cPanel vulnerabilities TSR-2016-0001

cPanel recently released a notice that all of the following versions of cPanel are vulnerable to a new issue found & Greater & Greater & Greater & Greater

You should update cPanel to the latest version to ensure you are protected from this. You can update cPanel via SSH or WHM.

How to redirect from main site to subfolder

If you are trying to redirect from to this requires a special .htaccess config to avoid creating a loop. You can use the following in the .htaccess of the main site. Replace with your own website, and replace newfolder with the name of the folder you want to redirect to.

RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?$
RewriteCond %{REQUEST_URI} !^/newfolder/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /newfolder/$1
RewriteCond %{HTTP_HOST} ^(www.)?$
RewriteRule ^(/)?$ newfolder/index.php [L]

Courier mail software deprecated, Dovecot mail now required

cPanel has offered 2 options for pop/imap mail software for several years. But now Courier is being deprecated and cPanel is now requiring all servers to be upgraded to Dovecot.

You may have received the following notice:

The cPanel & WHM update cannot proceed because the following service has been deprecated: Courier 

 You have 27 day(s) and 23 hour(s) until we remove Courier and replace it with Dovecot. 

 To continue using Courier, you must change your Update Preferences in WHM to Long Term Support (LTS). By switching to LTS, you will not receive new features and eventually will stop receiving security updates. 

 cPanel & WHM version 11.52 will be the last LTS version to support Courier. 

 For more information about Long Term Support:


To be able to continue receiving updates and stay current with the latest features of cPanel, it’s best to switch now to Dovecot.

This can easily be done in WHM, go to the link ‘Mailserver Selection’, then on that page click the button next to Dovecot, and click Save at the bottom.

It will automatically switch and convert the entire server. There should be no downtime and no lost mail. Users should not notice any difference and should be completely seamless.


another glibc vulnerability CVE-2015-7547

Yet another glibc vulnerability has been detected on Feb 17, 2016 which effects:

Red Hat Enterprise Linux 6 & 7
CentOS 6 & 7
CloudLinux 6 & 7
(It also effects non-cpanel operating systems Debian Squeeze, Wheezy, Jessie, Ubuntu 12.04 & 14.04)

To patch your server, type:

yum clean all
yum -y update glibc


For more technical information on this vulnerability, please see: