Administrator

cPanel TSR-2015-0002 Full Disclosure SEC-2 Summary Multiple vulnerabilities via ExpVar overexpansion. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) Description The WHM, cPanel, and Webmail interfaces use a common routine named “expvar” for interpolating user input and some cPanel template variables. In many interfaces, this …

View the full article

You can include advertisements in other areas of your skin, in IP.Content blocks and even in external pages and applications outside of IP.Board.


To place an advertisement in a template or IP.Content block, you can simply use the tag:

{parse advertisement="1"}

The tag can take either the ID number for the advertisement to display, or the key for the location, which will use IP.Nexus' normal logic for fetching the advertisement. For example, using this tag:

{parse advertisement="ad_code_board_index_header"}

Would display whatever advertisement is configured to show in the board index header - if more than one is configured, Nexus will either pick a random one, or the most recent one (as per the circulation setting described above).


To place an advertisement on an external site, you can call a REST API which will out put the contents - the file is located at:

http://www.yoursite.com/interface/advertisements.php

You simply need to pass a single variable in the query string which is the same as the parse tag above (ID number or location key).

For example, you might use something like this to add your advertisement to a website outside of IP.Board:

<?php echo file_get_contents( "http://localhost/ipbdev/interface/advertisements.php?ad_code_global_header" );

Default Location Keys
 

• Global Header: ad_code_global_header
• Global Footer: ad_code_global_footer
• Board Index: Header: ad_code_board_index_header
• Board Index: Footer: ad_code_board_index_footer
• Board Index: Sidebar: ad_code_board_sidebar
• Forum View: Header: ad_code_forum_view_header
• Forum View: Footer: ad_code_forum_view_footer
• Forum View: After first topic: ad_code_forum_view_topic_code
• Topic View: Header: ad_code_topic_view_header
• Topic View: Footer: ad_code_topic_view_footer
• Topic View: After first post: ad_code_topic_view_code

cPanel TSR-2015-0002 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv2 scores …

View the full article

We are releasing a patch for IP.Board 3.3.x and 3.4.x to address two CSRF issues and one XSS issue.

It has been brought to our attention that a cross site request forgery issue exists with gravatar images that can allow a potential attacker to cause a user to store a gravatar profile photo that was not desired.  Further, during internal reviews of the issue we discovered another CSRF issue that can allow an attacker to mark all private messages as read. Finally, a minor "self XSS" issue has also been patched with this update.


To apply the patch
Simply download the attached zip for your IP.Board version and upload the files to your forum server.

IP.Board 3.3.x:

 patch_33x_Feb2015.zip

IP.Board 3.4.x:

 patch_34x_Feb2015.zip

If you are an IPS Community in the Cloud client running IP.Board 3.4 or above, no further action is necessary as we have already automatically patched your account. If you are using a version older than IP.Board 3.4, you should contact support to upgrade.

If you install or upgrade to IP.Board 3.4.7 after the date and time of this post, no further action is necessary as we have already updated the main download zips.

We extend our thanks to Daniel Price, A.K.A ShadeSpeed of the GameMaker Community for notifying us of the gravatar issue privately and promptly.

View the full article

On a test or developer site, if you want to prevent the system from sending emails, add the following to your constants.php file.  If you enter a valid path it will log any emails a file, if you don't need that then enter the second option of /dev/null/

define( 'EMAIL_DEBUG_PATH', "/home/user/devmail");

define( 'EMAIL_DEBUG_PATH', "/dev/null");

When using ssl logins only, you may see an error with the search field pulling non https.

Edit quickSearch template and find this:

<form action="{parse url="app=core&module=search&do=search&fromMainBar=1" base="public"}" method="post" id='search-box' >

And change public there to https

Release Candidate of IPS Community Suite 4.0.0 now Available

This means we have left the beta stage where things are unsupported and known to be broken and enter the period between that and final. The Release Candidate phase allows us to partially support the Suite without committing our full resources to it. This step also means that there will still be some bugs in the system but they should not be major issues any longer.

You can download IPS Community Suite 4.0.0 RC in your client area. IPS Community in the Cloud clients can request upgrades through support. If you are using our Chat product please note that it is not yet available for version 4.0.0 so please do not upgrade if Chat is required.

Important Support Note

Release Candidates are partially supported only.

There will be bugs in the Release Candidates. Do not use Release Candidates if any sort of issues will impact your ability to enjoy your site.

We will assist you in support with any major problems in installing or upgrading from 3.4.7 to make sure your install is online. However, once the site is online and functional, other less critical bugs may be deferred until the next release to fix those issues. We do plan on a fast update schedule but it does mean you may not get fixes for several days.

To reiterate: we will assist with major problems that make your Suite not function (install issues, upgrade issues, major problems) but you may have to wait for update releases for other issues. Please keep these support limitations in mind when choosing to use a Release Candidate.

Release Candidate Schedule

We plan on having several RCs that will be released every few days over the next couple weeks. By doing a rapid release schedule it will allow us to get fixes out to you very quickly and ensure things are as stable as possible for the final, fully supported release.

Beta Testers

Everyone at IPS greatly appreciates those of you who participated in the beta testing phase. If you did you use beta releases you can upgrade from Beta 8 to RC1 however you may wish to consider a fresh upgrade from 3.4.7 just to ensure you are not carrying over any beta quirks through to RC and final.

Our Thanks

IPS Community Suite 4.0 took at lot longer than we thought it would as we changed the focus of the Suite and were forced to extend our workload and therefore timeline. We are sorry for these delays and we do hope that you see it will be worth it in the end. IPS4 is a great platform and we are very excited to start adding lots of fun features throughout this year.

Upgrading IP.Content to Pages

When upgrading from IP.Content to Pages, it is worth noting that because the underlying code has changed, custom templates and custom blocks are not upgradable. Custom templates are removed from the system after the upgrade, and any custom blocks are retained, but left disabled as a reference point for recreating manually.

This release of Pages does not have external blocks (this feature allows you use IP.Content blocks on another website or page) and neither does it have relational database field functionality. Both these features will be available in a near-future release.

View the full article

SUMMARY cPanel, Inc. has released EasyApache 3.28.4 with PHP versions 5.4.38 and 5.5.22. This release addresses vulnerabilities related to CVE-2015-0235 and CVE-2015-0273 by fixing bugs in the Core module. We strongly encourage all PHP 5.4 users to upgrade to version 5.4.38 and all PHP 5.5 users to upgrade to version …

View the full article

Introducing cPanel & WHM 11.48 cPanel, Inc. has released cPanel & WHM software version 11.48 in the STABLE tier. You’re In Control The newest version of cPanel & WHM has arrived and it’s filled with exciting new updates for both hosting providers and website owners. With advances in both mail …

View the full article

cPanel & WHM software version 11.42 has now reached End of Life. In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.42 will continue functioning on servers. The last release of cPanel & WHM 11.42, 11.42.1.31, will remain on our mirrors indefinitely. However, no further updates, such as security fixes and installations, …

View the full article

For 3.4.7 if you get a 

STARTTLS Failed503 503 5.5.1 EHLO/HELO first. y5sm3826525ign.7 - gsmtp

Upload the following to /ips_kernel/

classEmail.php

A new Adobe Flash zero-day, the third one this year so far, has been found in the wild via drive-by download attacks, according to firm TrendMicro.

According to our telemetry, Malwarebytes Anti-Exploit has been blocking this zero-day since December 3rd, 2014.

https://blog.malwarebytes.org/exploits-2/2015/02/hanjuan-ek-fires-third-flash-player-0day/

http://arstechnica.com/security/2015/02/as-flash-0day-exploits-reach-new-level-of-meanness-what-are-users-to-do/

Introducing cPanel & WHM 11.48 cPanel, Inc. has released cPanel & WHM software version 11.48 in the RELEASE tier. You’re In Control The newest version of cPanel & WHM has arrived and it’s filled with exciting new updates for both hosting providers and website owners. With advances in both mail …

View the full article

SUMMARY cPanel, Inc. has released EasyApache 3.28.3 with Apache version 2.4.12. This release addresses vulnerabilities related to CVE-2014-3583, CVE-2014-3581, CVE-2014-8109, and CVE-2013-5704. We strongly encourage all Apache 2.4 users to upgrade to version 2.4.12. AFFECTED VERSIONS All versions of Apache 2.4 through 2.4.10. SECURITY RATING The National Vulnerability Database (NIST) …

View the full article

The latest test results from Beta 6

We are happy to release the sixth beta of IPS Community Suite 4.0!
 
IPS welcomes any clients who enjoy testing beta software to participate and post bugs in our bug tracker. These beta releases help us to provide a more stable final release and the more people who participate in testing the better it is for all.
 
This release makes available:

• Forums
• Blog
• Gallery
• Downloads
• Calendar
• Commerce
• Pages

 
The upgrade system is now available and you can upgrade from IP.Board 3.4.7 to test this system However: do not upgrade your live community! IPS does not provide technical support or services for beta releases. You can append "-TESTINSTALL" on to the end of your license key to allow to a separate install for test purposes. More information on license keys...
 
Downloading
 
You can download IPS Community Suite 4.0.0 Beta 6 in the client area. Go to your Purchases section, select your license, and click the download link. IPS Community in the Cloud clients do not yet have access to the beta.
 
You will be able to upgrade from Beta 6 to the first supported release of IPS Community Suite 4.0 when it is released. Unless major issues present themselves, we anticipate that Beta 6 is the final beta and next release will be supported. Please do help us test and report bugs. Thank you!
  
Note: If you are already running Beta 5 you can upgrade in your AdminCP. You will see a notice on your Dashboard. If you do not see it: go to Applications and click check for update.

View the full article

Introducing cPanel & WHM 11.48 cPanel, Inc. has released cPanel & WHM software version 11.48 in the CURRENT tier. You’re In Control The newest version of cPanel & WHM has arrived and it’s filled with exciting new updates for both hosting providers and website owners. With advances in both mail …

View the full article

SUMMARY cPanel, Inc. has released EasyApache 3.28.2 with PHP versions 5.4.37 and 5.5.21. This release addresses vulnerabilities related to CVE-2015-0231, CVE-2014-9427, and CVE-2015-0232 by fixing bug in the Core module, Exif extension, and CGI. We strongly encourage all PHP 5.4 users to upgrade to version 5.4.37 and all PHP 5.5 …

View the full article

cPanel TSR-2015-0001 Full Disclosure SEC-1 Summary Arbitrary code could be executed as other accounts with RUID2/ITK enabled. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N) Description The WHM “Apache mod_userdir Tweak” interface incorrectly allowed the exclusion of specific users from userdir protection when mod_ruid2 or …

View the full article

cPanel TSR-2015-0001 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv2 scores …

View the full article

Here was the benchmark testing being performed while the last test was also running.

Server specs for testing.

Dual Xeon CPU's 24 cores total

16GB memory

SSD Drives In Raid 1 array

This test was done using nginx as a reverse proxy for apache as well, with opcache enabled in php 5.6, mariadb 5.5 apache 2.4.

Now these two test were done while also performing an apache benchmark test of 10k hits 100 at a time.

I have been doing some speed testing and benchmarking on IPS4, here are some very nice testing results! 

This is a topic view on both versions, clean install on both.

IPS4 is on the left and 3.4.7 on the Right

We are happy to release the fifth beta of IPS Community Suite 4.0!
 
IPS welcomes any clients who enjoy testing beta software to participate and post bugs in our bug tracker. These beta releases help us to provide a more stable final release and the more people who participate in testing the better it is for all.
 
This release makes available:

• Forums
• Blog
• Gallery
• Downloads
• Calendar
• Commerce
• Pages

 
The upgrade system is now available and you can upgrade from IP.Board 3.4.7 to test this system However: do not upgrade your live community! IPS does not provide technical support or services for beta releases. You can append "-TESTINSTALL" on to the end of your license key to allow to a separate install for test purposes. More information on license keys...
 
Downloading
 
You can download IPS Community Suite 4.0.0 Beta 5 in the client area. Go to your Purchases section, select your license, and click the download link. IPS Community in the Cloud clients do not yet have access to the beta.
 
You will be able to upgrade from Beta 5 to Beta 6 when it is released and to all future betas through final release. Depending on how this Beta 5 goes we may not actually have a Beta 6 so please do help us test and report bugs. Thank you!
  
Note: If you are already running Beta 4 you can upgrade in your AdminCP. You will see a notice on your Dashboard. If you do not see it: go to Applications and click check for update.

View the full article

Run this query to see how much space downloads should be using.

SELECT SUM(record_size) FROM ibf_downloads_files_records WHERE record_storagetype = 'disk';