cPanel now offers AutoSSL for WHM using a Comodo Wildcard Certificate
2017 cPanel & WHM ships with the cPanel (powered by Comodo) provider! Worries of expired ssl cents with AutoSSL… Best practice is to buy a unique certificate that displays your business identity.
These certifications require a higher level of verification and cost more. Well worth the investment.
WordPress|Dashboard settings change from http:// to https://… Its that simple! If your provider has AutoSSL enabled. To be sure all content is secure look for Green Lock by URL address.
Have a yellow triangle displaying Mixed content you will need to manually adjust page images and urls to a relative or https path. Best practice is to go through every page on your site to be sure you have no unsecured mixed content.
Attempted all page changes and still have mixed insecure content, try using this free plugin… Under advanced section you can select scan all content… Make sure to retest for anything that might be broken by applying this plugin.
All clients on Air America aka WordPressAmerica.com servers have SSL… If you have a site hosted with us just drop us a line and we will perform the work for you! For the do-it-yourself-er gator daddy’s check out this video.
Kurdish Hackers are at it again… Creating and modify posts in WordPress.
Best guess is outdated WordPress Themes and Plugins…
Many vulnerability flaws by design in php/mysql making it impossible to be exempt from these attacks.
Always keep your website backed up on a regular basis. If you get hacked restore!
Change all passwords starting with cPanel then your data-bases and finally WordPress.
Check your file permissions carefully. Make sure the world can’t write to directories and your data-base.
Update your WordPress version theme and plugins to most current version. Remove old unused plugins and old themes. API Vulnerability Exploits
System administrators make sure your server security is tight. Something simple as outdated binary executables could be a security risk.
Web developers hosting clients may want to consider using a good security team to harden your cPanel server.
Way to the web Configserver is as good as it gets.
Wordfence has great information understanding how PHP Vulnerabilities Originate and steps you can take to protect your WordPress site.
Cause of latest outbreak was unauthenticated privilege escalation vulnerability in REST API endpoint in 4.7 and 4.7.1Hacked By MuhmadEmad
## Code Extracted From Hacked Post ##
HaCkeD by MuhmadEmad
HaCkeD By MuhmadEmad
Long Live to peshmarga
KurDish HaCk3rS WaS Here
This hacked client was running WordFence with tight permissions set. Majority have no clue. Anything attached to the web can be hacked!
The key is to be diligent keeping the honest honest by blocking what you can and keeping all software up to date.
Always nice to have friends and co-workers in the virtual world watching your back.
Kindness goes along way in the web community.
Affordable dedicated/co-located server options are limited these days.
No one can even come close to this deal. cPanel is the server platform of choice these days and this dedicated server does not support cPanel out-of-the-box with Centos.
Support is limited to hardware with minimal operating system builds. Majority would say well that’s out. After shopping around discover same priced servers have less power and resources of a smart phone!
Million dollar question is how to get Raid 5 volumes and partitions setup where this server will support cPanel with a minimal supplied Centos7
Here is the fix. Volume Group Merge: Open ticket at 1 and 1 servers and they will merge your two volume groups so, you can allocate out space to logical volumes!
[root@u19675208 ~]# pvs
PV VG Fmt Attr PSize PFree
/dev/sda3 vg00 lvm2 a– 58.00g 43.00g
/dev/sdb1 vg00 lvm2 a– 3.58t 3.57t
Here’s how to add space to your desired logical volumes: Increase Size of Logical volume
Nothing like having 2x Intel®Xeon® E5-2440 2 x 6 Cores (HT) x 2,4 GHz (2,9 GHz Turbo Boost) 48 GB DDR3 ECC 4,000 GB (3 x 2.000 GB SATA) RAID 5 power running cPanel…
Finding the help to setup this server
Advice is to hire a system administrator to do the setup if you are not an advanced Linux/Unix guru…
Found ServerAdminz to be the best bet… $25 Hourly services can’t be best. Majority of the time they will complete tasks in a couple hours or less and start work right away.
1 and 1 Dedicated Server Team support has improved 100%… No longer when you call them will they say “What Don’t You Understand About Self Managed”… Still a mix of skill knowledge. One tech will say hey no problem it’s fixed while another might say. I don’t have a clue honesty with escalation to someone who does know. Makes for a night and day difference in support from years past. Personally want to say Thank You 1 and 1 for taking support to a higher level.
WHM/cPanel license owners know and love cPanel group support. Does not get any better than cPanel… Techs will go far beyond the scope of their own product to insure delivery of the best user experience.
Security is the most important part. WaytoTheWeb Configserver offers the best cPanel services setting up additional security on your server.
Tell them your needs and they will do their best to lock things down where you can manage your server with confidence.
Many thanks to Sarah at Waytotheweb for many years of security services.
New PHP Version Requirements
WHMCS 7.0 requires PHP 5.6 or later. If you are running any versions earlier than PHP 5.6, you must upgrade PHP before attempting to upgrade to WHMCS 7.0. WHMCS 7.0 also requires ionCube Loader v5.0.21 or later.
Version 7.0.0 System Requirements: WHMCS v7 minimum system requirements are PHP 5.6 and stable IonCube Loader 5.0.21 or later. WHMCS v7 also supports PHP 7 – in order to ensure complete compatibility, please install the latest Ioncube loader 6.0.2 or later.
Before Upgrading Backup your data-base and zip pubic_html
Discovered upgrading to ver 7.0 needs attention before installing.
You must have root server ability to update ion-cube from 4.x to 5.x or above.
Also you will need to update your data-base permissions where installer can write temporary tables.
Normally I keep global permissions off.
What will happen if you attempt a manual update or automated update without proper permissions and upgrade fails.
Your data-base will become corrupted and you will need to restore from backup.
Just rename corrupted data-base name. Create a new one and import your data back in.
Then you will be back to installation page where you can try again.
Blank page is normally a failure with your ion-cube encoder.
If you have no root access to your server and ion-cube or php is an older version than what is required.
Your only option is to restore home directory. i.e. pubic_html.zip you created before extracting 7.x files…
I am impressed with version 7… Functions quite well…
Personally perform all work manually and don’t use my whmcs connect to whm.
I am a small private hosting company for the elite who desire dedicated services where a hand is always on the wheel and eyes on the road of progress.
Product Attributes – What I am the Administrator?
No you have not been hacked. Recent upgrades have a bug. Location /plugins/woocommerce/includes Edit “class-wc-post-types.php” Change line 187 value show_ui from false, to true, and you’re back in business! See forum topic on WordPress.org
WordPress has been operating as an oEmbed consumer for quite some time now, allowing users to easily embed content from other sites. Starting with version 4.4, WordPress becomes an oEmbed provider as well, allowing any oEmbed consumer to embed posts from WordPress sites. MoreEmbed Posts
Cox Communications Blocking good incoming mail
Amazing how fast false positive and misreported spam gets blocked. Service providers need to diligently look at headers and ip addresses before blocking.
Junk mail providers are obvious to detect these days. B2NETSOLUTIONS, COLORADO CROSSING & Overseas Host Sailors are easy to spot.
Manually blocking of every spam abuse report without looking at the entire picture is a disservice to customers.
Found Cox to be asleep at the wheel
Opened a ticket to release a potential SMTP block and no one has responded in over 24hrs.
Beware of Fake Enom Emails Going Out
Looks like Enom email but it’s actually a hack job!
X-Antivirus: AVG for E-mail
Delivery-date: Thu, 05 Nov 2015 18:46:16 -0500
Received: from msa509.odn.ne.jp ([220.127.116.11]:45244 helo=cmsa509.odn.ne.jp)
by server.air-america.com with esmtp (Exim 4.86)
for WEBMASTER@AIR-AMERICA.COM; Thu, 05 Nov 2015 18:46:09 -0500
Received: from smsa509.odn.ne.jp by cmsa509.odn.ne.jp with ESMTP
for ; Fri, 6 Nov 2015 08:45:19 +0900
Received: from amsa509.odn.ne.jp by smsa509.odn.ne.jp with ESMTP
for ; Fri, 6 Nov 2015 08:45:19 +0900
Received: from lexusiji ([18.104.22.168] [22.214.171.124])
by amsa509.odn.ne.jp with ESMTP
for ; Fri, 6 Nov 2015 08:45:18 +0900