DROWN Attack – SSLv2 Vulnerablity

Security researchers identified a new OpenSSL vulnerability, called DROWN( Decrypting RSA with Obsolete and Weakened Encryption ) on March 2016. This attack was focused on servers that use the more secure TLS protocol, which also supports the obsolete SSLv2.This vulnerability allows an attacker to decrypt the highly secured TLS encrypted communication if the server houses SSLv2 cipher support.

DROWN was assigned the CVE-2016-0800 id by the us-nert on the march (https://www.us-cert.gov/ncas/bulletins/SB16-067 ).

More than 11 million websites that use TLS were vulnerable to DROWN attack. If your website is protected by TLS and your server directly on indirectly supports the older SSLv2, you are also vulnerable and an attacker may exploit it to get important information such as user names, password, financial credentials, important documents ..etc. Continue reading…

Configuring cPHulk via WHM & command line

Now-a-days Brute force attacks to servers/websites are frequent. Brute force attack is generally a password guessing technique. It is a type of attack in which trying every possible combination of characters or data in order to find the decrypted message. A brute force guarantees finding the key – it’s trying every possible combination and does not rely on any potentially incomplete dictionaries or lists of possible keys.

cPHulk  Brute force Protection is an inbuilt protection used in WHM for preventing brute force attack. cPHulk Brute force Protection  will detect and will block continuous failed login IP address.

cPHulk is a brute force protection system developed by the cPanel team and is exclusive to cPanel / WHM control panels. It has been integrated with cPanel version 11. With cPHulk, you can set a threshold for authentication attempts on services like POP3, cPanel, WHM, FTP, etc. After a certain amount of attempts, the attacker will no longer be able to authenticate

We can enable/disable cPhulk via WHM and command line. Continue reading…

​Installation and configuration of ‘Pyxsoft Antimalware’ in cPanel servers

Pyxsoft antimalware Plugin for cPanel/WHM protects your server from attacker scripts such as c99shell, r57shell, ANIShell, and hundreds more. It is a real-time Anti Malware for cPanel/WHM. Attackers can take control of your servers or can damage your customer’s data by uploading one of these scripts.

Pyxsoft antimalware plugin works to protects your server in two ways:

  1. Protecting from the six server’s entrance
  • SQL Injection
  • Legitimate Access (SSH, cPanel etc)
  • Web Forms
  • FTP
  • Brute Force Attacks
  • Installed Trojans or shells

Continue reading…

Multiple SSL installation on single IP in cPanel

As we are aware, usually installing SSL Certificate requires Dedicated IP .

The cost of this address is typically being passed down to the end user. Also the IPv4 address will be filled completely if every domain require a dedicated IP. So administrators decided to use multiple SSL installation on a single IP. Thus SNI (Server Name Identification) is established.

>> What is SNI :

Server Name Indication (SNI) is an extension to the TLS protocol that indicates what hostname the client is attempting to connect.
SNI is an extension of the TLS protocol, which allows browsers and servers to map multiple SSL-secured domain names to one IP address and gate, without this making any difference to the site visitor security-wise. User do not need to purchase dedicated IP address for enabling SSL for their website.

>> Minimum Requirement for SNI :
> CentOS 6, RHEL 6, or CloudLinux 6
> cPanel version 11.38 and higher

If your server satisfies the above requirement, then you can easily proceed with the installation following the below steps.

>> Procedure to install multiple certificate using an single IP in cPanel.

Step 1 : cPanel >> SSL/TLS Manager >> Generate CSR (Certificate Signing Request)

Step 2 : Purchase SSL certificate from the vendor using the newly generated CSR

Step 3 : cPanel >> SSL/TLS Manager >> Install and manage SSL for your site (HTTPS)
> Select domain
> We can see these things :
Warning : which all browser will not support SNI
Shared IP of the server
> In option Choose a certificate file,Click on browse certificate
> Select .crt file from the extracted file
> Upload certificate

Step 4 : Go again to Manage SSL sites under SSL manager(New Option)
> Select domain from drop Down
> Click on autofill by domain
> Copy certificate bundle and paste under Certificate Authority Bundle (CA Bundle)
> Click on install certificate button

Step 5 : Browse your Website using ‘https://’ and enjoy secure browsing

If you require help, contact SupportPRO Server Admin

Server not running properly? Get A FREE Server Checkup By Expert Server Admins - $125 Value