Page tree
Skip to end of metadata
Go to start of metadata


Notice of Version Number Change

cPanel has changed its version number scheme as outlined in our cPanel & WHM Versions and the Release Process documentation. To bring the current product in line with this chang,e cPanel 11.25.0 was reversioned to 11.26. As part of this change, the update tier is no longer displayed in WHM or cPanel.

Feature Updates  

Account Transfers

For cPanel to cPanel account transfers, WHM's Transfers interface now providse the ability to skip the home directory when you package an account. This allows you to reduce the amount of time a transfer takes and choose a more efficient method to transfer the user’s home directory.

The cPanel version of the remote server is auto-detected for cPanel-to-cPanel account transfers. The Remote Server Type menu in the Transfer interface is updated to reflect this change.

When you transfer a mixture of reseller and non-reseller accounts in the Multiple Account Transfer interface (Main >> Transfers >> Multiple Account Transfers), the resellers will transfer first. Prior cPanel versions would iterate through the users alphabetically.

Streaming support, which was introduced in cPanel & WHM version 11.24, received various performance improvements. When the Express Transfer method is used with streaming, zone activation is deferred until the end of the account restoration process. This re- solves an issue that occurs when transferring accounts among servers within a DNS cluster.

A Select All button was added to the Express Transfer column in WHM's Multiple Account Transfer interface. The transfer system now detects when the remote or local servers run out of disk space. The errors are captured and the administrator is notifed.

Account Backup and Restoration

In cPanel & WHM version 11.26, we added the ability for the /scripts/pkgacct   utility to only tar accounts via gzip . This option reduces the CPU load and overall time that is required to generate a full backup, but it also consumes more disk space.

When you restore backups from read-only media, a working directory is created in a suitable, writable location. The location is determined by the same function that is used when you create an account, based upon the HOMEDIR and homematch   values in the /etc/wwwact.conf file   . The backup is extracted into the working directory, and then the restoration occurs. Afterwards, the working directory is cleared.

The cpmove file location is now output at the end of the packaging process. Prior versions displayed it earlier in the process, which risked the loss of the location due to terminal scroll buffer constraints.

Apache Configuration

Directives that are used by the Prefork MPM are available in the configuration interface found in WHM's Global Configuration interface ( Main >> Service Configuration >> Apache Configuration >> Global Configuration) . These directives include the following:

  • MinSpareServers
  • MaxSpareServers
  • MaxClients
  • MaxRequestsPerChild

API's

  Custom Event Handlers

In 11.26, we began the transition of API2 calls for interaction with the product. To accomplish this, some of the methods used to trigger events were converted into API2 calls.

When an existing function is converted into an API2 call, the function interface changes. This changes the data that is passed to Custom Event handlers.

The following example illustrates the changes in the Email::addpop API call between cPanel & WHM versions 11.24 and 11.26.

Email::addpop in 11.24
 <cpanelevent> <errors></errors> <event>addpop</event> <module>email</module> <params> 
 <param0>username</param0> <param1>password</param1> <param2>100</param2> <param3>domain.com</param3> 
 </params> </cpanelevent> 

Email::addpop in 11.26
 <cpanelevent> <errors></errors> <event>addpop</event> <module>email</module> <params> 
 <domain>domain.com</domain> <email>username</email> <password>password</password> <quota>100</quota> 
 </params> <result> 
 <reason>username+domain.com</reason> 
 <result>1</result> </result> 
</cpanelevent> 

 

DNS Functions

addzonerecord - This API function allows you to add a zone record.

editzonerecord - This function allows you to edit an existing zone record.

getzonerecord  - This function allows you to view DNS zone records associated with a given domain.

removezonerecord -  This function allows you to remove a zone record from the server

resetzone -  This API function will reset a DNS zone to its default values



Reseller Functions

setresellerips - This function lets you add IP addresses to a reseller's account.

setresellerlimits -  This function lets you set limits on the amount of bandwidth and disk space that a reseller can use.

setresellermainip - This function lets you assign a main, shared IP address to a reseller's account.

setresellerpackagelimit - This function allows you to control which packages resellers are able to use. It also lets you define the number of times a package can be used by a reseller.

suspendreseller -This function lets you suspend a reseller, which will disallow a reseller's access to their account.

unsuspendreseller - This function lets you unsuspend a reseller, thereby allowing the reseller to access his or her account.


The following interfaces were changed to use API2 functions:

  • Change MX Record
  • Cron
  • Email Accounts

XML-API  

The XML-API no longer prompts for HTTP authentication. Most of the time this is not an issue. Some HTTP libraries may wait for HTTP authentication requests before they send  headers. Users of such libraries need to adjust usage to send headers with the initial request.

The following functions were added to the XML-API in cPanel & WHM version 11.26:

Account Functions
  • domainuserdata - This function displays information about a given domain, including addon and subdomains, whether CGI aliasing is enabled, log locations, and other details.
  • setsiteip - This function allows you to change the IP address that is associated with a website, or a user's account that is hosted on your server.
  • acctcounts - This function lists the number of accounts owned by each reseller on the server. 
  • setresellernameservers - This function allows you to define a reseller's nameservers.
  • configureservice - This function allows you to enable or disable a service, and enable or disable monitoring of that service.

 

Bandwidth Statistics Generation

The system that is used to display and compile bandwidth statistics received many updates in cPanel & WHM version 11.26. For more information, visit the cPanel change log

Customer Contact

The Customer Contact feature replaces the Support Request system that exists in prior versions. Resellers may configure this feature to display contact details for their support, billing and sales departments.

The feature retains the ability to allow contact submissions via email or external applications. A simplified branding editor in this interface allows the reseller to modify the cPanel  interfaces that are used by this feature.

This feature is available to all resellers. Configuration and template data for each reseller is stored in the cpanelbranding directory in the reseller's /home directory. For the root   user this is the /var/cpanel/cpanelbranding file. Configuration data is stored in the contactinfo.yaml file, while branding related changes are stored in one of the following:

Database Soft Quotas

The file that is used to cache the number of databases owned by an account moved from /home/user/.cpanel/datastore/mysql-db-count to /var/cpanel/datastore/user/mysql-db-count  

The PostgreSQL cache file is now /var/cpanel/datastore/user/postgres-db-count .

To keep the cache file current, a cron job periodically executes the /scripts/update_db_cache command   .

As with the database counts, the disk usage calculation is handled by  the /scripts/update_db_cache script, which executes every four hours. This script is executed upon enabling the Tweak Setting. Administrators may also execute this script to recalculate the figures. The disk usage figures are stored in the /var/cpanel/datastore/mysql-disk-usage file and the /var/cpanel/datastore/postgres-disk-usage file. The file contents are a colon (:) separated list of user names and figures in bytes. For example:

root@c5vm [~]# cat /var/cpanel/datastore/mysql-disk-usage user1: 0 user2: 3190942 user3: 42519945 

Support for the /scripts/updatemysqlquota script ends in cPanel & WHM version 11.26. Per this change,  /scripts/updatemysqlquota is no longer distributed with the product.

DNS Clustering

Certain dnsadmin operations are now performed in batches. This reduces both the memory needed during large operations, and the amount of time that is needed to perform the operation.

Each cPanel & WHM version 11.26 cluster member may now configure a peer failure threshold. This option is found in the Configure Cluster interface in WHM. The threshold specifies how many dnsadmin commands a peer may fail to respond to before that peer is automatically disabled. The threshold is local to the server where it is stipulated.

By default, each cPanel & WHM version 11.26 cluster member will notify the system administrator when peers are disabled due to reaching the failure threshold. The notifications are sent to the High priority destinations as set in the Contact Manager in WHM.

The amount of time between BIND restarts that are issued by dnsadmin is configurable via a new option in the WHM Tweak Settings interface. This option is labeled:

Number of seconds dnsadmin will wait before restarting BIND.

Additional restart requests that are issued in this time period will be silently discarded. On systems that process very frequent DNS updates, a setting of 300 or 600 seconds is recommended. On systems with few DNS changes, the default setting of 0 is recommended. Note that DNS changes will not take effect until the restart is complete.

Prior versions would use two separate dnsadmin calls to add a zone and reconfigure BIND. In cPanel & WHM version 11.26, this common activity is reduced to a single dnsadmin call.  

Email Addresses

cPanel & WHM version 11.26 expands the range of acceptable characters in the local part of email addresses to be closer in line with RFC 5322. Addresses that are created and managed by cPanel have the following limitations:

  • Disallowed characters that have special meaning to the shell:  &'`*|

  • Disallowed characters due to use as data value separators: @:%
    • Prior versions of cPanel only accepted the dash (-), underscore (_), and period (.) in the local part of an email address.
    • Interfaces that accept an email address for contact purposes should accept all RFC 5322 characters in the local part.
    • When upgrading to 11.26, email accounts with quotas larger than 2 GB will be upgraded to unlimited . This is due to the limitations of large quota values with Exim and Courier.

Email Accounts X3 Interface

This interface is replaced with a new JSON-based AJAX interface. A limited Javascript version exists for users who disable or block Javascript. The new JSON interface consumes less memory in the browser and is more responsive.

The pagination and display of this interface now handles thousands of accounts quickly and efficiently.

Fetch CSV

The Fetch CSV feature within the List Accounts interface received the following improvements in cPanel & WHM version 11.26:

  • Column headers are now provided.

  • The generated file now contains every column that is in the List Accounts interface.

Integration

The Digest::MD5 Perl module is no longer bundled with the cPanel and WHM application suite. Existing applications and cPAddons that rely upon this Perl module being provided by cPanel will not function properly after you upgrade to cPanel & WHM version 11.26.  

Developers can address this change in one of two ways:


1. Use the
md5_fallback.pm functionality that is provided in the OSCommerce cPAddon.

2. Bundle the Digest::Perl::MD5 Perl module with their application.

Localization  

cPanel & WHM version 11.26 comes with a new localization system: Cpanel::Locale This new system simplifies the translation and localization of cPanel, WHM, themes and command line applications. Cpanel::Locale is backwards-compatible with existing translation methods and language files.

Cpanel::Locale uses an XML format for interoperability. Two new interfaces in WHM make provision for importing and exporting a locale using XML.

Languages are now identified in the system by the two-letter ISO 639 code. Territory-specific languages are indicated by the two-letter ISO 639 code, followed by an underscore, then the two-letter ISO 3166 code.


For more information, visit the Wikipedia article about ISO_639

Prior versions of cPanel & WHM presented languages in two or sometimes encodings: UTF-8 and Latin1 (ISO 8859-1). This caused unnecessary confusion and made translation more difficult. Languages that are used by Cpanel::Locale use UTF-8 unless there is a very specific reason not to.

Cpanel::Locale is more memory-efficient than the prior system, since phrases are only loaded when requested by the user interface.


Complete phrases are available for translation, a format more flexible than the prior method of translating phrase frag- ments.

The list of phrases in a language, known as a lexicon, is stored locally in YAML format and is subsequently compiled into GDBM databases. This introduces a new dependency into the system, the GDBM_File Perl module.

Although GDBM_File is a core Perl module, it will only exist if libgdbm was present when Perl is installed from source. On systems where Perl is installed via a binary package, this module may still not exist unless libgdbm was also installed. For example, on Red Hat Enterprise and CentOS systems, if the Development Tools package group is installed, then the GDBM File module will exist.

To account for systems that do not have the GDBM_File module installed, /scripts/checkperlmodules is updated to install GDBM_File. If necessary, libgdm   will be built from source and installed to /opt .

If you receive the error message "Can't locate GDMB_File.pm in @INC... on your system, execute the  /scripts/checkperlmodules script to resolve it.

Warning:

Application and theme developers should no longer use Cpanel::Lang::LANG in their products, as it is no longer supported.

Log Processing

In cPanel & WHM version 11.26, the way Apache and Bandwidth logs are processed changed. To process logs, perform the following steps:

  1. Construct a list of all logs that need processed.
  2. Move each log in the list to a backup version  

  3. Restart Apache if at least one file was moved to a backup version.

  4. Process the backup version of the logs.
  5. Remove the backup version of the logs.
     

Notes:

  • A backup of the bandwidth bytes logs is always created and processed as above.
  • A backup of the access log(s) is only created if the log processing configuration instructs the log processing to delete rather than preserve the log. In this case, the file is processed in place.

MX Editor

In cPanel & WHM version 11.26, we updated the cPanel and WHM MX Editor interfaces and subsystems.

cPanel's Editor interface is JSON powered and requires JavaScript to function.

In cPanel & WHM version 11.26, we also improved the method that is used to configure how the local server routes mail. The following options configure how mail is to be handled by the local server:

  • Automatically Detect MX Configuration

  • Local Mail Exchanger

  • Backup Mail Exchanger

  • Remote Mail Exchanger

These options are presented in the Email Routing section of   cPanel's MX Entry interface. A brief description of each option appears in the cPanel interface. The description includes how the option will change the way the local system handles email for the domain being modified. This setting may be changed independently from the action of the modification of a MX record.

Any modifications to Email Routing for a domain changes, or adds, an entry to the cPanelTM user file, which is typically the /var/cpanel/users file.

Both MX Editor interfaces support multiple MX entries of the same priority.

Password Strength Validation

In cPanel & WHM version 11.26, we improved the algorithm that is used to rate the strength of a password. This may cause passwords that had high ratings with the prior algorithm to be rated as less strong.

The password validation used on various forms is now in sync with the server side algorithm. This eliminates inconsistencies that exist in cPanel & WHM version11.24 and prior versions.

Spaces are no longer accepted in passwords.

PostgreSQL

The PHPPgAdmin link in cPanelTM now logs the user in to PHPPgAdmin automatically. The configuration of PostgreSQL within WHM is also more reliable.

Pure-FTPd

Version 1.0.22 and higher of this popular FTP daemon allows the administrator to enforce TLS encryption on both the command and data channels of an FTP session. The FTP Server Configuration interface in WHM is updated to provide access to this feature.

The Broken Clients Compatibility directive is added to the WHM FTP Server Configuration interface. When enabled, this directive causes Pure-FTPd to ignore parts of the FTP protocol standards, to improve compatibility with some buggy FTP clients and firewalls.


Reseller Nameservers

In cPanel & WHM version 11.26, we simplified the Basic cPanel & WHM Setup interface. In previous versions of cPanel & WHM, this was available only for the root user in the Edit Privileges/Nameservers interface in WHM's Reseller Center. This feature is automatically available for all Resellers and is not governed by ACLs.

Roundcube

In cPanel & WHM version 11.26, we added support for SQLite as the RoundCube data store. When this option is enabled, each email account receives its own SQLite database file, which resides in the  /home/user/etc/example.com/user.rcube.db file The database file for the cPanelTM account is /home/user/etc/ example.rcube.db  

This feature also changes the process ID of webmail logins for RoundCube sessions. Rather than being owned by the cpanelroundcube user, the process is owned by the cPanelTM system account that owns the email account. For example:

User owned roundcube session
 example 27245 0.3 1.8 20764 9340 ? Ss 22:10 0:00 webmaild - serving 10.250 


Pre-conversion Considerations

Before you perform the conversion, consider the following matters:

  • The upgrade affects the entire server. It is not possible to mix use of the MySQL database and the SQLite database method.

  • RoundCube only supports SQLite version 2, which is the default version provided by PHP 5.

  • SQLite version 2 databases are incompatible with SQLite version 3 utilities.

  • No system utilities are provided for managing the SQLite databases. This means no sqlite binary is installed by which a system administrator may view or manage a SQLite version 2 database.

  • Conversion is an elective process, with no support for a return to use MySQL for the database. As with any volatile system change, ensure that current, tested system and account backups exist.

  • Each email account has its own SQLite database. This database is stored in the /etc   directory of the cPanel account home directory that owns the email account.

  • Since the SQLite database is placed in the /home/user directory , it is included in the disk usage calculations and file system quota.

    Disk Usage Warning:

    RoundCube stores information about each email message in the database. Tests show that, on average, 1 MB of disk space is consumed by the SQLite database per 10-15,000 messages in an email account.

    If an account consumes its remaining disk quota in the conversion process, the remainder of the email addresses for the account are skipped. The conversion process will proceed with the cPanelTM accounts that remain. Once conversion is complete, the account(s) whose quota was consumed by the process will need disk space freed, or the quota increased. Then, conversion for the account may be completed with the /scripts/convert_roundcube_mysql2sqlite method described in the SQLite Maintenance and Utilities section.

Converting to SQLite

The conversion to SQLite is accomplished by executing the /scripts/convert_roundcube_mysql2sqlite command

The convert_roundcube_mysql2sqlite script will first convert the MySQL RoundCube database to the SQLite databases to which it corresponds. Since the MySQL database contains all data for every email account that uses RoundCube, this part of the conversion can be a lengthy process. After database conversion, RoundCube is reconfigured to use SQLite, and the process completes. Any errors encountered are reported on the console.

After you perform the conversion, the MySQL RoundCube database is no longer needed and may be dropped.

SQLite Maintenance and Utilities

Once the server is converted, individual cPanelTM accounts may be converted with the /scripts/convert_roundcube_mysql2sqlite user command . This script accepts a single parameter: user .

An SQLite configured RoundCube is updated with the /usr/local/cpanel/bin/update-roundcube-sqlite command . If you call the  /usr/local/cpanel/bin/update-roundcube command on an SQLite configured system, it results in a warning message and the proper script is exec eed.

SQLite versions prior to 3.1 do not automatically VACUUM a database. The VACUUM returns unused disk space to the operating system. For more information, visit the SQLite FAQ

To work around this, a VACUUM routine is added to RoundCube's logout sequence. Users that click the logout link in RoundCube will have their database automatically VACUUM ed.

Disk Usage Warning

The VACUUM command will temporarily consume twice the disk space consumed by the database file. As this happens in the  /home/user/etc file, it is possible for the process to consume the rest of the disk quota of the cPanel account.

VirtFS and Jailshell

When an account is terminated an account, the VirtFS mounts for the account are removed.

The VirtFS mounts for an account are cleared when changing the shell of the account. This only happens automatically when you use WHM's Manage Shell Access interface (Main >> Account Functions >> Manange Shell Access.


Session Disruption

If a user has an active jailshell session when the Administrator changes the user's shell, the user's connection is terminated. This is necessary to allow successful removal of the bind mounts used in the jailshell environment.

Administrators may use the /scripts/clear_orphaned_virtfs_mounts script to clear VirtFS mounts.  This script only removes the mounts for users who no longer use jailshell or no longer exist. This script accepts the following parameters:

  • --help - Outputs brief description of the command and accepted parameters.
  • --errorsonly - Limit output to error messages.

Jailshell sessions now include the name of the logged-in account in the process table.  For example:

Jailshell login name
root@pxe [~]# ps ax | grep jail 20847 pts/2 Ss 0:00 jailshell (case899) [20953] 

Added Features

 cPanel  DNS Editors

In cPanel & WHM version 11.26, the X3 interface includes both a Simple DNS Editor and an Advanced DNS Editor feature. The Simple DNS Editor feature is enabled by the default. The Advanced DNS Editor Feature is disabled by default. Access to either editor is handled via WHM's Feature Manager (Main >> Packages >> Feature Manager).

Simple DNS Editor

cPanel's Simple DNS Editor interface permits users to add and remove A and CNAME resource records for existing zones. No editing of records is permitted in this interface. To edit a record, the existing one must first be deleted. Duplicate A records are permitted.

A Record : The user is permitted to supply the name of the record and an IP address. The TTL specified in the WHM Basic cPanel/WHM Setup interface is used.

CNAME Record : the user is permitted to supply the name and CNAME of the record. The TTL specified in the WHM Basic cPanel/WHM Setup interface is used.

Advanced DNS Editor

The Advanced DNS Editor lets users add, edit and delete A, CNAME and TXT resource records. The user may specify the TTL when creating or modifying the record.

Both editors automatically append the name of the domain being modified to new records.


Custom MIME Types for cpsrvd

Administrator defined MIME-types may be added to cpsrvd. This is accomplished by adding entries to /var/cpan- el/config/cpsrvd/custom_mime_types . As shown in Example 6, “Custom MIME Types” the file format is:

  • Entries are new-line separated.

  • Entry is a key=value  

  • The key portion of the entry represents the file extension. The value represents the MIME type.

    Custom MIME types
     xls=application/vnd.ms-excel txt=text/plain 

File and Directory Access Optimization

A common tactic used to improve file systerm performance is to use the noatime mount option for a mount point. The ext family, begining with ext2 , supports disabling atime for individual files and directories. This can be accomplished with the following command:

cPanel & WHM version 11.26 uses the /usr/local/cpanel/bin/optimizefs    to disable the atime attribute for a specific list of files and directories. A cron job is created to perform this optimization periodically. As of cPanel & WHM version 11.26, the list of files and directories modified by this cron job are: 


 

Files
 
/etc/relayhosts
/etc/wwwacct.conf
/etc/wwwacct.conf.shadow
/etc/wwwacct.conf.shadow.cache  
/etc/wwwacct.conf.cache
/etc/relayhostsusers
/etc/cpbackup.conf
/etc/cpbackup.conf.cache
/etc/exim.pl
/etc/exim.pl.local
/etc/passwd
/etc/shadow
/etc/group
/etc/termcap
/etc/fstab
/etc/localtime
/usr/local/cpanel/cpanel.lisc
 /usr/local/cpanel/cpsanitycheck.so 

Directories 

/usr/local/cpanel/base/frontend
/etc/valiases
/etc/vfilters 
/etc/vdomainaliases
/var/cpanel/adminsessions 
/usr/local/apache/domlogs 


JSON API

In cPanel & WHM version 11.26, we added support for JSON output from an API call. Developers can use /json-api rather than /xml-api to activate JSON output.   


MySQL Upgrade

A new interface to manage the MySQL upgrade process is available in cPanel & WHM version in 11.26. The new interface is found in WHM's Software interface (Main >> Software). The MySQL version selection is removed from Tweak Settings.

The new MySQL Upgrade interface walks you through the upgrade process. This process typically requires you to rebuild PHP for Apache and sometimes for cPanel. The majority of the process may be accomplished unattended.

The interface only supports an upgrade to the versions, for example from MySQL 4.1 to MySQL 5.1. It does not support a downgrade. Down grades are not recommended.

As part of the MySQL upgrade, the version of PHPMyAdmin that is installed may change. This happens when you upgrade from MySQL 4.0 or 4.1 to MySQL 5.0 and higher.

PHP Version Incompatibility

PHPMyAdmin 3 is not compatible with PHP 4. cPanel provides PHP 5.2.6 for the internal PHP binary. This binary, at /usr/local/cpanel/3rdparty/bin is used to serve the internal PHP applications that ship with the product, such as PHPMyAdmin. If this binary has been modified, or overwritten to be PHP 4, then complications will arise with PHPMyAdmin when you upgrade to MySQL 5.0.

Security Improvements

Cross-site request forgery (CSRF or XSRF) attack prevention is improved with the addition of several options in the WHM Tweak Settings interface.

Referer Checks against Destination URL

Along with the blank referer check that existed in prior versions, server owners may now require the domain and port (or IP address and port) combination in the referer to match the destination URL. To enforce this, enable the following Tweak Settings option:

Only permit cpanel/whm/webmail to execute functions when the browser provided referrer (Domain/IP and Port) exactly matches the destination URL.

This will help prevent XSRF attacks, but may break integration with other systems, login applications, and billing software. Cookies are required with this option enabled.

Security Tokens

The new security token feature prevents XSRF attacks by injecting a token unique to the session into the URL. We strongly recommend the use of this feature. You can enable this feature with the following option in Tweak Settings :

Require security tokens for all interfaces.

This will greatly improve the security of cPanel and WHM against XSRF attacks, but may break integration with other systems, login applications, billing software and third party themes.

Product Incompatibility Warning

The Security Tokens feature will break third party applications, scripts and themes that are not updated to work with Security Tokens. Information about the Security Token feature was sent to Third Party developers in advance. Ensure that any third party products integrated with cPanel are fully updated before you enable this feature.


Backwards Incompatibility Warning

Active cPanel, Webmail and WHM sessions will generate 404 Error messages if the security token feature is enabled and the system is subsequently downgraded to cPanel & WHM version 11.24.4. Active sessions will need to log out manually, then log in again. To manually logout, change the URL to /logout/

IP Address Validation

To improve security of cookie based logins server owners can opt to record the client IP Address in the server and client side cookies. The IP address is subsequently validated for each request during the session. This option is enabled via the following Tweak Setting :

Validate the IP addresses used in all cookie based logins.

This will limit the ability of attackers who capture cPanelTM session cookies to use them in an exploit of the cPanelTM or WebHost Manager interfaces. For this setting to have maximum effectiveness, proxy domains should also be disabled.

Other Security Improvements  

Disabling Root Login to cPanel

Server administrators can prevent root login to the cPanel interface. This is a refinement of the existing reseller override feature, wherein both the reseller and root user may access a cPanel account via the account name and the root or reseller password.

To restrict root access, enable the following option in Tweak Settings :

Only allow reseller to log in to users' cPanelTM interface with reseller password

Require SSL Authentication for Remote Logins

It is now possible to disable all authentication and access on the non-SSL ports used by cpsrvd . These ports are:

  • 2082
  • 2086
  • 2095

This is accomplished by setting the following configuration item in Tweak Settings :

Require SSL for all remote logins to cPanel, WHM and Webmail.

Note:

This setting is recommended.

 

When you enable this setting, the access of the non-SSL ports produces a page that contains a link which redirects the user to the SSL port. Logins that originate from localhost are still allowed when you enable this setting.

 

Warning

  • This Tweak Settings option disables access on the non-SSL ports.
  • Custom scripts and third-party applications that access the server remotely must use the SSL ports.
  • Bookmarked URLs that use the non-SSL ports will need to be updated to use the SSL port. When a user clicks a bookmark that uses the non-SSL port, the link is not carried through the manual redirect to the SSL port.
Session Handling

Sessions that are inactive for eight hours or more are now invalidated. Subsequent use of such session will force re-authentication. Invalidated, or inactive, session files are purged from the system every 20 minutes.

To determine which of the new settings to activate, we recommend the following:

  • Require SSL for all remote logins to cPanel, WHM and Webmail.

  • Require security tokens for all interfaces.

  • Validate the IP addresses used in all cookie based logins.


Task Queue

Events in cPanel often cause one or more services to be restarted. For example, a user who adds a subdomain causes a restart of Apache and the nameserver daemon. On busy servers, such restart requests can cause quality of service issues.

To handle these requests, cPanel & WHM version 11.26 comes with a task queueing and processing system. cPanel subsystems that are aware of the task queue submit their requests to it, rather than issue the restart request directly.

A primary benefit of the task queuing system is that multiple requests for an outstanding request are handled as a single action. At this time, only the Apache restarts that are issued by the Tweak Settings interface are task queue-aware.

There are two aspects of the task queueing system: the queueing mechanism and the queue processor. The Queueing of tasks is handled via /usr/local/cpanel/bin/servers_queue, which has the following usage:

/usr/local/cpanel/bin/servers_queue  [queue command] [unqueue task id]


unqueue id

The queue parameter requires a command string as an argument. The command string should be quoted. For example:

root@example [~]# /usr/local/cpanel/bin/servers_queue queue 'apache_restart' Id: TQ:TaskQueue:4 


Only commands that are known to the task queueing system are accepted. Providing an unknown command returns an error. For example:

root@example [~]# /usr/local/cpanel/bin/servers_queue queue 'buildapacheconf' ERROR: No known processor for 'buildapacheconf'. at /usr/local/lib/perl5/site_pe 


Requires a task ID number.

This is output when you queue a task. You can also examine the /var/cpanel/taskqueue/servers_queue.yaml file for the task ID number.

For example:

root@pxe [~]# /usr/local/cpanel/bin/servers_queue queue 'apache_restart' Id: TQ:TaskQueue:8 root@pxe [~]# /usr/local/cpanel/bin/servers_queue unqueue TQ:TaskQueue:8 1 tasks unqueued 

The task queue is processed periodically by a new daemon called queueprocd   , which resides in the /usr/local/cpanel/libexec    The daemon is started by the cPanel start-up process. It may be managed with the /scripts/restartsrv_queueprocd script. 


Web Template Editor

In cPanel & WHM version 11.26, we added the Web Template Editor interface to WHM (Main >> Account Functions >> Web Template Editor).  The Web Template Editor presents a unified method that you can use to modify various Apache templates. Some of these templates were available to edit in prior versions of cPanel & WHM. This interface is automatically available to all resellers.

The templates available are:

  • Default Web Page

  • Suspended Account Page

  • Account Moving Page

  • Connection Detection Page

The Template Toolkit provides the template processing engine.

The following CGI binaries in the /usr/local/cpanel/cgi-sys handle the display of the templates:

  • defaultwebpage.cgi
  • movingpage.cgi
  • suspendedpage.cgi
  • templatepreview.cgi

This initial implementation only supports the creation and serving of templates in English. Future versions of this interface will support more languages.

Application Updates

The following applications are upgraded in cPanel & WHM version 11.26:

  • glib to 2.20.0
  • Mailman to 2.1.13

  • phpMyAdmin 2 to 2.11.10

  • phpMyAdmin 3 to 3.2.4

  • Pure-FTPd to 1.0.22

  • RoundCube to 0.3.1

  • SquirrelMail to 1.4.21

Appendix A: Issues Resolved in   11.26

To see a list of issues that were addressed in cPanel & WHM version 11.26, visit the cPanel change log

  • No labels