Snowman
31-10-2009, 06:22 PM
As you know, at Alpine Internet, we rank security and service as our number 1 priorities. In line with this you will find below a range of upgrades to the service and security we provide on your account. Some of these are from cPanel themselves, some are ones that we are investing in for the protection of our clients and our server fleet and the final one is increase in your account’s storage quota so you and your clients will not be inconvenienced by some of these upgrades
This weekend we are currently deploying a major security upgrade to the WHM/CPanel server that your reseller account is located on. This upgrade introduces a wide range of security and function enhancements to the system. Here is a brief outline of some of the changes:
Usability enhancements
* Quicker access from mobile devices, due to fewer authentication requests from the server.
* IMAP IDLE support for mobile devices, allowing near real-time mail delivery from Dovecot mail servers.
* Streamlined cPanel interfaces, such as Email Accounts and MX Entry.
* An overhauled language system that provides greater accuracy and language compatibility, with less memory consumption.
[Click Here] (http://www.cpanel.net/releases/1125/refined-user-interfaces.html) for more info on usability enhancements.
Security features
* Session tokens and blank referrer checks, to help prevent cross-site request forgery.
* Better cPHulk reliability, for improved protection against brute force attacks.
[Click Here] (http://www.cpanel.net/releases/1125/security.html) for more info on security features.
Efficiency improvements
* Lower memory consumption during synchronisation of DNS clusters.
* Quicker restart processes for both the Apache web server and the BIND name server.
* Quicker load times for the cPanel home page.
[Click Here] (http://www.cpanel.net/releases/1125/performance.html) for more info on efficiency improvements.
MySQL DISK QUOTAS
A major issue has existed where MySQL disk quotas were not added to account disk usage stats in cPanel. This has now been resolved with the new release and will give a total overview of the accounts complete disk usage.
Please note some clients may notice a jump in their disk usage or alerts that they are running out of space if the accounts don’t have a lot of free space. You may need to check your packages and adjust accordingly
CXS EXPLOIT SCANNER
CXS eXploit Scanner is a new tool we are deploying on all cPanel servers that performs active scanning of files as they are uploaded to the server. This tool now gives us a defence mechanism against hackers and various Trojans and viruses that are currently circulating
Active scanning is performed on all text files uploaded through:
* PHP upload scripts (via a mod_security or suhosin hook)
* Perl upload scripts (via a mod_security hook)
* CGI upload scripts (via a mod_security hook)
* Any other script type that utilizes the HTML form ENCTYPE multipart/form-data (via a mod_security hook)
* Pure-ftpd
The active scanning of uploaded files can help prevent exploitation of an account by malware by deleting or moving suspicious files to quarantine before they become active. This includes recent exploits such as the Dark Mailer spamming script and the Gumblar Virus.
Exploit detection includes:
* Over 4500 known exploit script fingerprint matches
* Known viruses via ClamAV
* Regular expression pattern matching to help identify unknown exploits
* Filename matching
* Suspicious file names
* Suspicious file types
* Binary executables
FTP CONNECTIONS
We recommend people switch their FTP programs to connect on a SFTP connection rather than standard FTP for added security. SFTP can be connected to with the usual cPanel or ftp login details but on port 22351 instead of port 21.
We also recommend anyone using Filezilla to choose a different FTP client as we have seen a lot of people constantly blocked due to an issue on the programs settings. We recommend programs such as CuteFTP or the Free FireFTP add-on for the Firefox Browser
WHM FEATURE MANAGER AND PACKAGES
As you may be aware WHM contains a feature manager and package creator where you can create packages and feature sets for your clients packages. We encourage all resellers to review their packages setups and adjust them accordingly as some of the older packages may not have all features and options available.
NOTE:In the coming weeks we will also be branding our cPanel interface with our Alpine Internet brand and adding specific links to our site on the cPanel skin.
Please ensure you are not using a package or feature set in WHM with the word webaus_ in its name or your clients will see our branding instead of the default cPanel or your own branding. If you wish to adjust or add your branding to your clients cPanel skins please refer to documentation on the branding function at http://twiki.cpanel.net/twiki/bin/view/AllDocumentation/DocsIntro or have a look at the mock-up host site that CPanel have developed to show you how to integrate your website and cPanel at - http://www.mybrandedhost.com (http://www.mybrandedhost.com/)
These changes are all designed to increase the quality of service level of security your account receives. If you have any queries about their impact or what they involve please post your queries into this discussion forum
This weekend we are currently deploying a major security upgrade to the WHM/CPanel server that your reseller account is located on. This upgrade introduces a wide range of security and function enhancements to the system. Here is a brief outline of some of the changes:
Usability enhancements
* Quicker access from mobile devices, due to fewer authentication requests from the server.
* IMAP IDLE support for mobile devices, allowing near real-time mail delivery from Dovecot mail servers.
* Streamlined cPanel interfaces, such as Email Accounts and MX Entry.
* An overhauled language system that provides greater accuracy and language compatibility, with less memory consumption.
[Click Here] (http://www.cpanel.net/releases/1125/refined-user-interfaces.html) for more info on usability enhancements.
Security features
* Session tokens and blank referrer checks, to help prevent cross-site request forgery.
* Better cPHulk reliability, for improved protection against brute force attacks.
[Click Here] (http://www.cpanel.net/releases/1125/security.html) for more info on security features.
Efficiency improvements
* Lower memory consumption during synchronisation of DNS clusters.
* Quicker restart processes for both the Apache web server and the BIND name server.
* Quicker load times for the cPanel home page.
[Click Here] (http://www.cpanel.net/releases/1125/performance.html) for more info on efficiency improvements.
MySQL DISK QUOTAS
A major issue has existed where MySQL disk quotas were not added to account disk usage stats in cPanel. This has now been resolved with the new release and will give a total overview of the accounts complete disk usage.
Please note some clients may notice a jump in their disk usage or alerts that they are running out of space if the accounts don’t have a lot of free space. You may need to check your packages and adjust accordingly
CXS EXPLOIT SCANNER
CXS eXploit Scanner is a new tool we are deploying on all cPanel servers that performs active scanning of files as they are uploaded to the server. This tool now gives us a defence mechanism against hackers and various Trojans and viruses that are currently circulating
Active scanning is performed on all text files uploaded through:
* PHP upload scripts (via a mod_security or suhosin hook)
* Perl upload scripts (via a mod_security hook)
* CGI upload scripts (via a mod_security hook)
* Any other script type that utilizes the HTML form ENCTYPE multipart/form-data (via a mod_security hook)
* Pure-ftpd
The active scanning of uploaded files can help prevent exploitation of an account by malware by deleting or moving suspicious files to quarantine before they become active. This includes recent exploits such as the Dark Mailer spamming script and the Gumblar Virus.
Exploit detection includes:
* Over 4500 known exploit script fingerprint matches
* Known viruses via ClamAV
* Regular expression pattern matching to help identify unknown exploits
* Filename matching
* Suspicious file names
* Suspicious file types
* Binary executables
FTP CONNECTIONS
We recommend people switch their FTP programs to connect on a SFTP connection rather than standard FTP for added security. SFTP can be connected to with the usual cPanel or ftp login details but on port 22351 instead of port 21.
We also recommend anyone using Filezilla to choose a different FTP client as we have seen a lot of people constantly blocked due to an issue on the programs settings. We recommend programs such as CuteFTP or the Free FireFTP add-on for the Firefox Browser
WHM FEATURE MANAGER AND PACKAGES
As you may be aware WHM contains a feature manager and package creator where you can create packages and feature sets for your clients packages. We encourage all resellers to review their packages setups and adjust them accordingly as some of the older packages may not have all features and options available.
NOTE:In the coming weeks we will also be branding our cPanel interface with our Alpine Internet brand and adding specific links to our site on the cPanel skin.
Please ensure you are not using a package or feature set in WHM with the word webaus_ in its name or your clients will see our branding instead of the default cPanel or your own branding. If you wish to adjust or add your branding to your clients cPanel skins please refer to documentation on the branding function at http://twiki.cpanel.net/twiki/bin/view/AllDocumentation/DocsIntro or have a look at the mock-up host site that CPanel have developed to show you how to integrate your website and cPanel at - http://www.mybrandedhost.com (http://www.mybrandedhost.com/)
These changes are all designed to increase the quality of service level of security your account receives. If you have any queries about their impact or what they involve please post your queries into this discussion forum