• Welcome to Web Hosting Community Forum for Webmasters - Web hosting Forum.
 
Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Kailash

#31
Salesforce faced a service outage on May 12, 2021 and it was confirmed by them on Twitter:

https://twitter.com/parkerharris/status/1392253069690343424

@salesforce is experiencing a major disruption due to what we believe is a DNS issue causing our service to be inaccessible. We recognize the significant impact on our customers and are actively working on resolution.

As per their status page, all services were restored and operational. For more information, you can refer the status:

https://status.salesforce.com

Regards,
Kailash
#32
ElegentThemes is offering 20% OFF on WordPress Divi theme as a part of their "Anniversary Sale". This is a good time to buy this theme if you are looking for a multi-purpose WordPress premium theme.

#33
WHMCS has release WHMCS 8.0 in release candidate now. This should be available for production release within next few days. To check what's New in WHMCS, refer our blog post on WHMCS 8.0 Release Candidate.

Thanks you!
#34
CVE-2020-1530 and CVE-2020-1537 – Windows Remote Access Elevation of Privilege Vulnerability

Microsoft has recently released a security update for all supported operating systems. An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.

To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.

The security update addresses the vulnerability by correcting how Windows Remote Access handles memory. A privilege elevation vulnerability (CVE-2020-1530 and CVE-2020-1537) affects all supported versions of Windows server so far.  This vulnerability exists when Windows Remote Access improperly handles memory or file operations. The exploit requires an attacker to have execution capabilities on the victim system. Systems hosting websites or with web-accessible services are particularly vulnerable.

For more information refer the following URL:

https://www.webhostingdiscussion.net/blog/cve-2020-1530-cve-2020-1537/

- Kailash
#35
Quote from: etechsupport on August 25, 2020, 01:01:01 PM
You install only script? or you also install theme / plugins / modules and etc?
We install plugins, themes, modules etc. as well.

- Kailash
#36
Self-hosted tools are less effective unless you have large number of IPs without any reputation issue. That is the reason most of the users go for transactional email service.

- Kailash
#37
cPanel/WHM / Re: How to configure WHM with WHMCS
August 25, 2020, 03:38:31 PM
It seems that you are referring to integrated WHM with WHMCS. It is very easy. You can refer their official documentation from the following URL:

https://docs.whmcs.com/CPanel/WHM

- Kailash
#38
Microsoft DNS servers are affected by critical security vulnerability. There is remote code execution vulnerability exists in all DNS servers used in Windows Server 2008 and higher operating system. Microsoft has released an update for Windows Server 2012, Windows Server 2012 R2, Windows server 2016 and Windows server 2019. They have released an update for end of life operating system Window Server 2008 R2 but it looks like it is available to those users who have opted their paid addon to continue use Windows Server 2008 R2.

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.

For more information, refer CVE-2020-1350 Windows DNS Server Remote Code Execution Vulnerability.

- Kailash
#39
Hi,

If you have recently applied .Net updates on your Microsoft Windows server, it may break "Web sites" section in your SolidCP. SolidCP has yet not releases official update but there is a work around to fix this issue. It requires to edit your portal's web.config file to apply workaround. For more details, you can refer our KB on SolidCP Error in Web Sites section after Windows updates.

- Kailash
#40
Hi,

Are you really looking for their reviews? You are already using their service. You can check your own post here:

https://www.webhostingdiscussion.net/forums/index.php/topic,34051.msg22337.html#msg22337
#41
Web Hosting / Re: Best shared account in Europe
December 31, 2019, 06:07:15 PM
You can try Accuweb Hosting shared hosting. They have Linux shared hosting from UK location.

- Kailash
#42
Vulnerabilities / SMF 2.0.17 Released
December 31, 2019, 06:03:12 PM
Simple Machines has released a new patch to the 2.0.x line of SMF, bringing our latest release version to 2.0.17.

We consider this patch to be of crucial importance, as it includes an important fix for a critical bug that was introduced in SMF 2.0.16.

  • Fixes a bug that could cause SMF 2.0.16 to start consuming significant amounts of CPU-resources when the RSS function was used.
  • Eliminates some deprecated function warnings when using SSI.php on PHP 7.2+.


Please see the changelog for more information.

Since SMF 2.0.17 is essentially what 2.0.16 was intended to be and 2.0.16 was released only a few days ago, we are including a (slightly updated) version of the SMF 2.0.16 announcement for your convenience:

SMF 2.0.16 contained important security and bug fixes, as well as support for the European Union's General Data Protection Regulation (GDPR) requirements. We recommend updating as soon as possible.

Notable changes in 2.0.16 & 2.0.17

  • Support for privacy policy in addition to registration agreement
  • GDPR Compliance toggle in Core Features
   Enabling this configures multiple settings and new features to comply with the GDPR, including:
  • Requiring members to accept the current privacy policy in order to use the forum
  • Asking during registration whether the new member wants to receive announcements via email
  • Enabling token-based unsubscribe links in emails so members can unsubscribe without logging in
  • Allowing members to download a copy of their profile information
  • Adjusting the behaviour of a number of other features in minor ways as necessary
  • PHP 7.2 support
  • Improved security hashes for the image proxy
  • Improved security for the login cookie
  • Assorted other security improvements
  • Various improvements for both the installer and upgrader
#43
Vulnerabilities / SMF 2.0.16 Released
December 31, 2019, 05:59:46 PM
Simple Machines has released a new patch to the 2.0.x line of SMF, bringing our latest release version to 2.0.16.

We consider this patch to be of crucial importance, as it includes important security and bug fixes, as well as support for the European Union's General Data Protection Regulation (GDPR) requirements. We recommend updating as soon as possible.

Notable changes in 2.0.16

  • Support for privacy policy in addition to registration agreement
  • GDPR Compliance toggle in Core Features
   Enabling this configures multiple settings and new features to comply with the GDPR, including:
  • Requiring members to accept the current privacy policy in order to use the forum
  • Asking during registration whether the new member wants to receive announcements via email
  • Enabling token-based unsubscribe links in emails so members can unsubscribe without logging in
  • Allowing members to download a copy of their profile information
  • Adjusting the behaviour of a number of other features in minor ways as necessary
  • PHP 7.2 support
  • Improved security hashes for the image proxy
  • Improved security for the login cookie
  • Assorted other security improvements
  • Various improvements for both the installer and upgrader

Please see the changelog for more information.


IMPORTANT NOTES:

  • If you are using the GDPR Helper mod, you should follow these steps:
  • Back up your existing privacy policy text to a file somewhere
  • Update the GDPR Helper mod to its latest version
  • Uninstall the GDPR Helper mod
  • Install the SMF 2.0.16 patch

All users, including the admin, will need to log in again after 2.0.16 has been installed.

How to update to 2.0.16

If you are running version 2.0.15, you can update your forum to the latest version by using the package manager. You should see the update notification in the admin panel notifications and in the package manager, which will allow you to download and install the patch seamlessly.  If you do not see the notification about the patch, please run the scheduled task "Fetch Simple Machines files" from the Scheduled Tasks page (Admin > Maintenance > Scheduled Tasks).

If you use older versions of SMF, you can upgrade directly to 2.0.15 from whichever version you are currently using by using the "Large Upgrade" package from the Download page. Be aware that using this upgrade method will require you to reinstall any customizations that you have added to your forum, so if you are running a version of the 2.0.x series, it is recommended that you apply the successive patches instead of using the Large Upgrade.

If you are having problems downloading the patch from the admin panel, you can download the patch package from the Package Manager Updates page and install it via the Package Manager, as you would any other mod package.

Please refer to the Online Manual for more details about patching and upgrading.
#44
After upgrade to CURL version 7.67.0, you may receive the following error:

CURL Error: 56 - OpenSSL SSL_read: Success

Usually WHMCS and Enom users are reporting the above error. If you are using cPanel, you can downgrade the CURL version to fix this. You can execute following command on a cPanel server to downgrade the version:

yum downgrade ea-libcurl ea-libcurl-devel

Make sure that you restart Apache service. Also, if you are using litespeed, Apache-fpm, nginx etc., make sure you restart those services as well.

Regards,
Kailash
#45
Vulnerabilities / cPanel TSR-2019-0006 Full Disclosure
November 20, 2019, 03:37:30 PM
SEC-499

Summary

Authentication bypass due to variations in webmail username handling.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

The process used to normalize and validate webmail account names was not consistent across different authentication subsystems. Because of these discrepancies, authenticated cPanel users could gain access to other cPanel and Webmail accounts on the system.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43



SEC-508


Summary

Account suspension bypass via virtual mail accounts.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Description

The authentication logic for some subsystems relied entirely on data stored in the cPanel account's home directory for the enforcement of account suspensions. A cPanel user could take advantage of this behavior to retain access to virtual email accounts after the user's system account was suspended.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43



SEC-516


Summary

Authentication bypass due to faulty password file format parsing.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

The functions in cPanel & WHM that handled password and shadow file lookups did not enforce the constraints of this file format. This behavior could be misused by authenticated attackers to gain access to other accounts on the system.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43



SEC-520


Summary

Self-XSS due to faulty JSON string escaping.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

The escaping method used for some JSON string interpolation in cPanel & WHM interface templates did not escape all possible character combinations unambiguously.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43



SEC-525

Summary

Cpanel::Rand::Get can produce predictable output.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

When the /dev/urandom device is not initialized, Cpanel::Rand::Get initializes Perl's random number generation with data from the server's environment. This data could be predictable and when used as a seed, could cause predictable random numbers to be generated.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43



SEC-531


Summary

MySQL dump streaming allowed reading all databases.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

The MySQL database dump streaming functionality passed database names to the mysqldump binary in an ambiguous fashion. An authenticated attacker could misuse this behavior to read all databases on the system.

Credits

This issue was discovered by the cPanel Security Team.



Solution



This issue is resolved in the following builds:
11.84.0.10
11.82.0.18



SEC-532


Summary

Root chown on arbitrary paths in cPanel log processing.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Description

When processing logs to calculate bandwidth, symlinks to the processed logs are created in the user's home directory. An attacker can intercept this process to cause the ownership of an arbitrary file to be changed to the attacking user.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43



SEC-533


Summary

Stored XSS Vulnerability in WHM Backup Restoration.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Description

Error messages displayed in the WHM Backup Restoration interface were not adequately encoded. Due to this, it was possible for an attacker to inject arbitrary code into the rendered page.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43



SEC-534


Summary

WebDAV authentication bypass due to faulty connection sharing logic.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

Client authentication was not validated correctly when multiple WebDAV clients connected to the cpdavd daemon through a proxy server. Subsequent requests in a keepalive connection could inherit the authentication of prior requests.

Credits

This issue was discovered by Martin Rouf.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43


For the PGP-signed message, please see: https://news.cpanel.com/wp-content/u...ure.signed.txt.
#46
Try redirecting using .htaccess rewrite rule:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
#47
First, you will have to make sure that your script has execute permissions and then set following cron:

0 * * * * /home/<your_user>/public_html/yourscript.sh

Adjust time as per your need.
#48
cPanel/WHM / Re: Magento Cpanel Cron Job not working
October 31, 2019, 11:46:21 AM
If it is not sending emails, it is possible that there is misconfiguration at server  level. If you are using authentication to send emails, your provider should be able to check SMTP logs.
#49
If you have SSL for your website, you can directly change your site and blog URLs to HTTPS and if it requires, you can use force SSL related plugins for your website.
#50
WordPress Support / Re: WordPress HTTPS Error
October 31, 2019, 11:42:07 AM
It looks like you haven't purchased SSL certificate for your website. If you have purchased it, it is possible that it is not installed properly. You should talk to your hosting provider.
#51
Do you have any image resize plugins? Try deactivating WordPress plugin one by one until you find culprit plugin.
#52


Please make sure that you have taken following steps correctly:


  • If you are accessing your install using domain name make sure that your website is pointing to correct server.
  • If there is any contents, remove installation from Softaculous and remove other contents from the same directory and attempt to install again.
  • Make sure that you are accessing the URL correctly. If you have installed in subfolder, subdomain, you will have to use the exact URL.

If it still does not work, you will have to contact your web hosting provider.
#53


It seems that you have still not put your application live from your Facebook account. Follow the below steps to put it live:

[1] From your Facebook developers URL, go to My Apps and click on your App

[2] In Settings -> Basic -> Contact Email -> Enter your email address and save it

[3] Go to Status and Review Tab and set following option to "Yes":

Do you want to make this app and all its live features available to the general public?
#54
cPanel/WHM / Re: MongoDB quota for cPanel user
October 31, 2019, 11:32:23 AM
Officially MongoDB support is still not included in cPanel so I doubt you can set quota for MongoDB from cPanel/WHM. There was a feature request submitted in official cPanel website but this feature is still not included in latest version as of now. Also, I am not able to locate any plugin for cPanel which can help you in this matter
#55
Please check the following steps:


  • Make sure that mysql service is up and running.
  • Make sure that roundcube database is existed. You can check it from WHM -> phpMyAdmin. There should be a database named roundcube.
  • If roundcube database is existed, make sure that tables are not corupted. If they are corrupted, you may need to restore it from backup

#56
Your "where" clause will return all rows where name does not match username AND where name is not null.

If you want to include NULL results as well, you can try following where clause:

    where name <> 'username' or name is null

If you are looking for strings that do not contain the word "username" as a substring, then like can be used:

    where name not like '%username%'

- Kailash
#57
You can use findstr command to search specific string via command prompt:

To search only one word:

findstr /s "hello" *.*

If there is a space in the search word, you have to use /C option as follow:

findstr /s /C:"hello world" *.*

Hope this will be helpful!
#58
Passing an argument in a batch file is easy. For example, if your batch file name is myfile.bat and you want to pass some argument, you can execute following command:

myfile myargument

The value myargument will be stored in %1 and you can store in variable as follow:

set arg1=%1
#59
cPanel/WHM / Re: Uninstall cPanel from server
October 30, 2019, 05:19:17 PM
When we install cPanel, it also makes changes in default operating system files as well. Hence there is no way you can uninstall it. You should rebuild your server or migrate it to other server.
#60
Generally it is not recommended to uninstall control panel as there may be many dependent services on it. For Plesk, you can refer the following URL:

https://support.plesk.com/hc/en-us/articles/4410908355730-How-to-uninstall-Plesk

Note: Plesk installs many components, including provided by 3rd-party vendors and not all of them may be removed without leftovers.

The recommended approach is to backup the necessary information and reinstall the OS to avoid unexpected behavior after Plesk components removal.