ConfigServer cPanel Services

We’ve decided to simplify our cPanel Server Service packages to a single package (with a MailScanner option). This has been done for a one main reason – we’ve found that many people who were purchasing the smaller packages were needing the security features of the large packages and weren’t benefitting from them, frequently purchasing additional services from us to bring their servers up to the Full Service spec.To better service our customers we’ve created a single package that tackles all of the apsects of server security and management that we deal with. We’ve reduced the price of what was the cPanel Full Service package for the new all encompassing package.We have not removed any features at all whilst doing this.We hope the change benefits our customers in making their servers more secure and managable.

chkrootkit v0.47 released

chkrootkit 0.47 is now available!  This version includes:  * chkproc.c    - some bug fixes, thanks to Lantz Moore    - use of getpriority() to identify LKMs, thanks to      Yjesus(unhide) and Slider/Flimbo (skdet)    - new rootkit detected:       - Enye LKM  * chkrootkit    - new test:       - crontab    - new rootkits/worms detected:       - Enye LKM       - Lupper.Worm       - shv5    - more ports added to the bindshell test    - some minor bug fixeschkrootkit is a tool to locally check for signs of a rootkit.  Moreinformation about chkrootkit and rootkits can be found athttp://www.chkrootkit.org/.

New rkhunter v1.2.9

The rkhunter developer has finally released a long awaited update:

  • This release added support for RHEL WS/AS/ES 3 Taroon update 8, Fedora Core 5, and SuSE 10. Checks were added for packet capturing applications and processes using deleted files. The netstat check was enabled for AIX and the backdoor check was enabled for SunOS. Logfile specification and checks were added.

http://rkhunter.sourceforge.net/Unfortunately, it looks like they still don’t support the most popular OS’s md5sums, i.e. RHEv4/CentOSv4To upgrade:

/bin/rm -Rf rkhunter*wget http://surfnet.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.2.9.tar.gztar -xzf rkhunter-*cd rkhunter-*./installer.sh cd ../bin/rm -Rf rkhunter*rkhunter –updaterkhunter -c –skip-keypress

New csf v1.31

I have released another new versiob of csf with the following changes:

  • Removed some redundant code from csf
  • Display error in csf if IP already in allow/deny file
  • Stopped install.sh from overwriting email templates
  • Added email notification for login tracking including a new email template tracking.txt
  • Added mod_security apache module IP blocking in lfd

Upgrade either through WHM or follow upgrade.txt in the tarball.

New csf v1.2

I’ve released a new version of csf with the following changes:

Fixed uninstall script to remove lfd from chkservdFixed lfd so that checks were not made on options where a log file is sharedFixed lfd stop/start to dis/enable chkservd optionAdded upgrade feature to WHM when a new version of csf is available

Follow the upgrade.txt file within the csf tarball – the last time you’ll need to do this manually if you use the new WHM upgrade feature 😉

New Service: Server Recovery

As many of you may be aware we have always provided a cPanel server recovery service when asked. We have now formalised this service for anyone who needs it should they have OS disk problems:

  • Root compromise – if your server gets hacked and is therefore no longer trustworthy
  • OS disk failing – if the OS disk is starting to log errors indicating an immenent drive failure
  • OS corruption – if the file system is becoming corrupt
  • OS upgrade – if you want to upgrade from an old unsupported OS to a new one
  • Corrupt kernel – if you’ve upgraded the kernel and it has rendered the server unbootable of any kernel
  • Any situation which leaves your main OS disk unbootable

More details on the Server Recovery Service page.

Why you should use :fail: – addendum

I have added the following to the Why you should use :fail: page on our site:

Causes emails that will never be delivered onto the exim mail queue because checks such as sender verification are still carried out when processing such emails and if they cannot complete they will stay on the exim mail queue and repeatedly reprocess the email until it is finally discarded (usually 4+ days). This can cause very large mail queues full of spam which is repeatedly processed causing severe performance degradation