Security Tokens

We know that security is important to you. That's why we've added numerous security features to cPanel/WHM 11.25. Our new security token system attempts to prevent cross-site request forgery (XSRF) attacks by appending URLs with a session token in the form of cpsess<number>. When this feature is enabled, absolute URLs are no longer allowed. This new feature helps to ensure a safe environment for you and your customers.

Blank Referer Checks

We've changed the way cPanel handles blank referer checks, to make them more accurate. If a page is sent inside an existing session with a blank referer, it will trigger an XSRF prevention page.

cPHulk Enhancements

Our utility for thwarting brute force attacks on your server, cPHulk, has been improved as well. It's now more responsive — so you get faster notification of attacks — and more difficult to overwhelm. The result is better protection from malicious users.