch to be of crucial importance, as it includes an important fix for a critical bug that was introduced in SMF 2.0.16.

• Fixes a bug that could cause SMF 2.0.16 to start consuming significant amounts of CPU-resources when the RSS function was used.
• Eliminates some deprecated function warnings when using SSI.php on PHP 7.2+.

Please see the changelog for more information.

Since SMF 2.0.17 is essentially what 2.0.16 was intended to be and 2.0.16 was released only a few days ago, we are including a (slightly updated) version of the SMF 2.0.16 announcement for your convenience:

SMF 2.0.16 contained important security and bug fixes, as well as support for the European Union's General Data Protection Regulation (GDPR) requirements. We recommend updating as soon as possible.

Notable changes in 2.0.16 & 2.0.17

• Support for privacy policy in addition to registration agreement
• GDPR Compliance toggle in Core Features

   Enabling this configures multiple settings and new features to comply with the GDPR, including:

• Requiring members to accept the current privacy policy in order to use the forum
• Asking during registration whether the new member wants to receive announcements via email
• Enabling token-based unsubscribe links in emails so members can unsubscribe without logging in
• Allowing members to download a copy of their profile information
• Adjusting the behaviour of a number of other features in minor ways as necessary
• PHP 7.2 support
• Improved security hashes for the image proxy
• Improved security for the login cookie
• Assorted other security improvements
• Various improvements for both the installer and upgrader

[Notable changes in 2.0.16]

Simple Machines has released a new patch to the 2.0.x line of SMF, bringing our latest release version to 2.0.16.

We consider this patch to be of crucial importance, as it includes important security and bug fixes, as well as support for the European Union's General Data Protection Regulation (GDPR) requirements. We recommend updating as soon as possible.

Notable changes in 2.0.16

• Support for privacy policy in addition to registration agreement
• GDPR Compliance toggle in Core Features

   Enabling this configures multiple settings and new features to comply with the GDPR, including:

• Requiring members to accept the current privacy policy in order to use the forum
• Asking during registration whether the new member wants to receive announcements via email
• Enabling token-based unsubscribe links in emails so members can unsubscribe without logging in
• Allowing members to download a copy of their profile information
• Adjusting the behaviour of a number of other features in minor ways as necessary
• PHP 7.2 support
• Improved security hashes for the image proxy
• Improved security for the login cookie
• Assorted other security improvements
• Various improvements for both the installer and upgrader

Please see the changelog for more information.


IMPORTANT NOTES:

• If you are using the GDPR Helper mod, you should follow these steps:
  
• Back up your existing privacy policy text to a file somewhere
• Update the GDPR Helper mod to its latest version
• Uninstall the GDPR Helper mod
• Install the SMF 2.0.16 patch

All users, including the admin, will need to log in again after 2.0.16 has been installed.

How to update to 2.0.16

If you are running version 2.0.15, you can update your forum to the latest version by using the package manager. You should see the update notification in the admin panel notifications and in the package manager, which will allow you to download and install the patch seamlessly.  If you do not see the notification about the patch, please run the scheduled task "Fetch Simple Machines files" from the Scheduled Tasks page (Admin > Maintenance > Scheduled Tasks).

If you use older versions of SMF, you can upgrade directly to 2.0.15 from whichever version you are currently using by using the "Large Upgrade" package from the Download page. Be aware that using this upgrade method will require you to reinstall any customizations that you have added to your forum, so if you are running a version of the 2.0.x series, it is recommended that you apply the successive patches instead of using the Large Upgrade.

If you are having problems downloading the patch from the admin panel, you can download the patch package from the Package Manager Updates page and install it via the Package Manager, as you would any other mod package.

Please refer to the Online Manual for more details about patching and upgrading.

[CURL Error: 56 - OpenSSL SSL_read: Success]

After upgrade to CURL version 7.67.0, you may receive the following error:

CURL Error: 56 - OpenSSL SSL_read: Success

Usually WHMCS and Enom users are reporting the above error. If you are using cPanel, you can downgrade the CURL version to fix this. You can execute following command on a cPanel server to downgrade the version:

yum downgrade ea-libcurl ea-libcurl-devel

Make sure that you restart Apache service. Also, if you are using litespeed, Apache-fpm, nginx etc., make sure you restart those services as well.

Regards,
Kailash

SEC-499

Summary

Authentication bypass due to variations in webmail username handling.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

The process used to normalize and validate webmail account names was not consistent across different authentication subsystems. Because of these discrepancies, authenticated cPanel users could gain access to other cPanel and Webmail accounts on the system.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43



SEC-508


Summary

Account suspension bypass via virtual mail accounts.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Description

The authentication logic for some subsystems relied entirely on data stored in the cPanel account's home directory for the enforcement of account suspensions. A cPanel user could take advantage of this behavior to retain access to virtual email accounts after the user's system account was suspended.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43



SEC-516


Summary

Authentication bypass due to faulty password file format parsing.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

The functions in cPanel & WHM that handled password and shadow file lookups did not enforce the constraints of this file format. This behavior could be misused by authenticated attackers to gain access to other accounts on the system.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43



SEC-520


Summary

Self-XSS due to faulty JSON string escaping.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

The escaping method used for some JSON string interpolation in cPanel & WHM interface templates did not escape all possible character combinations unambiguously.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43



SEC-525

Summary

Cpanel::Rand::Get can produce predictable output.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

When the /dev/urandom device is not initialized, Cpanel::Rand::Get initializes Perl's random number generation with data from the server's environment. This data could be predictable and when used as a seed, could cause predictable random numbers to be generated.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43



SEC-531


Summary

MySQL dump streaming allowed reading all databases.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

The MySQL database dump streaming functionality passed database names to the mysqldump binary in an ambiguous fashion. An authenticated attacker could misuse this behavior to read all databases on the system.

Credits

This issue was discovered by the cPanel Security Team.



Solution



This issue is resolved in the following builds:
11.84.0.10
11.82.0.18



SEC-532


Summary

Root chown on arbitrary paths in cPanel log processing.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Description

When processing logs to calculate bandwidth, symlinks to the processed logs are created in the user's home directory. An attacker can intercept this process to cause the ownership of an arbitrary file to be changed to the attacking user.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43



SEC-533


Summary

Stored XSS Vulnerability in WHM Backup Restoration.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Description

Error messages displayed in the WHM Backup Restoration interface were not adequately encoded. Due to this, it was possible for an attacker to inject arbitrary code into the rendered page.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43



SEC-534


Summary

WebDAV authentication bypass due to faulty connection sharing logic.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

Client authentication was not validated correctly when multiple WebDAV clients connected to the cpdavd daemon through a proxy server. Subsequent requests in a keepalive connection could inherit the authentication of prior requests.

Credits

This issue was discovered by Martin Rouf.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43


For the PGP-signed message, please see: https://news.cpanel.com/wp-content/u...ure.signed.txt.

[RewriteEngine OnRewriteCond %{SERVER_PORT} 80RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]]

Try redirecting using .htaccess rewrite rule:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

[0 * * * * /home/<your_user>/public_html/yourscript.sh]

First, you will have to make sure that your script has execute permissions and then set following cron:

0 * * * * /home/<your_user>/public_html/yourscript.sh

Adjust time as per your need.

If it is not sending emails, it is possible that there is misconfiguration at server  level. If you are using authentication to send emails, your provider should be able to check SMTP logs.

If you have SSL for your website, you can directly change your site and blog URLs to HTTPS and if it requires, you can use force SSL related plugins for your website.

It looks like you haven't purchased SSL certificate for your website. If you have purchased it, it is possible that it is not installed properly. You should talk to your hosting provider.

Do you have any image resize plugins? Try deactivating WordPress plugin one by one until you find culprit plugin.

Please make sure that you have taken following steps correctly:

• If you are accessing your install using domain name make sure that your website is pointing to correct server.
• If there is any contents, remove installation from Softaculous and remove other contents from the same directory and attempt to install again.
• Make sure that you are accessing the URL correctly. If you have installed in subfolder, subdomain, you will have to use the exact URL.

If it still does not work, you will have to contact your web hosting provider.