Administrator

SUMMARY cPanel, Inc. has released EasyApache 3.24.14 with Apache version 2.2.27. This release addresses Apache vulnerabilities CVE-2014-0098 and CVE-2013-6438, by fixing bugs in the mod_log_config and mod_dav modules. We encourage all Apache users to upgrade to Apache version 2.2.27. AFFECTED VERSIONS All versions of Apache version 2.2 before 2.2.27. SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2014-0098 – MEDIUM Apache 2.2.27 Fixed bug in the mod_log_config module related to CVE-2014-0098. CVE-2013-6438 – MEDIUM Apache 2.2.27 Fixed bug in the mod_dav module related to CVE-2013-6438. SOLUTION cPanel, Inc. has released EasyApache 3.24.14 with updated version of Apache version 2.4 to correct these issues. Unless you have disabled EasyApache updates, EasyApache will include the latest version of Apache automatically. Run EasyApache to rebuild your profile with the latest version of Apache. REFERENCES http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0098 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6438 http://httpd.apache.org/docs/trunk/new_features_2_2.html For the PGP-signed message, see EA3 CVE 3-24-14 signed. View the full article

cPanel TSR 2014-0003 Full Disclosure Case 85329 Summary Sensitive information disclosed via multiple log files. Security Rating cPanel has assigned a Security Level of Moderate to this vulnerability. Description Several log files on cPanel & WHM systems were created with default world-readable permissions. These log files include both sensitive internal data such as stack traces and less sensitive information about the existence of other accounts and domains on the system. Credits This issue was discovered by Rack911. Solution This issue is resolved in the following builds: 11.42.0.23 11.40.1.13 11.38.2.23 Case 86337 Summary Injection of arbitrary DNS zonefile contents via cPanel DNS zone editors. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The cPanel interface provides restricted interfaces for modifying aspects of the DNS zones that belong to a cPanel account. A malicious cPanel account could use crafted inputs to the simple and advanced DNS zone editor interfaces to rewrite parts of the zone files that they are normally restricted from editing. With some inputs, this could disclose the contents of sensitive files on the system. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.42.0.23 11.40.1.13 11.38.2.23 Case 86465 Summary Insufficient ACL checks in WHM Modify Account interface. Security Rating cPanel has assigned a Security Level of Moderate to this vulnerability. Description Within WHM’s “Modify Account” interface and associated xml-api commands, several settings for cPanel accounts could be altered with the “edit-account” reseller ACL rather than the more restrictive “all” ACL that is required in the dedicated interfaces for these settings. In particular, an account could be switched between the new and legacy backup systems, which should only be permissible by the root user. Credits This issue was discovered by Rack911. Solution This issue is resolved in the following builds: 11.42.0.23 11.40.1.13 11.38.2.23 Case 87205 Summary Open redirect vulnerability in FormMail-clone. Security Rating cPanel has assigned a Security Level of Minor to this vulnerability. Description cPanel & WHM servers include a clone of the classic FormMail.pl script. This clone includes the ability to redirect the browser after successful form submission to a URL included in the browser supplied parameters. These redirects are now restricted to HTTP and HTTPS locations that are on the server. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.42.0.23 11.40.1.13 11.38.2.23 Case 87873 Summary Multiple format string vulnerabilities in Cpanel::API::Fileman. Security Rating cPanel has assigned a Security Level of Moderate to this vulnerability. Description Error messages in Cpanel::API::Fileman were being generated using Locale::Maketext::maketext(). These errors were then added to a Cpanel::Result object using the error() method, which also performs maketext() interpolation on its inputs. With carefully crafted inputs, an authenticated attacker could utilize these format string flaws to execute arbitrary code using maketext() bracket notation. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.42.0.23 11.40.1.13 Case 88577 Summary Arbitrary file overwrite via trackupload parameter. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The trackupload functionality in cPanel & WHM’s default POST parameter and QUERY_STRING processor module allows a log file to be written and queried while a file upload is occurring. In some contexts, an authenticated attacker could make cpsrvd create the trackupload log file inside the user’s home directory while running with the effective UID of root. By combining this with a symlinked trackupload log file target, any file on the system could be overwritten. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.42.0.23 11.40.1.13 11.38.2.23 Case 88793 Summary External XML entity injection in WHM locale upload interface. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The XML parser used by WHM for XLIFF and dumper-format XML locale file uploads allowed the processing of external XML entities. This would permit resellers with the ‘locale-edit’ ACL to reference arbitrary files on the system as external entities in an XLIFF translation upload and retrieve the target file by downloading the translation. All external XML entity processing in the translation system handling of XML files, is now disabled. Credits This issue was discovered by Prajith from NdimensionZ Solutions Pvt Ltd Solution This issue is resolved in the following builds: 11.42.0.23 11.40.1.13 11.38.2.23 Case 88961 Summary Arbitrary code execution for ACL limited resellers via WHM Activate Remote Nameservers interface. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description Resellers with the ‘clustering’ ACL could send crafted parameters with newlines to the WHM /cgi/activate_remote_nameservers.cgi script and inject unsanitized values in the DNS clustering credential storage system. These unsanitized parameters could include code injections that would run with root’s effective UID or parameters intended to disclose root’s accesshash credentials to systems under the reseller’s control. Credits This issue was discovered by Rack911. Solution This issue is resolved in the following builds: 11.42.0.23 11.40.1.13 11.38.2.23 Case 89377 Summary Arbitrary code execution for ACL limited resellers via WHM objcache. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description A flaw in the hostname input sanitization of WHM’s objcache functionality could be used by malicious resellers with limited ACLs to download Template Toolkit code of their choosing into the WHM objcache storage system. The malicious Template Toolkit code would subsequently execute with EUID 0 during the processing of WHM News. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.42.0.23 11.40.1.13 11.38.2.23 Case 89733 Summary Injection of arbitrary data into cpuser configuration files via wwwacct. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The WHM /scripts5/wwwacct interface allowed arbitrary values to be set for the ‘owner’ parameter during new account creation by resellers with the ‘create-acct’ ACL. By supplying values with newlines, resellers could control all fields in the newly created account’s cpuser configuration file. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.42.0.23 11.40.1.13 11.38.2.23 Case 89789 Summary Arbitrary code execution for ACL limited resellers via batch API. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The WHM XML-API allows for multiple commands to be combined into one call via the ‘batch’ command. Some aspects of the execution environment for one command in a batch persisted in the execution of subsequent commands. By leveraging failures of a proceeding command, a malicious authenticated reseller could execute arbitrary code as the root user in subsequent commands in the batch. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.42.0.23 11.40.1.13 11.38.2.23 Case 90001 Summary Sensitive information disclosed via update-analysis tarballs. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The cPanel & WHM update-analysis system aggregates log files and system settings into a tarball that is sent to cPanel’s log processing servers. This opt-in service allows cPanel to detect trends in the errors that cPanel & WHM systems encounter. The tarballs generated by the update-analysis system are retained on the local file system, with 0644 permissions, inside a world-accessible directory and include copies of several sensitive log files. This allowed local users to view the sensitive data contained inside. Credits This issue was discovered by Rack911. Solution This issue is resolved in the following builds: 11.42.0.23 11.40.1.13 11.38.2.23 Case 90265 Summary Open mail relay via injection of FormMail-clone parameters. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description cPanel & WHM servers include a clone of the classic FormMail.pl script. Incorrect filtering of the ‘subject’ parameter supplied to this script allowed arbitrary mail headers to be injected into the email message. This flaw bypassed any recipient restrictions and allowed FormMail-clone to be used as an open mail relay. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.42.0.23 11.40.1.13 11.38.2.23 Case 91741 Summary Arbitrary code execution via backup excludes. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description Entries in a user’s cpbackup-exclude.conf file are evaluated in an unsafe manner during the nightly account backup process. By carefully crafting these entries, a malicious local account could execute arbitrary code as the root user during nightly backups under some circumstances. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.42.0.23 11.40.1.13 11.38.2.23 Case 92449 Summary User .my.cnf files set to world readable during upcp. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The script ‘/scripts/fixmysqlpasswordopt’ is run one time by upcp during an upgrade from cPanel & WHM version 11.38 to version 11.40. This script was intended to convert user’s .my.cnf files to use formatting required with MySQL5.5. During the conversion, the permissions on some user’s .my.cnf files could be changed to world-readable. In combination with other common attacks, this could disclose the user’s MySQL password to other accounts on the system. Credits This issue was discovered by Curtis Wood. Solution This issue is resolved in the following builds: 11.42.0.23 11.40.1.13 Case 92489 Summary SSH private key disclosure during key import process. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description When the ‘extract_public’ option is specified to the ‘importsshkey’ WHM XML-API call, the provided private key was written to a world-readable temporary file. This allowed any user on the system to read the uploaded key. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.42.0.23 11.40.1.13 11.38.2.23 Case 94201 Summary Insufficient validation allows password reset of arbitrary users. Security Rating cPanel has assigned a Security Level of Critical to this vulnerability. Description cPanel & WHM systems contain optional functionality that allows cPanel accounts to reset their passwords from the cPanel login screen. When a user requests a password reset in this fashion, an email is sent to the user’s configured email address. The user must then navigate to a URL provided in the email to perform the password reset. A flaw in the validation of the ‘user’ parameter to the password reset interface allowed unauthenticated remote attackers to reset an account’s password and cause the reset email to be delivered to an email address of the attacker’s choosing. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.42.0.23 11.40.1.13 11.38.2.23 Multiple Cases (30) Summary Multiple XSS vulnerabilities in various interfaces. Description Output filtering errors in several different interfaces allowed JavaScript inputs to be returned to the browser without proper filtering. The affected interfaces are listed below. Case: 88465 Security Rating: Minor XSS Type: Self Interface: WHM URLs: /scripts9/upload_locale Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: Ernesto Martin Case: 88469 Security Rating: Minor XSS Type: Self-stored Interface: WHM URLs: /scripts/backupconfig Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: Ernesto Martin Case: 88473 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /fetchsystembranding, /fetchglobalbranding, /fetchyoursbranding Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: Ernesto Martin Case: 90213 Security Rating: Minor XSS Type: Self Interface: WHM URLs: /scripts/passwdmysql Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 90225 Security Rating: Minor XSS Type: Self Interface: WHM URLs: /cgi/CloudLinux.cgi Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 90249 Security Rating: Minor XSS Type: Self Interface: WHM URLs: /cgi/live_restart_xferlog_tail.cgi Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 90257 Security Rating: Minor XSS Type: Self Interface: WHM URLs: /scripts/dorootmail Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 90261 Security Rating: Important XSS Type: Stored Interface: WHM URLs: /cgi/sshcheck.cgi Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 90289 Security Rating: Minor XSS Type: Self Interface: WHM URLs: /cgi/zoneeditor.cgi Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 90753 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/mail/delegatelist.html, /frontend/paper_lantern/mail/delegatelist.html Affected Releases: 11.42.0, 11.40.1 Reporter: Mateusz Goik Case: 90765 Security Rating: Minor XSS Type: Self-stored Interface: cPanel URLs: /frontend/x3/mime/hotlink.html, /frontend/paper_lantern/mime/hotlink.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: Mateusz Goik Case: 90769 Security Rating: Minor XSS Type: Self-stored Interface: cPanel URLs: /frontend/x3/webdav/accounts_webdav.html, /frontend/paper_lantern/webdav/accounts_webdav.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: Mateusz Goik Case: 90781 Security Rating: Minor XSS Type: Self-stored Interface: cPanel URLs: /frontend/x3/mime/redirect.html, /frontend/paper_lantern/mime/redirect.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: Mateusz Goik Case: 90817 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/filemanager/listfmfiles.json, /frontend/paper_lantern/filemanager/listfmfiles.json Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: Mateusz Goik Case: 90969 Security Rating: Important XSS Type: Stored Interface: WHM URLs: /cgi/cpaddons_report.pl Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: Rack911 Case: 91457 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/test.php, /frontend/paper_lantern/test.php Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 91461 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/cgi/doupload.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 91633 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /fetchemailarchive Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 91677 Security Rating: Minor XSS Type: Self-stored Interface: cPanel URLs: /frontend/x3/cpanelpro/filelist-scale.html, /frontend/paper_lantern/cpanelpro/filelist-scale.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 91681 Security Rating: Minor XSS Type: Self-stored Interface: cPanel URLs: /frontend/x3/cpanelpro/filelist-thumbs.html, /frontend/paper_lantern/cpanelpro/filelist-thumbs.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 91717 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/cpanelpro/changestatus.html, /frontend/paper_lantern/cpanelpro/editmsgs.html, /frontend/paper_lantern/cpanelpro/msgaction.html, /frontend/paper_lantern/cpanelpro/saveconf.html, /frontend/paper_lantern/mail/changestatus.html, /frontend/paper_lantern/mail/conf.html, /frontend/paper_lantern/mail/editlists.html, /frontend/paper_lantern/mail/editmsg.html, /frontend/paper_lantern/mail/manage.html, /frontend/paper_lantern/mail/queuesearch.htm, /frontend/paper_lantern/mail/resetmsg.html(acount), /frontend/paper_lantern/mail/saveconf.html, /frontend/paper_lantern/mail/showlog.html, /frontend/paper_lantern/mail/showmsg.htm, /frontend/paper_lantern/mail/showq.html, /frontend/x3/cpanelpro/changestatus.html, /frontend/x3/cpanelpro/editlists.html, /frontend/x3/cpanelpro/editmsgs.html, /frontend/x3/cpanelpro/msgaction.html, /frontend/x3/cpanelpro/saveconf.html, /frontend/x3/mail/changestatus.html, /frontend/x3/mail/conf.html, /frontend/x3/mail/editlists.html, /frontend/x3/mail/editmsg.html, /frontend/x3/mail/manage.html, /frontend/x3/mail/queuesearch.html, /frontend/x3/mail/resetmsg.html, /frontend/x3/mail/saveconf.html, /frontend/x3/mail/showlog.html, /frontend/x3/mail/showmsg.html, /frontend/x3/mail/showq.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 91973 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/cpanelpro/doscale.html, /frontend/paper_lantern/cpanelpro/doscale.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 91977 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/cpanelpro/doconvert.html, /frontend/paper_lantern/cpanelpro/doconvert.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 91981 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/cpanelpro/dothumbdir.html, /frontend/paper_lantern/cpanelpro/dothumbdir.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 92133 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/telnet/keys/dodelpkey.html, /frontend/paper_lantern/telnet/keys/dodelpkey.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 92157 Security Rating: Important XSS Type: Stored Interface: WHM URLs: /scripts/installfp, /scripts/uninstallfp Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 92421 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/mail/ajax_mail_settings.html, /frontend/paper_lantern/mail/ajax_mail_settings.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 92593 Security Rating: Moderate XSS Type: Reflected Interface: cPanel URLs: /cgi-sys/entropysearch.cgi Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 92829 Security Rating: Minor XSS Type: Self Interface: WHM URLs: /cgi-sys/defaultwebpage.cgi Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: Shahee Mirza Case: 93089 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/mime/delredirectconfirm.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team cPanel includes a comprehensive protection mechanism against XSS and XSRF attacks called Security Tokens. Security Tokens protection is enabled by default in all installs of cPanel & WHM. When Security Tokens protection is enabled, an attacker intending to utilize any self-XSS vulnerabilities must convince the victim to navigate their browser to the appropriate cPanel or WHM interface and manually input the JavaScript payload. Credits These issues were discovered by the respective reporters listed above. Solution These issues are resolved in the following builds: 11.42.0.23 11.40.1.13 11.38.2.23 For the PGP signed message, please go to: http://cpanel.net/wp-content/uploads/2014/03/TSR-2014-0003-Full-Disclosure1.txt View the full article

cPanel & WHM software version 11.38 will reach End of Life at the end of April 2014. In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.38 will continue functioning on servers after reaching EOL. However, no further updates, such as security fixes and installations, will be provided for 11.38 once it reaches its EOL date. We recommend that all customers migrate any existing installations of cPanel & WHM 11.38 to a newer version (either 11.40 or 11.42). If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at http://go.cpanel.net/blockers), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more. About cPanel, Inc. Since 1997, cPanel, Inc. has been a leading innovator and developer of control panel software for the web hosting industry. cPanel builds software that allows web host professionals to transform standalone servers into fully automated, point-and-click web hosting platforms. cPanel-licensed software allows server and website owners, along with resellers and developers, to optimize their technical resources and replace tedious shell-oriented tasks with dynamic, intuitive web-based interfaces. For more information, visit http://cpanel.net. For the PGP-signed message, see 11.38 30 day notice-signed. View the full article

Effective moderation features are essential for online communities. Forums, blog entries and member-to-member messaging are particularly attractive for spam bots and nuisance users alike. IPS Social Suite has always been best in class when it comes to moderation features with features like the free IPS Spam Service that are completely unmatched by other web applications. Over this series of 5 blog entries I'm going to introduce you to some of the new moderation features in the IPS Community Suite 4.0. Part 1: Setting up moderators Part 2: Approval Queue Part 3: Reports Part 4: Effective Moderation Part 5: Warnings Multi-moderation It's really important that moderators can quickly take action against undesirable content without spending too much time or effort. If your community is the victim of a spam attack, or perhaps even just an over-enthusiastic poster, you want to be able to hide, lock, move, merge and delete content quickly. Throughout the entire suite, whenever you content (be that topics in IP.Board, files in IP.Downloads or even comments on a particular file in IP.Downloads or anything else you can think of), as a moderator, when you move your mouse over it, you will see a checkbox, and at the top of the list, you have controls to quickly select particular items: As you can see, in addition to checking individual items or all items, quick options are available for me to select all hidden, unapproved, pinned, locked or featured items, or even the items that I personally have read or not read. After selecting one or more items, you will see a menu appear at the bottom: This menu is incredibly smart. It automatically shows you options available based on the type of item you're looking at and the specific items you've selected. For example, here in IP.Downloads I see the options (from left-to-right): feature, pin, hide, lock move and delete (if you hover over any of the buttons a tooltip will show you what it is). If, I'm in IP.Board instead, I see a slightly different bar: Here, I have two new options: merge and Saved Actions (the new name for the IP.Board "Multimod" feature which allows you to define specific actions to do multiple moderator actions quickly). Also, it takes into consideration the specific items I've selected - if I select items which are not currently hidden, there is the "hide" button - if I select items which are currently hidden, there is the "unhide" button - and if I select a mix of both, I see both buttons. After clicking a button, the action is performed on all items and I'm taken back to the screen. Here's a short video demonstration of this in action: Quick editing Editing posts and comments is something moderators do on a daily basis. We already have quick reply (where when making a post or comment, it appears using AJAX without a page reload) and now in 4.0, we have quick edit too. When you click edit, the post/comment immediately changes into an editor: And when you click save, the editor disappears and is replaced by the new content. Here's a short video demonstration of this in action: Attached Thumbnails View the full article View the full article

Different staff members typically have different roles within a community - especially larger communities, where you may have staff responsible for the theme, others handling tickets and different staff maintaining the system. In 3.x, we had a 'Bookmarks' system in the AdminCP that allowed you to create a menu of frequently-used sections in an effort to make them easier to get to, rather than navigating the main menus. As with every feature in IPS4, we took some time to think about what this Bookmark feature aimed to achieve, and whether it was the best way to achieve it (seriously - we have considered everything you'll see in IPS4 very carefully; nothing gets a free pass). We determined through speaking to administrators that the primary use of this feature was actually to get to one place quickly - whatever place that might be. It appeared to be rarely used as an actual bookmarks menu, and besides, duplicating browser functionality should always send up a red flag. We decided to rethink the idea. What we decided to do instead is allow AdminCP menus, both primary and secondary, to be reordered on a per-admin basis. This means each admin can set the AdminCP menu up however works best for themselves. If you use the theme system a lot, you can make that your first menu item. Or, if you use the ticket system in Nexus, you can put that first. Here's how it works: Attached Thumbnails View the full article View the full article

cPanel TSR-2014-0003 Notice of Delay in Disclosure Based on customer feedback, cPanel is extending the time frame between our initial announcement of a Targeted Security Release (TSR) and the disclosure of full details about the contents of the TSR to one week. This change will apply to TSR-2014-0003 and all future cPanel TSRs. Full details about the contents of TSR-2014-0003 will be released on 31 March 2014. For the PGP signed message, please go to: http://cpanel.net/wp-content/uploads/2014/03/TSR-2014-0003-Delay.txt View the full article

<p><strong>cPanel TSR-2014-0003 Announcement</strong></p> <p>cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.</p> <p>cPanel has rated these updates as having security impact levels ranging from Minor to Critical.</p> <p>Information on cPanel’s security ratings is available at http://go.cpanel.net/securitylevels.</p> <p>If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.</p> <p><strong>RELEASES</strong></p> <p>The following cPanel & WHM versions address all known vulnerabilities:</p> <p>* 11.42.0.23 & Greater<br />* 11.40.1.13 & Greater<br />* 11.38.2.23 & Greater</p> <p>The latest public releases of cPanel & WHM for all update tiers are available at http://httpupdate.cpanel.net.</p> <p><strong>SECURITY ISSUE INFORMATION</strong></p> <p>The cPanel security team and independent security researchers identified the resolved security issues. There is no reason to believe that these vulnerabilities have been made known to the public. As such, cPanel will only release limited information about the vulnerabilities at this time.</p> <p>Once sufficient time has passed, allowing cPanel & WHM systems to automatically update to the new versions, cPanel will release additional information about the nature of the security issues. This Targeted Security Release addresses 47 vulnerabilities in cPanel & WHM software versions 11.42, 11.40, and 11.38.</p> <p>Additional information is scheduled for release on March 26th, 2014.</p> <p>For information on cPanel & WHM Versions and the Release Process, read our documentation at:</p> <p>http://go.cpanel.net/versionformat</p> <p>For the PGP signed message, please go to: <a href="http://cpanel.net/wp-content/uploads/2014/03/TSR-2014-0003-Accouncement.txt" title="http://cpanel.net/wp-content/uploads/2014/03/TSR-2014-0003-Accouncement.txt" target="_blank">http://cpanel.net/wp-content/uploads/2014/03/TSR-2014-0003-Accouncement.txt</a></p> View the full article

One of the goals for IPS Community Suite 4.0 was improving content discovery. In other words, making sure content still receives exposure even if it is posted in less used areas of the suite. The sidebar that shows on the IP.Board index page in 3.x helps with this goal to some extent, however people who visit the forums app infrequently may miss out on valuable content. This became an even more important issue when the decision was made to decouple IP.Board as a standalone application. What if the focus of your site is Gallery or what if IP.Board is not even enabled for example? Our solution was to extend the sidebar across all applications as shown below in IP.Downloads. You may notice from the screenshot that the announcements block is not specific to the downloads application. Any block can show in any application and they are configurable using moderator permissions. This immediately addresses the issue of content discovery. While the sidebar is now global in 4.0, it is important to note that individual areas can enable and disable the sidebar if necessary. Some areas of the suite simply require more room in order to display ideally, so the sidebar is disabled in these cases (e.g. the calendar "monthly" view needs a full page table grid to display in its ideal format). Further, you can configure sidebars differently for different areas of the suite in context-sensitive manner. You may show a recent topics block in the IP.Board application, for instance, while showing a recent files block in IP.Downloads. Or you can show both blocks in both areas - the choice is yours. Many areas of the suite have specific things they wish to automatically show in the sidebar and will do so. This is determined at a programmatic level and is not something that can be shut off. For instance, in IP.Downloads the primary screenshot and the download button show in the sidebar, while in IP.Calendar a map and a button to download an event show. Each application has the ability to output arbitrary content to the top of the sidebar where-ever necessary. It is also worth noting that advertisements have the inherent ability to display in the sidebar site-wide as well. Editing Editing is carried out inline from the front-end, rather than the ACP, and can be customized based on the application, module or individual view. The technicalities of this are beyond the scope of this blog entry but what this means in practice is that you can vary what is shown in the sidebar for each individual area of your site. Ordering of the blocks is of course fully supported using a simple drag and drop interface, and some sidebars additionally have configuration options available to them as needed. Here is a video demonstration of how editing the sidebar works in IPS Community Suite 4.0. Caching With this approach it was important that performance was not compromised and for that reason sidebar blocks support varying degrees of output caching. The active users block which must always be kept up to date utilizes no caching, a more general block showing overall statistics is cached for all users at once and other blocks that rely on permissions are cached for each user group combination. The level of caching used is determined by the developer when writing the block so, while it is important to mention that this performance aspect has been considered, it is something that is transparent to end users and admins in day to day use. Summary Community integration is a key strength of the IPS platform and the new sidebar in version 4 expands on this even further allowing you to share content across all areas effectively. Attached Thumbnails View the full article View the full article

SUMMARY cPanel, Inc. has released EasyApache 3.24.13 with Apache version 2.4.9. This release addresses Apache vulnerabilities CVE-2014-0098 and CVE-2013-6438, by fixing bugs in the mod_log_config and mod_dav modules. We encourage all Apache users to upgrade to Apache version 2.4.9. AFFECTED VERSIONS All versions of Apache version 2.4 before 2.4.9. SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2014-0098 – MEDIUM Apache 2.4.9 Fixed bug in the mod_log_config module related to CVE-2014-0098. CVE-2013-6438 – MEDIUM Apache 2.4.9 Fixed bug in the mod_dav module related to CVE-2013-6438. SOLUTION cPanel, Inc. has released EasyApache 3.24.13 with updated version of Apache version 2.4 to correct these issues. Unless you have disabled EasyApache updates, EasyApache will include the latest version of Apache automatically. Run EasyApache to rebuild your profile with the latest version of Apache. REFERENCES http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0098 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6438 http://httpd.apache.org/docs/trunk/new_features_2_4.html For the PGP-signed message, see EA3 CVE 3-24-13-signed. View the full article

IP.Calendar has supported an RSVP system for events for the last several versions, and this has been a well received addition to Calendar. Where allowed, users can request RSVP for events submitted to the calendar, and where allowed, other users can RSVP (and subsequently un-RSVP) for these events. This functionality is useful for real-world events being coordinated through your site to help event organizers know who will attend. Some minor but useful enhancements have been made to the RSVP functionality in calendar for 4.0. RSVP Limits Often times, you may only have a limited number of spots available for an event. You may only be able to accommodate 10 users or 20 users at an event, and you typically will know this up front. Subsequently, it makes sense to limit the number of users who can RSVP for a given event in such scenarios. To this end, event submitters can now limit the number of RSVP responses allowed on a per-event basis. If you know only 10 users can be accommodated at an event, you may now specify this up front. Yes? No? Maybe? While being able to RSVP for an event is useful, many users online are familiar with other attendance systems that allow you to specify yes, no or maybe when RSVP support is available. In other words, instead of simply allowing you to say "yes I'm coming", sometimes it is just as useful to allow users to specify they are not coming, or that they might attend (in which case the organizer may plan to have extra food available, for example). The 4.0 Calendar will now support yes/no/maybe responses when RSVP is requested for an event. One caveat to mention - when an upper RSVP limit has been specified, the "Maybe" option is not available. A gray area becomes apparent when there is a limit to the number of attendees allowed for an event and users begin to RSVP as "maybe". Does that fill up a spot? If not, what if they decide to come after all? It is much clearer for all involved to simply limit responses to yes or no when there is an attendee limit specified for an event. When you have RSVP'd for an event, you will be presented with the option to leave the event in case you change your mind. Download guest list When RSVP has been enabled for an event, anyone who can see the list of attendees will be able to download a guest list in PDF format. This is especially useful for the event organizer in case they need to print out the guest list to bring with them to the event. RSVP for imported events When you configure iCalendar feed imports in the admin control panel, you will now be able to enable or disable RSVP status for events from the feed. As the administrator, you had no control over whether events imported from a feed had RSVP enabled or not in previous versions of Calendar. As of 4.0, you can specify whether to enable or disable RSVP for imported events on a per-feed basis. As with 3.x, events exported through iCalendar feeds will include the attendee list with them. When events are imported through an iCalendar feed, if an attendee is specified (through the iCalendar specification) and that attendee is also a member of your site (based on their email address), the member on your site will automatically be set as RSVP'd for the event. We believe these several minor but useful enhancements to the RSVP capabilities in Calendar will make the feature more useful in real world usage scenarios, and will allow you and your event coordinators to get more out of Calendar than ever before. Attached Thumbnails View the full article View the full article

59AA734C-6953-6BC8-DBE7-000025E469C7

3/17/2014 Houston, TX - cPanel, Inc. is thrilled to release cPanel & WHM software version 11.42, which is now available in the STABLE tier. cPanel & WHM version 11.42 offers a brand new theme, an upgrade to Horde Groupware Webmail, and more. Paper Lantern Theme As part of 11.42, cPanel & WHM introduces Paper Lantern, a modern, powerful theme. With its simplified design, beautiful icon set, and thoughtful feature names, this edition of Paper Lantern is only the beginning. Horde Groupware Webmail Upgrade cPanel & WHM now uses Horde Groupware Webmail Edition 5.1. This upgrade provides a simple webmail application for all users, regardless of experience level. Detailed information on all cPanel & WHM version 11.42 features can be found at https://documentation.cpanel.net.* An overview of the latest features and benefits is also available at http://releases.cpanel.net. To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the “Security Advisories and Product Release Announcements” mailing list here: http://cpanel.net/mailing-lists. *Please note the updated URL for cPanel & WHM Documentation. View the full article

IP.Calendar allows your users to schedule and share events through a centralized community calendar and supports many features that allow your community to coordinate, organize and interact with each other through the calendar. For instance, event organizers can request RSVP for events in order to note who will be attending before hand, and you can allow commenting on events submitted through IP.Calendar to allow users to share their thoughts about an event. The latest version of IP.Calendar will see some minor yet useful enhancements that will allow you and your community to make better use of IP.Calendar in a more social manner than ever before. Location support Users will be able to specify a physical location (i.e. an address) when submitting an event to the calendar in the 4.0 Community Suite calendar application. When an address is specified and Google Maps integration is enabled in the admin control panel, a map will be presented when viewing the event that allows users to see where the event will be taking place. Clicking on the map will take you to Google maps, allowing you to get directions to the event or otherwise find out more information about the location. The event location, when available, will also be included in iCalendar exports using the GEO property supported by the specification. This means when sharing your calendar events with another application that supports iCalendar imports (and supports the "GEO" property), your event location will be available in those applications as well. Downloading individual events In previous versions of the calendar, you were able to download an iCalendar export of an entire calendar on the site, but you were unable to download an individual event as an iCalendar export. The 4.0 Community Suite calendar application will now allow you to download individual events, as seen by the "Download Event" button in the previous screenshot. Users can download individual events and import them into supported calendar applications if they desire. Events are downloaded with an ".ics" extension, which is supported by Windows Calendar, Apple Calendar, Google Calendar, Outlook, Mozilla Lightning and pretty much every other calendar application available. Cover photo Another small yet useful enhancement in the next version of Calendar is the ability to upload a cover photo with your events. You may now, optionally, upload a cover photo image with your events which will be displayed as a background image in the event header. Please keep in mind that these are early screenshots and the interface is very much subject to change, however you can get an idea from this screenshot how you might end up specifying a cover photo for an event to give it some unique visual differentiation to stand out. Attached Thumbnails View the full article View the full article

Effective moderation features are essential for online communities. Forums, blog entries and member-to-member messaging are particularly attractive for spam bots and nuisance users alike. IPS Social Suite has always been best in class when it comes to moderation features with features like the free IPS Spam Service that are completely unmatched by other web applications. Over this series of 5 blog entries I'm going to introduce you to some of the new moderation features in the IPS Community Suite 4.0. Part 1: Setting up moderators Part 2: Approval Queue Part 3: Reports Part 4: Effective Moderation Part 5: Warnings Back in IP.Board 3.0, we introduced a feature which at the time we called the "Report Center". Before this, if a user clicked the "Report" button, it would send a personal message to all the moderators for the forum the post was in (seriously). The Report Center was one of my favourite features in IP.Board 3.0 - it provided a great way for moderators to collaborate on reports and know the action that was taken. For 4.0 - we wanted to make this even more useful. We had 2 goals: It should be easy to set up and use. It currently has lots of configuration options dotted around the Admin CP and can feel a little confusing ("statuses" have "points" which leads to different coloured "flags" on reports) - it should be much easier for moderators to see what's important. When viewing the report itself, moderators should be able to see all the information they need immediately, and take action, without leaving the screen, making it quick and painless to deal with reports. The first part was making it easy for users to submit reports (if submitting a report is difficult or time-consuming, users won't do it, which defeats the point of having the feature). We've made it so when clicking the "Report offensive content" button next to posts, comments, messages, etc. a modal window will pop up - here the user can optionally fill in a reason for their submitting the report, and when submitting, the modal window just disappears, with no page reload, so the user is not interrupted from what they're doing. Video Demonstration Next we wanted to improve how moderators deal with reports - here's a screenshot of the report screen: Right from this page I can: See the content that was reported - I don't have to click anywhere to view it (naturally, I can click on the title to be taken to the actual content if I want to see it in context). Edit or delete the content. If I do this, it will do it via AJAX, without me ever leaving the page. Video Demonstration See any warnings that have been given in the past to the user who posted the content being reported, and issue them with a warning (which will be issued without me leaving the page). Flag the member as a spammer, which will automatically take all the appropriate action for that, depending on how I've set it up in the Admin CP. See who has reported this content, and the message they provided with the report. By hovering on their photo I will see their hover card which allows me to send them a message (which will be sent without me leaving the page). See any comments on the report from other moderators and make a comment on the report - comments are submitted by AJAX so I can make a comment quickly. Change the status of or delete a report. Move to the next/previous reports pending. Attached Thumbnails View the full article View the full article

SUMMARY cPanel, Inc. has released EasyApache 3.24.12 with PHP versions 5.5.10 and 5.4.26. This release addresses PHP vulnerabilities CVE-2014-1943, CVE-2014-2270, and CVE-2013-7327 by fixing bugs in the Fileinfo and GD modules. We encourage all PHP users to upgrade to PHP versions 5.5.10 and 5.4.26. AFFECTED VERSIONS All versions of PHP 5.4 before 5.4.26. All versions of PHP 5.5 before 5.5.10. SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2014-1943 – MEDIUM PHP 5.4.26 Fixed bug in the Fileinfo module related to CVE-2014-1943. PHP 5.5.10 Fixed bug in the Fileinfo module related to CVE-2014-1943. CVE-2014-2270 – MEDIUM PHP 5.4.26 Fixed bug in the Fileinfo module related to CVE-2014-2270. PHP 5.5.10 Fixed bug in the Fileinfo module related to CVE-2014-2270. CVE-2013-7327 – MEDIUM PHP 5.5.10 Fixed bug in the GD module related to CVE-2013-7327. SOLUTION cPanel, Inc. has released EasyApache 3.24.12 with updated versions of PHP 5.4 and 5.5 to correct these issues. Unless you have disabled EasyApache updates, EasyApache will include the latest versions of PHP automatically. Run EasyApache to rebuild your profile with the latest version of PHP. REFERENCES http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2270 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7327 http://www.php.net/ChangeLog-5.php#5.5.10 http://www.php.net/ChangeLog-5.php#5.4.26 For the PGP-signed message, see EA3-CVE-3-24-12-signed. View the full article

IP.Calendar has a few primary important views: the monthly grid view (i.e. a typical calendar table), the weekly view which lists a calendar week and any events occurring during that week, a daily view which lists all events occurring on a given day, and the actual event views where you view details about a specific event. All of these views have their usefulness, however we felt that there was a missing piece to the puzzle. During planning meetings we discussed adding a popular feature request known as an agenda view, which basically lists all events between a given time period (or from a given date forward) and while we liked the idea, we felt we could accomplish the end goal while taking the interface a step further. The calendar stream The new "stream" view is what it sounds like - a stream of calendar events listed in order of date, from oldest to newest. This calendar view is based upon a given month and will show all events occurring within that month (including recurring events). You can view the calendar stream for each month individually if you wish, just like you would view the calendar "month" view. The events are displayed as small blocks of event data. This is a general idea of what the stream looks like As you can see, events are listed from oldest to newest in a "stream", i.e. a grid of blocks showing event details. The stream is an option for end users to choose from, and the admin can set it as the default viewing method for Calendar if they wish. Conclusion We believe this new stream will accomplish the same end goal an agenda view is designed to accomplish, but in a more robust and stylish manner. We look forward to your feedback on this new enhancement to the calendar product. Attached Thumbnails View the full article View the full article

We are releasing patches for IP.Board 3.3.x and IP.Board 3.4.x to address three cross site scripting issues recently reported to us. IP.Board takes precaution against cross site scripting issues by ensuring sensitive forms and buttons have a unique key in them and also by ensuring that sensitive cookie data is not readable by JavaScript. However, we feel that it is in our clients' best interest to have these issues resolved. To apply the patch Simply download the attached zip for your IP.Board version and upload the files to your forum server. You do not need to run any scripts or the upgrade system. IP.Board 3.3.x ipb_33_patch.zip 27.44KB 110 downloads IP.Board 3.4.x ipb_34_patch.zip 28.17KB 1014 downloads If you are an IPS Community in the Cloud client running IP.Board 3.3 or above, no further action is necessary as we have already automatically patched your account. If you are using a version older than IP.Board 3.3, you should contact support to upgrade. If you install or upgrade to IP.Board 3.4.6 after the date and time of this post, no further action is necessary as we have already updated the main download zips. We extend our thanks to Piotr Smaza ( https://twitter.com/evil_xorb ) for notifying us of these issues. View the full article

Since the release of EasyApache 3.24.11, you may have noticed a variation of the following warning message when starting EasyApache: Your server is currently on cPanel & WHM version 11.36.2.12. This version of cPanel & WHM has reached End of Life. cPanel & WHM version 11.36.2.12 will continue to receive updates to EasyApache for 90 days after February 10, 2014. To receive EasyApache updates after May 11, 2014, you must update the cPanel & WHM version on this server. For more information on how to upgrade cPanel & WHM, visit upgrade cPanel and WHM version. If you receive this warning message, then your server is running a version of cPanel & WHM that has reached End of Life (EOL)*. We will continue to provide EasyApache updates for EOL versions of cPanel & WHM until May 11, 2014. However, we strongly encourage users running EOL versions of cPanel & WHM to upgrade before this date. If your server runs an EOL version of cPanel & WHM after May 11, 2014, then the functionality of EasyApache will change in the following ways: Your server will no longer receive EasyApache updates, which include Apache and security patches. You will no longer be able to update or change components within EasyApache. You will only be able to rebuild the last successful profile. For example, after May 11, 2014, a server running cPanel & WHM version 11.36 and Apache version 2.2 will not be able to rebuild EasyApache with Apache version 2.4. Even minor version updates will not be possible after this date. For instance, an update from PHP 5.4.24 to 5.4.25. These changes to EasyApache functionality will allow the EasyApache development team to provide you with the following improvements: Quicker EasyApache release cycles More feature development More bug fixes Fewer EasyApache security issues related to the support of out-of-date software For more information on the cPanel & WHM upgrade process, visit Upgrade to Latest Version. You can also follow the EasyApache development team’s progress on the upcoming Optimized Profiles feature via the EasyApache forums and cPanel Blog. *On February 28, 2014, cPanel & WHM versions 11.36 and earlier reached EOL. In April 2014, cPanel & WHM version 11.38 will also reach EOL. View the full article

http://community.invisionpower.com/resources/articles.html/_/ipboard-3x/tips-and-tricks/setting-up-sphinx-with-ipb3-r358

Warning: Some steps of this document are intended for advanced users, require root access to your web-server (which in turn requires that you have a web-server with root access, usually reserved for dedicated hosting or vps hosting), and should not be attempted if you are not sure of what you are doing. Introduction IP.Board 3.x provides full out-of-the-box support to utilize Sphinx for fulltext searching of content on your site. That said, it is still your responsibility to install and configure Sphinx, so this article will help you do just that so that you can use Sphinx for searching content within IP.Board 3.x. Please be advised that applications must define a sphinx template in order for the content to be searchable. If you install a third party application that does not properly define a sphinx template file, it will not be searchable through Sphinx. Installing Sphinx The first thing you must do is install Sphinx itself. Sphinx is a third party search engine available at http://sphinxsearch.com . The documentation on their site explains how to install sphinx, but below you will find the general commands you will need to run. Login to your webserver as root. If you do not have root access to your webserver, contact your host for assistance. Change directory to a temp directory and download sphinx. Untar the package afterwards, and move into the untarred Sphinx directory. cd /tmp wget http://sphinxsearch.com/downloads/sphinx-0.9.8.1.tar.gz tar xzvf sphinx-0.9.8.1.tar.gz cd sphinx-0.9.8.1 Next you need to configure, make and make install the package ./configure make make install If you get an error at any of these steps, stop and correct it. For instance, if Sphinx cannot find your mysql binaries, you can tell it where they are by passing "--with-mysql (path)" to the ./configure command. Once this is done, Sphinx is installed and ready to be used (though there is still more work to do). You will need to copy the api/sphinxapi.php file provided in the Sphinx download to your forum root directory cp api/sphinxapi.php /path/to/forums/here Next, you should create the directories that Sphinx will store it's log files and index files in. The suggested directory is /var/sphinx, however you can create the directory anywhere you wish. Just remember where you put it. mkdir -p /var/sphinx/log Configuring IPB Now, login to your IPB admin control panel. Visit System -> System Settings -> Search Set-Up. Change "Type of search" to "Sphinx" in the dropdown, and configure the Sphinx settings appropriately. In most cases, you do not need to change any of the sphinx settings, however if you created a directory other than /var/sphinx, or if you are installing Sphinx on your MySQL server in a multi-server setup, you will need to adjust these appropriately. Save the settings. Visit System -> Manage Applications & Modules next, and click on Build Sphinx Config. You will be presented with a downloadable copy of sphinx.conf. Download this file, and then upload it to your server (the exact location is unimportant, but remember where you put it). Creating the index and starting the search daemon Back in shell, you need to index your searchable content. This is an expensive task, however even with very large databases (4+ million posts or more) this does not take a very long time. Run the following command, replacing the path to the sphinx.conf file appropriately /usr/local/bin/indexer --config /path/to/sphinx.conf --all Once this is done, you need to start the search daemon. /usr/local/bin/searchd --config /path/to/sphinx.conf And once the search daemon is running, you should be able to use the search feature on your site, now using sphinx for it's backend searching. Go give your search function a quick test to make sure everything is working before proceeding further (note that "View new content", "Active posts", and "Find posts/topics by member" still make use of internal searching and do not use Sphinx in 3.0.0 - so you need to perform an actual search for a keyword to test this). Final "tweaks" There are two more steps you need to do. First, you need to create two cron jobs to rebuild the indexes at intervals. One cron job will rebuild the "delta" index (only including new content) every 15 minutes. This task only grabs new content, so it is not overly resource-heavy. The second task will rebuild the entire index once a day (to ensure edited posts and so forth are re-indexed properly), and since it has to rebuild the entire index should be scheduled for a time period that your server is least busy (e.g. 4 AM). crontab -e */15 * * * * /usr/local/bin/indexer --config /path/to/sphinx.conf core_search_delta members_search_delta forums_search_posts_delta --rotate 0 4 * * * /usr/local/bin/indexer --config /path/to/sphinx.conf --all --rotate Again, remember to replace the path to the sphinx configuration file appropriately. Also, you will note in the first cron job added that we have to specify which indexes we want to rebuild (only the _delta indexes). There should be one index for each application installed that supports Sphinx (except for the "forums" application, which has 2). Thus, if you install Calendar, Blog, Gallery and Downloads you should change the cron job like so */15 * * * * /usr/local/bin/indexer --config /path/to/sphinx.conf core_search_delta members_search_delta forums_search_posts_delta forums_search_topics_delta calendar_search_delta downloads_search_delta blog_search_delta gallery_search_delta --rotate If you omit one, it will simply mean that new content won't be added to the index until the full search index is rebuilt at 4 AM. If in doubt, just search the sphinx.conf file you have downloaded for "_delta" and note all of the indexes you find that have this suffix. Finally, in case you restart your server, you want to make sure that Sphinx is started back up when the server starts. The method of doing this will vary from system to system, so contact your system administrator if you are unsure. We generally use on CentOS the following: nano /etc/init.d/rc.local and add to the file rm -f /var/sphinx/*.spl /usr/local/bin/searchd --config /path/to/sphinx.conf This will remove any lingering lock files that may have been left and restart Sphinx. Adjust the paths as appropriate. Conclusion Sphinx is an excellent search engine and can reduce resource usage on your servers when setup and in use. You will need some commandline/Linux technical knowledge to do so, but once it's setup you shouldn't have to make many changes to it (only when you install new applications and want them to be searchable). We hope this article provides the information necessary to setup and use Sphinx with IP.Board 3.0.

Effective moderation features are essential for online communities. Forums, blog entries and member-to-member messaging are particularly attractive for spam bots and nuisance users alike. IPS Social Suite has always been best in class when it comes to moderation features with features like the free IPS Spam Service that are completely unmatched by other web applications. Over this series of 5 blog entries I'm going to introduce you to some of the new moderation features in the IPS Community Suite 4.0. Part 1: Setting up moderators Part 2: Approval Queue Part 3: Reports Part 4: Effective Moderation Part 5: Warnings Sometimes content needs to be approved before it can be viewed. This can happen when: Approval is enabled for a particular member (perhaps for a particular time after giving a warning) Approval is enabled for a group (perhaps for new members until they have been registered for a certain number of days) Approval is enabled for a forum/category/etc. Currently, if there is content requiring approval, badges display next to the forum/topic to alert moderators. While this works well it has some drawbacks: it means clicking around the community to find content, and if there's an area of your community you don't visit very often (personally I don't often check the gallery here) sometimes you might not notice something needs to be approved. For 4.0, we wanted to improve this. There were two main goals we set: Content from across the suite should be pulled into a single area for moderators so moderators can locate content pending approval manually. Moderators should be able to act on content pending approval (usually by approving or deleting) quickly. What we've created is a new area of the moderator control panel which we call the Approval Queue. When you visit the approval queue, you see the first topic/post/comment/whatever which is pending approval: As you can see, the page shows you clearly who posted it, what it is and the content. You can click on the badge on the right (in the screenshot above where it says "File Comment") to be taken directly to it if you want to see it in context. At the top, you can see 3 really clear actions: approve, skip and delete. Clicking any of these will do that action, and then immediately show you the next thing pending approval. This allows moderators to move through the queue really quickly and effortlessly. By clicking on the author's name, you can also issue a warning, flag the user as a spammer and send the user a message - all this is done without leaving the page: And when all content has been approved, you can enjoy the satisfaction of an empty queue: Here's a video of it in action: As an incidental feature - previously if a member made a post and it needed to be approved, they would get a confirmation message telling them so but wouldn't be able to see the post. This sometimes led to confusion when members missed the confirmation message and thought their post hadn't been submitted. In 4.0, users can now see their own posts which are pending approval: Attached Thumbnails View the full article View the full article

3/3/2014 Houston, TX - cPanel, Inc. is thrilled to release cPanel & WHM software version 11.42, which is now available in the RELEASE tier. cPanel & WHM version 11.42 offers a brand new theme, an upgrade to Horde Groupware Webmail, and more. Paper Lantern Theme As part of 11.42, cPanel & WHM introduces Paper Lantern, a modern, powerful theme. With its simplified design, beautiful icon set, and thoughtful feature names, this edition of Paper Lantern is only the beginning. Horde Groupware Webmail Upgrade cPanel & WHM now uses Horde Groupware Webmail Edition 5.1. This upgrade provides a simple webmail application for all users, regardless of experience level. Detailed information on all cPanel & WHM version 11.42 features can be found at https://documentation.cpanel.net.* An overview of the latest features and benefits is also available at http://releases.cpanel.net. To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the “Security Advisories and Product Release Announcements” mailing list here: http://cpanel.net/mailing-lists. *Please note the updated URL for cPanel & WHM Documentation. View the full article

<p>cPanel & WHM software version 11.38 will reach End of Life at the end of April 2014.</p> <p>In accordance with our EOL policy [<a title="http://go.cpanel.net/longtermsupport" href="http://go.cpanel.net/longtermsupport" target="_blank">http://go.cpanel.net/longtermsupport</a>], 11.38 will continue functioning on servers after reaching EOL. However, no further updates, such as security fixes and installations, will be provided for 11.38 once it reaches its EOL date.</p> <p>We recommend that all customers migrate any existing installations of cPanel & WHM 11.38 to a newer version (either 11.40 or 11.42).</p> <p>If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at <a title="http://go.cpanel.net/blockers" href="http://go.cpanel.net/blockers" target="_blank">http://go.cpanel.net/blockers</a>), then cPanel is here to help. Simply open a support ticket at <a title="https://tickets.cpanel.net/submit" href="https://tickets.cpanel.net/submit" target="_blank">https://tickets.cpanel.net/submit</a> so that our knowledgeable support team can provide recommendations, migration assistance, and more.</p> <p>About cPanel, Inc.<br />Since 1997, cPanel, Inc. has been a leading innovator and developer of control panel software for the web hosting industry. cPanel builds software that allows web host professionals to transform standalone servers into fully automated, point-and-click web hosting platforms. cPanel-licensed software allows server and website owners, along with resellers and developers, to optimize their technical resources and replace tedious shell-oriented tasks with dynamic, intuitive web-based interfaces. For more information, visit <a title="http://cpanel.net" href="http://cpanel.net" target="_blank">http://cpanel.net</a>.</p> <p>For the PGP-signed message, see <a title="11.38 60 day notice-signed" href="http://cpanel.net/wp-content/uploads/2014/02/11.38-60-day-notice-signed.txt" target="_blank">11.38 60 day notice-signed</a>.</p> View the full article

Day to day administration of your site and particularly managing member permissions has been greatly improved in IPS Community Suite 4.0. It is now easier than ever to see who has access to what but there are still times when being able to see exactly what a member sees can be useful. Perhaps a member is reporting that they can't view a section of the site or they need assistance altering settings on their account? For this reason administrators can log in to other users accounts automatically via the admin control panel where allowed. Security When dealing with access to other people's accounts security is of critical importance and we take this very seriously. Permissions for this are of course controlled by the ACP restrictions system so the ability can be toggled easily on a per user or group basis only to trusted administrators. The member also does not need to reveal their password to the administrator and all login actions are recorded in the logs so security and an audit trail is maintained. Logging In The process of logging in as a user starts in much the same way as in previous versions of the suite. When viewing a member in the ACP you simply click sign in and a new window with your user session is created. For IPS Community Suite 4.0 we have improved several areas of this implementation. Firstly, when logging in as a user you do not lose your existing admin session. You still show logged in as yourself but acting on behalf of somebody else. The user menu updates to show this and serve as a reminder so you do not forget to log out and continue posting using another account. All actions you now perform are as if you were logged in as the user themselves. Viewing and posting permissions reflect the user you are logged in as and any content created will show as if posted by that user. In previous versions not having this workflow was frustrating as you would log in as another user and then when you were finished need to log back out and then log back in with your administrator account. We have now made this seamless. When logging out from another user account in IPS Community Suite 4.0 you are simply returned back to your original admin session with no need to log back in. Summary We hope that these small but powerful changes make for a much more productive workflow. Helping members with access issues and making sure your user permissions are set up correctly should now be much more practical and intuitive. Attached Thumbnails View the full article View the full article