General questions on cPanel standards after version 124.0.29 / CloudLinux OS 9
Hello, need a few answers on the common practice / standards over security as my SB host recently upgraded server to CloudLinux OS 9 and cPanel 124.0.29, while not conducted CRM nor GDPR aspects of their activity and consequently exposed mine clients.
Prior upgrade that took place in the second half of the February i've had 2-FA set for all cPanel client accounts and also for the ftps. Then upon their upgrade, that i was timely informed about, the before 2-FA was not active and i was not told about it specifically while they mentioned in the email only in general terms that some services could malfunction on upgrade completed.
Then next few days i was checking, in the free time, for any culprits via ftp that i was required to allow ip as usual, and found that in addition to 2-FA inactive a new problem is that my country of residence and one neighboring country were added to allowed/white list - meaning no any form of 2-FA security even enabled.
I've contacted the host and they provided such explicit information. Yet as i'm wary of every present multiple factors of authentication as the modern standards, that such "comfort" for the host provider could be unacceptable in terms of web security particularly with the modern software and equipment.
Is there any official cPanel policy/regulation that could be in effect over the host company/license owner in regards to distribution to my as the client/user that could help to instruct them toward modern 2-FA for cPanel, ftp accessing security practice ?
-
Hey there! I'm honestly not sure what you're asking or trying to fix - what specifically are you looking to change in this scenario?
0 -
Hello, asking an information from community/support if there is cPanel Policy that, regulates as the standard basic/general functionalities - as those that are nowadays standard elsewhere online, even for the trivial accounts protection, so by having an documented reference, of/if, any such guarantee from cPanel(TM) Service could make argument of complaint to the current hosting company as the cPanel vendor/sub distributor.
In other words, to reclaim the 2 FA authentication* for the all cPanel/FTP connections as the compulsory regardless the IPs countries of origin. Btw., that* was the setup in-effect when i've subscribed to the hosting services, prior this year update of their server and cPanel.
0 -
Can you let me know on which specific page of WHM you are seeing those IPs whitelisted?
0
Please sign in to leave a comment.
Comments
3 comments