News

Spurred by continued growth, cPanel has decided to expand its technical support services in three key areas: 


By offering 24-hour-a-day, 7-day-a-week phone support.
By making a new Live Chat feature available on its website, http://www.cpanel.net.
By reorganizing its online discussion forums and providing a technical support analyst to monitor them full-time.

Technical Phone Support Now Available Around the Clock

In the past, cPanel has provided 24-hour technical support mainly via its online, ticket-based system, offering phone support only during daytime business hours. Now, that has changed.

“Our customer base is growing,” explained Technical Support Manager Sean Richards. “It makes sense to expand our support team, so that we can provide our users with help around the clock.”

The increased size of cPanel’s support team has provided customers with other benefits, too. “Adding a number of seasoned veterans and top talent has also allowed expanded support for migrations, bug review, direct API support as well as the direct involvement in many key areas that will be important for 2010,” Richards elaborated.

Phone support costs a nominal per-incident fee, which includes as many calls as needed to resolve the problem.

Customer Service Now Offers Live Chat feature at: http://www.cpanel.net

cPanel has also implemented a Live Chat feature on its website, available to customers during daytime business hours.

This free new service allows anyone visiting the site to send instant messages directly to cPanel’s Customer Service staff. The staff then provide quick, easy answers to customers’ billing and sales questions.

cPanel Community Forums Reorganized and Improved

One of cPanel’s most popular support channels, its discussion forums at http://forums.cpanel.net, has just been overhauled. “Customers will find the new forum layout more useful,” Richards commented. “There’s now a dedicated place for feature requests, and we’ve improved access from mobile devices.” Users of PDAs and smart phones can enjoy this enhancement by accessing the cPanel forums at http://m.forums.cpanel.net.

Additionally, a veteran cPanel Technical Support team member is now dedicated to locating and responding to customer questions and problems in the forums full-time. This will aid users seeking advice about configuring their servers, or help with technical problems, by cutting down on response times.

If you're active on our forums, you may vote in our poll as we're trying to determine which days of the week work best for attendees.  It's a great way for you to influence our planning for cPanel Conference 2010.  The poll is located here.

--

If you didn't attend the 4th annual cPanel Conference this month, you missed out. Attendees enjoyed some serious learning, great hospitality, and an overall fantastic time.

2009 was by far our largest cPanel Conference ever, with over 180 attendees registered. Folks came from places as far away as the Netherlands, India, South Africa, Japan, the UK, Ireland, and Bulgaria. The cPanel Conference was, as it usually is, representative of the webhosting industry: international in scope, friendly, and professional.

The event took place at the Hilton Americas in Houston, Texas. The Hilton was a step up from our past venue and, by all accounts, did not disappoint.

The first day's activities gave everyone a chance to meet up and relax before the start of the Conference and 2 days of nonstop learning. We kicked off the festivities with a networking reception held on the 24th floor of the Hilton. From there, Conference-goers saw commanding 
views of downtown Houston, sampled great drinks, and enjoyed the most delicious hors d'oeuvres you can imagine.

From the 24th floor, the action moved to the hotel lobby bar, which Softlayer graciously kept open as long as anyone was willing to hang out.

On Tuesday, the first day of the Conference sessions, we provided breakfast and unlimited amounts of much-needed coffee. Then we kicked off a boatload of advanced technical sessions from the cPanel technical analysts, quality assurance staff, sales personnel, and 
developers. Topics ranged from DNS clustering, to cPanel's customer service philosophies, to Enkompass, to the effective use of strace on Linux servers, and everything in between.

Tuesday culminated in a sumptuous feast at the Hilton. The food was excellent, the company was even better, and a lot of good discussions took place. From there, we took the party to Joystix. For those of you who missed it, Joystix is an old-school arcade with a phenomenal 
collection of vintage and new video games and pinball machines. As is the cPanel way, we made sure everyone had a great time by means of an open bar and cPcache handouts (more about that below).

Post-Joystix, R1Soft was generous enough to hold their own after-hours networking event at Pub Fiction, which was just a short cab ride away.  This event lasted until the wee hours of Wednesday morning. It was a great opportunity for networking with industry peers.

Informative exhibitor sessions were another way that the cPanel Conference 2009 set itself apart from other conferences.  We only allowed exhibitor talks that provided useful information and relevant topics, rather than a sales pitch. The sessions were well-attended, as folks presented material that our attendees found genuinely useful.

Throughout the event, everyone who attended sessions was paid with cPcache, the official currency of the cPanel Conference. cPcache was spendable at the cPanel Gift Shop at the registration desk, and allowed attendees to purchase all manner of cPanel-branded goodies, 
from messenger bags to Callaway sunglasses and Fossil sport watches.  It was a great way for Conference-goers to get some seriously cool (and more importantly, useful) cPanel schwag.

After the event, we asked attendees what they liked, what they didn't like, and what they would like to see next year. As always, we plan on acting on the desires of our customers and will make sure that cPanel Conference 2010 is just as great as, if not better than, 2009!

cPanel would like to close by thanking all the exhibitors at the Conference for their participation. Our sincere gratitude goes out to:

The WHIR, Microsoft, Layered Tech, The Planet, R1Soft, ServerTune, 
Softlayer, Trustwave, CentOS, OpenSRS, Commtouch, Bobcares, Spam 
Experts, SingleHop, Comodo, Codero, HostDime, Soholaunch, VPS.net, 
GlobalSign, and NetDepot.

You can find all the conference session slides here.

If you're active on our forums, you may vote in our poll as we're trying to determine which days of the week work best for attendees.  It's a great way for you to influence our planning for cPanel Conference 2010.  The poll is located here.

Summary

cPanel 11.25.0 provides mechanisms to prevent Cross Site Request Forgery attacks.

Security Rating

This update has been rated as having an Important security rating by the cPanel Security team.

Description

All versions of cPanel prior to version 11.25.0 are vulnerable to cross site request forgery attacks. Cross-site request forgery, often abbreviated as CSRF or XSRF, exploits the trust a website has in a user's browser. By exploiting that trust a malicious user can execute unauthorized commands on a website.

Solution

cPanel 11 users should upgrade to version 11.25.0 which contain mechanisms to prevent these types of attacks. To insure full protection, the following options in Tweak Settings are strongly recommended to be enabled:

• Require security tokens for all interfaces. This will greatly improve the security of cPanel and WHM against XSRF attacks, but may break integration with other systems, login applications, billing software and third party themes.
• Validate the IP addresses used in all cookie based logins. This will limit the ability of attackers who capture cPanel session cookies to use them in an exploit of the cPanel or WebHost Manager interfaces. For this setting to have maximum effectiveness, proxydomains should also be disabled.
• Disable Http Authentication for cPanel/WebMail/WHM Logins (forces cookie authentication.) This will help prevent certain types of XSRF attacks that rely on cached Http Auth credentials.

In addition it is recommended the following Tweak Settings be disabled:

• Add proxy VirtualHost to httpd.conf to automatically redirect unconfigured cpanel, webmail, webdisk and whm subdomains to the correct port (requires mod_rewrite and mod_proxy)
• Automatically create cpanel, webmail, webdisk and whm proxy subdomain DNS entries for new accounts. When this is initially enabled it will add appropriate proxy subdomain DNS entries to all existing accounts. (Use /scripts/proxydomains to reconfigure the DNS entries manually)

References

1. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2043
2. http://secunia.com/advisories/30027

In cPanel 11.25 we have made a few feature improvements to the bandwidth tracking system built into WHM and cPanel. While these new features grants you a much more accurate and granular view of client bandwidth usage, customers with inadequately sized /var partitions may run into issues related to partition size and disk space consumption.

It should also be noted that the creation of these files occurs during the first upcp that results in an upgrade to 11.25 and can require significantly more time than normal upgrades.

The notice for this change was in our release notes for 11.25 which can be found at http://docs.cpanel.net/twiki/pub/AllDocumentation/ReleaseNotes/1125releasenotes.pdf

Change: Bandwidth graph RRD files are split off for each individual service per domain and subdomain and stored in /var/cpanel/bandwidth/ .

Potential Issue: On some machines, depending on the partitioning schema and the number of domains on a server, there may be a disk space issue. This will only effect customers with large numbers of domains and a relatively small /var/ partition, i.e., 8-10G. In these situations, the /var/ partition may become full.

Workaround: For the time being, if you are affected by this issue, we are suggesting the following temporary fixes.
 

• Disabling Bandwidth Stats Generation: ‘touch /etc/rrdtooldisable ’ . This will disable generation of the rrdfiles altogether. Removing this file will result in the graphs being generated again.

or

• Symlinking /var/cpanel/bandwidth to a partition with more space.

mkdir /home/bwtmp; tar -czvf /root/cp-bandwidth-backup.tar.gz /var/cpanel/bandwidth

mv /var/cpanel/bandwidth/* /home/bwtmp/; rm -rf /var/cpanel/bandwidth

ln -s /home/bwtmp /var/cpanel/bandwidth

The above command will create a /home/bwtemp directory, copy the contents of /var/cpanel/bandwidth to it, create a backup in /root/cp-bandwidth-backup.tar.gz, and then symlink the old directory to the new one where there should be more diskspace.

If you have issues executing the fix for this change, please submit a ticket via https://tickets.cpanel.net and we will assist you with this fix.

If by chance you convinced your boss that the cPanel Conference 2009 was more than 3 days of entertainment, we have  some bad news!    SoftLayer has announced they will host another event October 5th following the  Networking event & reception from 7PM-10PM.  This event will be held at the Hilton and the details are below.     


 

* This event is open to all attendees of the cPanel Conference!

While Mr. Fun (an imaginary cPanel friend) will be floating around the conference we would also like to take this opportunity to remind you that in addition to 5 "special" events the cPanel Conference will also be packed with two full days of hard core learning, opportunities to network your business, and exclusive content from developers, technical analysts, and vendors.

To register or learn more about the cPanel Conference, please point your browser to: http://conference.cpanel.net.


Follow SoftLayer via Twitter
http://twitter.com/SoftLayer_News

Follow Events of the cPanel Conference
http://twitter.com/cpanelconf/

About SoftLayer
Founded in 2005, SoftLayer provides global, on-demand data center and hosting services from facilities across the U.S. We leverage best-in-class connectivity and technology to innovate industry-leading, fully automated solutions that empower enterprises with complete access, control, security, and scalability. With this insightful strategy and our peerless technical execution, we have created the truly virtual data center—and made traditional hosting and managed/unmanaged services obsolete.