cPanel Announces Account Based Pricing

cPanel LLC. recently announced they are moving to an account-based licensing and pricing structure. Previously you could purchase a license with no limit on the number of accounts you could create on a server. We’re sorry to say that is no longer the case. You will now have to purchase a license based on the number of accounts you have created, or plan to create on your server.

If your an existing customer nothing will need to be done on your part to continue using your licenses. We will be automatically converting all existing licenses to there most appropriate fixed price plan based on the number of accounts on your server. This change will happen on September 30th, 2019 at which time you will receive an email from us showing what plan your license was converted to and its new price.

Due to the way cPanel is now licensing their product the majority of users will see an increase in the cost of their license. We understand nobody wants to see a price increase but unfortunately, this is out of our control.

cPanel LLC. also announced the immediate discontinuation of their annual term license types. Customers with an existing annual license will continue to be able to use this unlimited account license until the end of its term at which time the license will be automatically converted to a fixed priced license based on the number of accounts on the server.

New Plans & Pricing

Below is a list of cPanel’s new fixed priced plans. Please note that some licenses can only be run on cloud servers (virtual servers) and other’s can run on metal servers (dedicated Servers). Each license has a hard limit on the number of accounts that can be created.

Plan Name Account Limit Monthly Price Type
cPanel Admin 5 $20 Cloud Only
cPanel Pro 30 $30 Cloud Only
cPanel Plus 50 $35 Cloud Only
cPanel Premier 100 100 $45 Metal & Cloud
cPanel Premier 125 125 $50 Metal & Cloud
cPanel Premier 150 150 $55 Metal & Cloud
cPanel Premier 175 175 $60 Metal & Cloud
cPanel Premier 200 200 $65 Metal & Cloud
cPanel Premier 225 225 $70 Metal & Cloud
cPanel Premier 250 250 $75 Metal & Cloud
cPanel Premier 300 300 $85 Metal & Cloud
cPanel Premier 350 350 $95 Metal & Cloud
cPanel Premier 400 400 $105 Metal & Cloud
cPanel Premier 450 450 $115 Metal & Cloud
cPanel Premier 500 500 $125 Metal & Cloud
* Additional plans are available to those who require a license with an account limit higher than 500. Those plans are available in 50 account increments at a cost of $10 per 50 additional accounts.

cPanel TSR-2017-0006 Announcement

cPanel TSR-2017-0006 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 2.0 to 8.8.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

 

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

68.0.15 & Greater
66.0.34 & Greater
64.0.42 & Greater
62.0.35 & Greater

The latest public releases of cPanel & WHM for all update tiers are available at http://httpupdate.cpanel.net.

 

SECURITY ISSUE INFORMATION

The cPanel Security Team and independent security researchers identified the resolved security issues. There is no reason to believe that these vulnerabilities have been made known to the public. As such, cPanel will only release limited information about the vulnerabilities at this time.

Once sufficient time has passed, allowing cPanel & WHM systems to automatically update to the new versions, cPanel will release additional information about the nature of the security issues. This Targeted Security Release addresses 23 vulnerabilities in cPanel & WHM software versions 68, 66, 64, and 62.

Additional information is scheduled for release on November 21, 2017.
For information on cPanel & WHM Versions and the Release Process, read our documentation at:
https://go.cpanel.net/versionformat

EasyApache 2017-11-07 Security Release

SUMMARY
cPanel, Inc. has released updated RPMs for EasyApache 4 on November 7, 2017, with OpenSSL 1.0.2m. This release addresses vulnerabilities related to CVE-2017-3736 and CVE-2017-3735. We strongly encourage all OpenSSL users to upgrade to version 1.0.2m.

 

AFFECTED VERSIONS
All versions of OpenSSL through 1.0.2l

 

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

 

CVE-2017-3735 – LOW
OpenSSL 1.0.2m
Fix parse error in the IPAdressFamily extension related to CVE-2017-3735

 

CVE-2017-3736 – MEDIUM
OpenSSL 1.0.2m
Fix carry propagating bug in x86_64 Montgomery squaring procedure related to CVE-2017-3736

 

SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on November 7, 2017, with an updated version of OpenSSL version 1.0.2m. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM’s Run System Update interface.

 

REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2017-3736
https://nvd.nist.gov/vuln/detail/CVE-2017-3735
https://www.openssl.org/news/secadv/20171102.txt

EasyApache 2017-10-31 Security Release

SUMMARY
cPanel, Inc. has updated RPMs for EasyApache 4 with PHP versions 5.6.32, 7.0.25 and 7.1.11, and released EasyApache 3.34.19 with PHP version 5.6.32 on October 31, 2017. This release addresses vulnerabilities related to CVE-2016-1283. We strongly encourage all PHP 5.6 users to upgrade to versions 5.6.32, all PHP 7.0 users to upgrade to version 7.0.25, and all PHP 7.1 users to upgrade to version 7.1.11.

 

AFFECTED VERSIONS
All versions of PHP 5.6 through 5.6.31
All versions of PHP 7.0 through 7.0.24
All versions of PHP 7.1 through 7.1.10

 

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2016-1283 – HIGH
PHP 5.6.32
Fixed bug in PCRE related to CVE-2016-1283

PHP 7.0.25
Fixed bug in PCRE related to CVE-2016-1283

PHP 7.1.11
Fixed bug in PCRE related to CVE-2016-1283

 

SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on October 31, 2017, with a updated versions of PHP versions 5.6.32, 7.0.25, and 7.1.11. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM’s Run System Update interface.

cPanel, Inc. has released EasyApache 3.34.19 with an updated versions of PHP 5.6.32. Unless you have disabled EasyApache updates, the EasyApache application updates to the latest version when launched. Run EasyApache to rebuild your profile with the latest version of PHP.

 

REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2016-1283
http://www.php.net/ChangeLog-5.php
http://www.php.net/ChangeLog-7.php

EasyApache 2017-10-16 Security Release

SUMMARY
cPanel, Inc. has released updated RPMs for EasyApache 4 on October 16, 2017, with a patch for Passenger. We strongly encourage all Passenger users to update their system to obtain the patch.

 

AFFECTED VERSIONS
All versions of Passenger

 

DESCRIPTION
This update patches a vulnerability where a user can list the contents of arbitrary files on the system when Passenger runs as the root user.

 

SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on October 16, 2017, with a patch for Passenger. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM’s Run System Update interface.

 

REFERENCES
https://blog.phusion.nl/2017/10/16/passenger-5-1-11/
https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/

Account DNS Check version 13 released

We are pleased to announce version 13 of our Account DNS Check WHM plugin has been released! This release updates this plugin to use cPanels new API tokens for API calls since cPanel has deprecated the old accesshash authentication method. We also updated the UI in accordance to WHM’s new frame-less interface. This means the WHM header and sidebar will be present again when using this plugin.

You can upgrade in one of two ways.

  1. Log into the WHM and click on the Account DNS Plugin. You should see a new version notice, click the upgrade link!
  2. Log into your server as root via the console or SSH and run the following command /var/cpanel/addons/accountdnscheck/bin/upgrade

Please submit any bugs or issues to support@ndchost.com.  Thank you!

cPanel TSR-2017-0005 Announcement

 

cPanel TSR-2017-0005 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 2.2 to 7.8.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

66.0.23 & Greater
64.0.40 & Greater
62.0.30 & Greater
60.0.48 & Greater
56.0.52 & Greater

The latest public releases of cPanel & WHM for all update tiers are available at http://httpupdate.cpanel.net.

SECURITY ISSUE INFORMATION

The cPanel Security Team and independent security researchers identified the resolved security issues. There is no reason to believe that these vulnerabilities have been made known to the public. As such, cPanel will only release limited information about the vulnerabilities at this time.

Once sufficient time has passed, allowing cPanel & WHM systems to automatically update to the new versions, cPanel will release additional information about the nature of the security issues. This Targeted Security Release addresses 11 vulnerabilities in cPanel & WHM software versions 66, 64, 62, 60, and 56.

Additional information is scheduled for release on September 19, 2017.
For information on cPanel & WHM Versions and the Release Process, read our documentation at:
https://go.cpanel.net/versionformat

For the PGP-Signed version of this announcement please see: https://news.cpanel.com/wp-content/uploads/2017/09/TSR-2017-0005.announcement.signed.txt

cPanel TSR-2017-0003 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 2.2 to 8.8.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

64.0.21 & Greater
62.0.24 & Greater
60.0.43 & Greater
58.0.49 & Greater
56.0.49 & Greater

The latest public releases of cPanel & WHM for all update tiers are available at http://httpupdate.cpanel.net.

SECURITY ISSUE INFORMATION

The cPanel Security Team identified the resolved security issues. There is no reason to believe that these vulnerabilities have been made known to the public. As such, cPanel will only release limited information about the vulnerabilities at this time.

Once sufficient time has passed, allowing cPanel & WHM systems to automatically update to the new versions, cPanel will release additional information about the nature of the security issues. This Targeted Security Release addresses 24 vulnerabilities in cPanel & WHM software versions 64, 62, 60, 58, and 56.

Additional information is scheduled for release on May 16, 2017.
For information on cPanel & WHM Versions and the Release Process, read our documentation at:
https://go.cpanel.net/versionformat

HipChat server image is now available!

We are pleased to announce that our Cloud Server platform now supports purpose built images and our first image is “HipChat Server v2.2.2”. HipChat is a popular team collaboration tool that allows your team to communicate with one another though 1-to-1 chat, group chat, or video chat. It also allows you to share files, screen share, and do a lot more.  For more information on HipChat, please visit their website at http://www.hipchat.com. Keep an eye out for more of our purpose built images as they become available. If you would like to see a specific App image feel free to send us a request to support@ndchost.com.

Deploying our HipChat server image.

  1. First step is to login to our customer portal by going to https://customer.ndchost.com.  If you do not know your login details they can be reset using the “forgot password” tool.
  2. From the top navigation menu click “My Services” and then “Services”.
  3. Next find your cloud server instance from the service list and click it.
  4. From the left sidebar, under “Server Manager” click “Deploy New Image”.
  5. Inside the “Choose an image” panel click “Latest Apps” and then select “HipChat Server”
  6. Set your primary disk size and choose a swap disk option
  7. Next you need to set a root password.  The HipChat server by default comes with root access disabled.  You should still set a password, however you will access the server using the same methods described in the HipChat server documentation.
  8. Click Deploy and wait for the server to start.

HipChat server first boot

It may take some time after your initial deploy for the HipChat server to come up.  The reason being that on first boot the HipChat server image runs a post installation script that prepares the server for use. You can expect to wait 5-10 minutes before being able to access HipChat’s web interface!