Skip to main content

EA-10515 - Cpanel Nginx Hardening Security

Comments

9 comments

  • cPRex Jurassic Moderator
    Hey there! mod_userdir can have security implications, but it wouldn't cause anyone to be hacked. Nginx is not compatible with mod_userdir due to the passenger module. Can you be more specific about the symlink and shell protections you're looking for?
    0
  • hostgrup
    I am sending additional file. These harmful contents were in many directories. we have turned on smylink protection. We provided security with disable function. We made csf security check measures. It happened when I used nginx.There is a vulnerability to switch to a directory when using nginx, which I cannot fully resolve.
    0
  • cPRex Jurassic Moderator
    If you believe there is a security issue on the machine it would be best if our team examined that directly through a ticket. Could you submit a ticket to our support team?
    0
  • hostgrup
    I imported the machine from nginx to apache. Shall we refer to this issue and have it examined?
    0
  • cPRex Jurassic Moderator
    Yes, if you could open a ticket with our team that would great.
    0
  • hostgrup
    ok submit ticket #94419085
    0
  • cPRex Jurassic Moderator
    Thanks for that - I am following along with that ticket on my end now as well.
    0
  • cPRex Jurassic Moderator
    Update - our team has created case EA-10515 to look into this issue with the symlinks. I'll post an update as I get more details on that.
    0
  • cPRex Jurassic Moderator
    Update - the case has been resolved and will be in a future version of cPanel. The best way to keep track of this is the EasyApache change log at EasyApache 4 Change Log 2022 | cPanel & WHM Documentation for that case number - once it's listed there, it's available to be used.
    0

Please sign in to leave a comment.