Search the Community
Showing results for tags 'security'.
Found 8 results
While I was using HestiaCP on my VPS I found out it lacks support to IPv6. In fact, this is on their "to do" since 2020 so it seems it will take a while. Considering that IPv6 support is one of Internet's best practice, what are other free control panel options to use? Some I found while researching were these: CyberPanel: https://cyberpanel.net/ CloudPanel: https://www.cloudpanel.io/ KeyHelp: https://www.keyhelp.de/en/ ISPConfig: https://www.ispconfig.org/ Control-WebPanel (CWP): https://control-webpanel.com/ SPanel (free for the next couple of months since "licensing is in beta (?)"): https://www.spanel.io/ Virtualmin: https://www.virtualmin.com/ Webmin: https://www.webmin.com/ OVIPanel: https://www.ovipanel.in/ aaPanel: https://www.aapanel.com/ Froxlor: https://froxlor.org/ Cloudron (free for two apps): https://cloudron.io/ Ajenti: https://ajenti.org/ Sentora: http://www.sentora.org/ Through a fast analysis from their websites CyberPanel, CloudPanel, KeyHelp, ISPConfig, Control-WebPanel (if you're into RHEL/CentOS based distros), Sentora (supporting Ubuntu 20.04 right now) and SPanel (despite it isn't really free) seems to be the most promising ones. Does anyone have any experience with any of those? Right now I have access just to my HelioHost's VPS so I'm unable to destroy/create my machine and thus it wouldn't be easy to test them, that's why I'm looking for people who had already used and could vouch for one of them.
[Solved] Privacy Error Potential Security Risk
trvricks posted a topic in Customer ServiceThe following message is displayed when I visit my site https://travericks.com. I've attached the screenshots for your reference. Your connection is not privateAttackers might be trying to steal your information from travericks.com (for example, passwords, messages, or credit cards). Learn moreNET::ERR_CERT_AUTHORITY_INVALID However, http://travericks.com renders the page successfully. I prefer to have a secure site with "https" along with "http" Could you please help resolve this?
Did someone access my email?
badrihippo posted a topic in Customer ServiceI got a spam email today, ostensibly from myself, claiming to have access to my data. I know they don't, but the email was "sent-by: gmail" and "signed-by: [my domain]" so I'm wondering if they have access to that password. Is there any way to check server logs and see if an email was sent from my account on Sun 20 Oct 2019 17:00:29 (PDT)? I can provide my ID details and the email header if required (don't want to post it on a public forum). Quick overview of my current setup: I have an "send email" account via cPanel (eg. firstname.lastname@example.org), and several forwarders to my Gmail (email@example.com, firstname.lastname@example.org). When I'm sending, I send via the email@example.com credentials so that it gets signed etc, but the "from" is from firstname.lastname@example.org). Usually, if someone sends a scam email setting the "from" then it'll say something like "from email@example.com via gmail.com", but this seems to have been sent from example.me itself, meaning they might actually have server access
[Solved] Forward Secrecy
pjay posted a topic in Escalated RequestsAlthough not required, I want to achieve A or A+ rating on sslabs on all of my website and blogs. I have achieved this on my other sites that was hosted on different free hosting service. But my site hosted at heliohost or the server itself(tommy) seems to not support Forward Secrecy which halt me from achieving A Ratings.
[Solved] AutoSSL not renewing for site
wspiano posted a topic in Customer ServiceHello, AutoSSL is not renewing on my account. The SSL Status page on CPanel reports the following: > Expired on November 24, 2017. The certificate will renew via AutoSSL. However, it has been much longer than 48 hours (more like a few months), and SSL has not been renewed. Can you please help me? Username: wspiano Site: ws.heliohost.org Server: Tommy Thanks in advance!
Disable Unencrypted Ftp, Webdav, Etc.I'd like to disable all unencrypted authentication into my site's administration. How do I do this?
[Solved] Unexpected Brute Force Protection
ViperFlux posted a topic in Escalated RequestsHello, i don't usually get into my cpanel a lot, only from time to time and today when i tried to get into my cPanel i got a message says that "Brute-Force attack" protection has been activated, I was wondering why is it? i didn't failed in entering my password at all, neither i tried many times. Account: nahawi Server: Stevie Domain: ibnul-nahawi.heliohost.org
[Answered] Hacked SiteHi, I'm quite new at Heliohost, I created my account a few weeks ago. I created my first website, based on latest wordpress 3.4.2, without any additional plugins. I added just a few test themes, added some notes, and I didn't published the website's address nowhere yet. Yesterday (22nd of Nov, at 19:26 to be precise), my main index.php was deleted and replaced by index.html, containing some turkish video on YT, and words "Rea_pErz Was Here". Also the hacker added wordpress theme "This Is Rea_pErz's Shell", written in PHP (of course, I downloaded the files and deleted from the account immediately after). Now, I'm starting to reinstall wordpress and database, change passwords, check all my computers against trojans and viruses, etc. I found, that there was such case on heliohost before - see http://www.helionet.org/index/topic/12493-wordpress-blog-hacked-by-rea-perz/ I have several thoughts on that: - I know that website stats are disabled, but can I access some apache logs? Perhaps I could find out, how someone managed to hack my website? - My password was of medium strength, but it wasn't dictionary word. I guess, that hacker managed to enter the site by some SQL Injection rather, than by password guessing. - how can I protect myself against such attacks, apart from not using plugins in wp, having strong passwords and making backups? - I wonder, how the attacker got address of my website - it was parked domain, made from SeveralConcatenatedPolishWords.pl - there is very small chance someone just guessed the name. - I tried to use user_logs ftp account, to see if I can access some logs, but server dropped the connection with message "home directory not found". I also see, that /var on stevie is 99% full. - I know I have unpaid account, but can I make support request out of this? Such cases can influent more people than me - the hacks could be because of my misconfiguration, but also because of some features of heliohost. I'm not blaming anyone, just I am thinking what do do next.