Softaculous <![CDATA[New Virtualizor Templates launched for ubuntu-14.04 KVM, XEN-HVM, XCP-HVM, XEN-PV and XCP-PV]]>
The Virtualizor team has launched following templates.

  • ubuntu-14.04 (x86/x86_64) for KVM, XEN-HVM, XCP-HVM, XEN-PV and XCP-PV


Virtualizor Team]]>
Mon, 21 Apr 2014 07:00:16 GMT
<![CDATA[domain problem]]>
You will have to add an A record pointing the domain to the IP address]]>
Mon, 21 Apr 2014 05:35:20 GMT
<![CDATA[domain problem]]> General Support.
Please click the link below to visit the topic:]]>
Mon, 21 Apr 2014 05:18:52 GMT
<![CDATA[Get Free License]]>
You can simply install Softaculous on your server and it will fetch a Free license automatically. I see that you have already install Softaculous and it holds a free license.]]>
Mon, 21 Apr 2014 05:17:52 GMT
<![CDATA[Broken installs using Softaculous]]>
Sir is your domain pointing to the correct IP ?
Also is there any .htaccess file in the root of your domain ?

If you can open a support ticket with the FTP details we can check the issue asap :]]>
Mon, 21 Apr 2014 05:16:23 GMT
<![CDATA[Get Free License]]>
  I am asking how to get a free softaculous on my whm cpanel. Thank you.

My Server IP is:
And my emal is:]]>
Sun, 20 Apr 2014 22:14:58 GMT
<![CDATA[domain problem]]> I am use VPS server installing webuzo . I am add domin my vps server  . i make link my  driect go to vps IP show number.  not show  why?

i buy  domain from namecheap . ]]>
Sun, 20 Apr 2014 17:36:11 GMT
<![CDATA[Heartbleed Vulnerability]]> Background:

If I understood Heartbleed correctly, there was a pointer assignment without a bounds check in the C source code of the heartbeat extension to OpenSSL, leading to a buffer overflow attack wherein a correctly crafted heartbeat request would make a vulnerable server dump upto 64k blocks of RAM with no checks on whether that 64k block crosses over into RAM areas of other apps.

This means HB allows an attacker to slowly read the RAM contents of the server.

This means the following are possibly compromised (assuming worst case):
1. unix usernames - so if you made any smart username to get some additional security, that's gone. Not only that if /etc/passwd is read, then all additional users by and for OS services are also exposed.
2. unix password hash - depending on how good the attacker is at reversing / matching hashes, your password is gone. If there is an area in RAM (timing is important) that your password is being compared with the hash (you are logging in) then your password is in plaintext - for computing the hash to compare with the stored one.
3. SSL certificates, private keys - this is the real blow.
The attacked does nothing, just reads your certs and keys and henceforth copies all encrypted traffic between you and the server, and puts a couple of servers to the task of decrypting your entire traffic. In maybe 10MB of traffic that you cause in one session logged in to any secure app, at 2-3 locations passwords will be moved around. This is what he is looking for.
Slowly, he builds a database of all your information.
Attacker does this for every server that is HB vulnerable and attacks communication and all users of all such servers.
Now he has a huge DB of private info to sell. He may also sell the certs and keys on the darknet.

Effectively, you as a user, and worse, as a server administrator, have no idea how much data has been slowly accumulated by some random node on the internet between you and the server. Or if you are not paying attention to your logs, maybe someone has logged in and read everything.
And you wont know a thing about it.


The most worrying part is that your certificates and keys that you use, thinking that you have patched the HB vulnerability are still known to the attacker.

So any Heartbleed vulnerable server is not cleaned up until every password of every user is changed AFTER every SSL key and SSL cert is revoked and reissued. Am i right?

I deleted and re-issued all my Apache SSL keys and certs.

However, I am unable to delete and re-issue the control panel certificate. Please instruct as to how that is done. I changed all certs and keys from IP to primary domain to all addon domains.
But the SSL cert I get on the control ports has not changed.

I guess this is the cert with webuzo's nginx and it might have a separate location from certs for the web server?

Thanks in advance.
Sun, 20 Apr 2014 11:33:42 GMT
<![CDATA[Broken installs using Softaculous]]> Sun, 20 Apr 2014 08:24:26 GMT <![CDATA[CentOS and root access (Webuzo 2.2.1)]]> (Network is unreachable, invalid IP addresses, etc)

This thread details my struggle and some links I found useful in solving similar issues:

Hope they help.]]>
Sat, 19 Apr 2014 18:56:34 GMT