Two Factor Authentication

[DmC]

Hello again xD

 

I was reading a bit on cPanel documentation:

 

https://documentation.cpanel.net/display/68Docs/Two-Factor+Authentication+for+cPanel

 

You may consider enable it for us as it provides a strong security layer

[wolstech]

That requires cpanel 68, the newest version we run is 66, and that's on Ricky. Tommy has 64, and Johnny is even older (and can't be updated yet due to the RoR support).

 

We rarely if ever update cpanel because all of our custom stuff breaks when we do. Upgrading cpanel is basically the second most involved thing we can do to just rebuilding the whole server.

[Krydos]

Please post the following information:

• Your cPanel username
  
• Your main domain
  
• The server that you are on
  

[ziad87]

[deleted, fool for not reading enough]

Edited April 28, 2018 by ziad0

[ziad87]

Actually wait, it seems like it IS supported on Tommy and Ricky : see here for version 64

 

I don't know Johnny's cpanel version though...

Edited April 28, 2018 by ziad0

[DmC]

<p>

Please post the following information:

• Your cPanel username
• Your main domain
• The server that you are on

Deny@

Edited April 29, 2018 by DmC

[Krydos]

I enabled two-factor authentication on Tommy. I actually thought it was enabled already. Not sure why it would be off by default.

[DmC]

I enabled two-factor authentication on Tommy. I actually thought it was enabled already. Not sure why it would be off by default.

 

Edit:

 

I can't see it under "password & security"

Edited April 29, 2018 by DmC

[ziad87]

Me neither.

Also, (you don't have to) you should get cpanel LTS(Long term support) That way it isn't an upgrade of features but security and bug patches.

[wolstech]

Our custom stuff modifies a bunch of cPanel files and scripts so releases of theirs that reinstall or updates most/all files in cpanel will break the service.

 

Does the LTS version update/replace fewer files per release, or does it still do a mass file replacement every time, but make fewer changes/enhancements? If it only patches a few files here and there as opposed to basically reinstalling it during update, it may be something we could consider for future servers.

[wolstech]

 

I enabled two-factor authentication on Tommy. I actually thought it was enabled already. Not sure why it would be off by default.

 

Edit:

 

I can't see it under "password & security"

It has its own page under Security on the cpanel home page. It's right near the SSL options.

[ziad87]

Our custom stuff modifies a bunch of cPanel files and scripts so releases of theirs that reinstall or updates most/all files in cpanel will break the service.

 

Does the LTS version update/replace fewer files per release, or does it still do a mass file replacement every time, but make fewer changes/enhancements? If it only patches a few files here and there as opposed to basically reinstalling it during update, it may be something we could consider for future servers.

I don't know. I only have a centos box with the cpanel edge tier...

But I think any update redownloads that install.sh

so I think it will wipe your modified scripts  .

But no confirmation there

 

(and there goes my 2fa!)

[DmC]

 

 

 

 

 

I enabled two-factor authentication on Tommy. I actually thought it was enabled already. Not sure why it would be off by default.

Edit:

I can't see it under "password & security" 

It has its own page under Security on the cpanel home page. It's right near the SSL options.

 

I saw It. Thanks

 

Our custom stuff modifies a bunch of cPanel files and scripts so releases of theirs that reinstall or updates most/all files in cpanel will break the service.

Does the LTS version update/replace fewer files per release, or does it still do a mass file replacement every time, but make fewer changes/enhancements? If it only patches a few files here and there as opposed to basically reinstalling it during update, it may be something we could consider for future servers.

 

Well we're getting really off-topic here but I can't resist to ask.

 

If cpanel is not getting updated, how security patches are applied for it?

 

I mean cpanel has access throughout the whole system should't it be always patched?

Edited April 30, 2018 by DmC

[ziad87]

You do have a point, but theres still the possibility that it patches a modified Heliohost file, thus breaking, well, Heliohost...

[wolstech]

If cpanel is not getting updated, how security patches are applied for it?

 

They're not. We do install the Centos updates though. If we installed the cpanel uplates as they intended, this service wouldn't function. Cpanel is only meant to handle a few hundred accounts per server. We've customized it to the extent that got 10,000 accounts out of 10 year old hardware...(Johnny), and it's actually stable, provided someone is not abusing the service.

 

Cpanel's own support has even recognized us as one of their most extreme use cases for what we've managed to do with it. Based on their design guidelines, we should have about 20 servers (they recommend about 400 accounts/server). We have 3.