Select Page

cpanel ssl vulnerability


How to prevent ‘Certificate for FILE “(CN: domain.com)” has expired!’ errors in your server

Earlier, only businesses that dealt with confidential information such as credit card or online transactions, were bothered about their website security.

But with most advanced browsers now making HTTPS mandatory, and even Google considering it as a parameter for website ranking, every website is now getting an SSL certificate. (more…)

Disable RC4 ciphers in cPanel/WHM servers – Why and How to do it?

Secure transmission of data requires encrypting the data in many ways. Ciphers are the tools used for data encryption. RC4 is one such cipher.

RC4 generates a stream of pseudo-random bits. These bits are combined with plain text using ‘bit-wise exclusive-or’ pattern to produce the encrypted message, which is transmitted in TLS connections. (more…)

How to block DROWN attack – Fix SSL vulnerability in Linux, Apache, Nginx, Exim and other servers

How to block DROWN attack – Fix SSL vulnerability in Linux, Apache, Nginx, Exim and other servers

On March 1, 2016, a new SSL vulnerability called DROWN (Decrypting RSA with Obsolete and Weakened Encryption) was disclosed by security researchers.

This vulnerability (aka CVE-2016-0800) allows attackers to decrypt even strong TLSv1.2 connections, if the server supports the obsolete SSLv2 protocol.
(more…)

Protecting your cPanel/WHM server from SSLv3 POODLE vulnerability

Protecting your cPanel/WHM server from SSLv3 POODLE vulnerability

UPDATE 17th Oct – Some browsers like Firefox and IE 6 are reporting issues when SSLv3 is disabled. Fortunately, SSLv3 fix is available from OpenSSL, and major distros would soon be putting it to their repos. SSLv3 disabling can soon be done in a phased manner. Check comments for more info.

On Oct 14th Google published details of an SSL 3.0 vulnerability, which allows an attacker to break into a secure session through a man-in-the-middle attack.

Support for SSL 3.0 is available in all popular mail, ftp and web clients, which makes all your clients vulnerable to an exploit based on this bug. Since SSL 3.0 is an 18 year old obsolete technology, we recommend it to be disabled in all cPanel servers.

Pro-active Server Management service at Bobcares was notified of this vulnerability on 14th, and all servers that we maintain were secured against this vulnerability by disabling CBC ciphers.

Read : Top 7 SSL/TLS deployment best practices

 

Hire Bobcares cPanel Server Administrators
Get super reliable servers and delighted customers

See how we do it!

 

 

Here is a quick script for you to check if your cPanel/WHM server is vulnerable. Execute the following as root. If you get ANY cipher output, your server can be considered vulnerable. (more…)