Password strength requirements have been enabled. When initiating a password change CPanel will calculate the strength of your password and prohibit the usage of weak passwords. You are encouraged to check the strength of your CPanel password and strengthen it with the assistance of the calculator. Cpanel can also generate passwords for you to use. Please contact support if you encounter difficulty due to this new requirement.
The server is running brute force detection software. IP addresses with numerous login failures will automatically be prevented from continued server access. If you’re having trouble logging into your email please reset your password via Cpanel. If you’re having trouble logging into CPanel please use the automated password reset system or contact support. Please do not continue your login attempt past three failures.
Numerous software updates will be performed on the web server this morning. No downtime is expected, though load may be higher than usual.
An overly strict mod_security rule was placed into action this morning, this resulted in blocking numerous legitimate website visitors, though for only a brief period of time. In fact, our own website uptime monitoring service was temporarily blocked from accessing the server, resulting in a perceived downtime of approximately 15 minutes. Effected were any user agents that contained the words “fetch” or “site.”
This rule has been put into ‘log only’ mode, so it may be better tuned and prevent further innocent casualties.
The good news is that there have been a few more rules put into action that appear to be working well to stop the influx of ‘attack spam.’ These rules are very specific and targeted toward problem areas. They should not effect legitimate users. If, by chance, you or your visitors receive 406 errors (standard mod_security error), 412 (targeted mod_security error), or 503 (IP connection limiting in effect) let us know.
The goal, as always, is to make security filtering invisible to the legitimate user.
We have enabled login brute force detection. If you have forgotten your password for any service, please reset it, versus attempting multiple failed logins. After the fifth attempted login has failed you’ll be unable to try again for fifteen minutes. This measure is an attempt to quell the recent brute force attempts into the email services.
© 2005 Positive Fusion - Rendered in 0.502 seconds - Powered by Wordpress.