- Posted by bwf
- On April 14, 2016
- 0 Comments
Three members of our team are attending the cPanel One Day Conference in Edinburgh today to learn about the exciting new features of cPanel and some tips and tricks from experts. We’ll be live blogging the whole even throughout the day in each talk.
Follow our live blog below to stay up to date with what’s happening.
9AM – 9:55AM – Ken Power
cPanel/WHM 56 was pushed to release tier this week and Ken speaks about the new features and what we can expect from future releases of the product.
cPanel Site Publisher is now in cPanel 56 in the domains section. To start using it just select your domain name after clicking the icon in cPanel, pick a template, then fill some information in, such as your name, a description, opening times, etc. cPanel Site Publisher will then put together a basic, good looking website for you. The great thing is that Site Publisher can be extended with your own custom templates and there’s an API so as a Reseller you can integrate the Publisher with your own website or order form.
In cPanel 56 the new ‘convert addon domain to account’ option allows Resellers or server admins to move domains from being an addon domain of another account to being its own standalone account. Anyone who has had to do that manually before knows how much of a time saver this is! Furthermore there’s a command line tool and again an API so the function can be called in any scripts you have.
cPanel have vastly improved the SSL purchasing and installation screens for individual accounts. They’ve automated the whole process with certain stores/providers. The whole process from purchasing to installation is automated. This combined with Market Provider Manager allows you to add pricing for SSLs or other providers.
Another nice feature is that cPanel are now offering free SSL certs for hostnames, so that SSL warning when logging into WHM or cPanel will be no more once these roll out.
Server Migration: Transfer Tool has always been useful for moving accounts from server to server, generally very easily and flawlessly but they’ve now announced that the entire server configuration including Apache, PHP, Mail config, Exim and more. This means any customisations such as mod_security tweaks will all be copied over.
cPanel 56 has many more new features which you can read about here.
So moving forward cPanel have mentioned they’re working to implement Let’s Encrypt officially, adding more to Transfer Tool and working to improve Site Publisher and the Marketplace.
10AM – 10:55AM – Jacob Perkins
This talk is all about EasyApache4 and the benefits. We’ve got EA4 deployed on a number of servers now. The main benefits are that config files are where you’d expect them to be. RPMS are used rather than building from source meaning you don’t need to build Apache each time you make a change. It has full PHP7 support. Jacob mentioned that PHP-FPM may be the new default processor in 58. EA4 will also be the default setting in 58.
Whilst they have moved files to make things a little more obvious when making config changes the old EasyApache 3 config locations are symlinked so no need to worry if you’re still used to the old standards.
Another nice feature with EasyApache 4 is that it’ll automatically figure out which version of PHP your site is using so that Cron jobs are run with the correct version. cPanel have also dramatically improved the EasyApache4 Migration script and it’ll now alert you of any issues with mod_security tweaks for example. They have an automated system to convert most EA3 configs to work with EA4.
With EA4 anyone with WHM access can edit the PHP versions for accounts they own and within cPanel itself the user can change their own version. This is something we’ve had for some time now but not officially provided. The benefit here is that cPanel updates will take care of any bugs that crop up.
11AM – 11:55AM – Matt Pugh (WHMCS)
Matt from WHMCS is speaking about how WHMCS has been improved and integrated with cPanel in recent releases. He talked about the new responsive client area theme, how they’re using Eloqent ORM from Laravel to allow developers to customise WHMCS core components more easily. They touched on using composer to provide an auto-updater in future builds. Anyone who uses WHMCS will know the pain of having to manually update so this is a very welcomed addition.
Single Sign On – users of our website will know all about the single sign on features of WHMCS and cPanel, you can view your usage, buy addons and use common cPanel features straight from the client area. Single sign on has been expanded on with Application Linking. That allows hosts to add links to a custom section of cPanel with common features such as support tickets, invoice history, etc.
The framework behind Application Linking relies on OAuth 2.0 with OpenID connect which means the user will have to approve any requests and trust the application.
It’s clear that WHMCS are really seeking to fully merge the client area with cPanel in the long term and for now they’re working to reduce the number of logins a user will need to remember.
2PM – 2:55PM – David Snead
David Snead, a former lawyer for a number of web hosting companies and data centres is discussing creating a global user agreement, negotiating with international vendors, optimising corporate structuring issues and finally handling abuse issues in relation to customers and law enforcement agencies, etc.
David is giving out useful tips throughout the talk, such as ensuring that vendor terms match or are similar to your customer terms and how all forms of documentation such as Terms of Service, Service Level Agreements, Acceptable Use Policy, etc. should all focus on the customer and should be written up with the customer in mind. He noted the importance of writing a Terms of Service with the laws of your country in mind. Even for a global market.
When negotiating with international vendors David recommends that you ask the following five questions when reading contracts.
What are you required to do?
What type of assistance will you get?
What are your long term obligations?
What are you giving up?
Are you negotiating on price only?
3PM – 3:55PM – Nick Jackson
Nick’s talk is titled, “Reduce vulnerabilities and defend against the most common (and successful) types of attacks launched against shared hosting systems.” and it’s a general discussion about security of servers and how to determine risks to servers.
cPanel now uses the CVSS rating scheme for security patches, rather than the old, ‘important, critical, minor, .etc.’ method that they had been using for many years.
cPanel very regularly patch what they call ‘non public’ vulnerabilities, those releases are on the third Monday of every other month. Of course should a new large vulnerability surfaces then they generally patch these sooner.
Nick noted the importance of carefully reading and understanding the larger public vulnerabilities such as Heartbleed, he stated that many people overreacted in this case and actually can cause more security risks in doing so.
How do cPanel find vulnerabilities in their software? They have an array of techniques including their own testing, reading tickets from their customers, scanning software and more.
The majority of hacks result in an account spamming using the servers IP address however some are more quiet and can lie doing seemingly very little. However the worrying aspect is that if the entry method is an insecure password, and if that user has that same password for all of the rest of their logins, they can potentially become compromised.
4PM – 4:55PM – Richard Asp
Richards talk is all about their migrations team. It’s a free service provided by cPanel where they will have access to both the source and destination servers and they specialise in doing non-standard migrations such as Plesk to cPanel, very old versions upgrading, or any other control panel. They then create a plan, schedule the migration and have DNS changed over as well. They’ve done thousands of migrations so they have the experience to handle migrations successfully.
Richard talked in depth about how the team at cPanel have to work to find any changes to third party control panels such as DirectAdmin or Plesk so they can migrate sites successfully and how they document all of their procedures in their Wiki.
The main script the cPanel team use is ‘pkgacct-XXXX’ which does the packaging from the third party panels, they modify that script for each control panel to ensure the migration works successfully.
It’s worth noting that these scripts are all available to download from cPanel directly to use yourself and many of them are implemented in Transfer Tool in WHM.
The free service only applies to Third Party Panel to cPanel Migration or those old cPanel versions that won’t update anymore but it’s still definitely a cool service.
Well that’s the first cP1Con Edinburgh over, now we’re heading off to the networking reception. These smaller, one-day conferences definitely are worthwhile and we urge anyone with an interest in cPanel/WHM to find your nearest one and attend.