In response to security improvements, roadmap projects, and software announcements, the Reclaim Hosting infrastructure team would like to communicate the following timelines and coming changes through 2022:
Updates to PHP Versions
On August 1, 2022, PHP 8.1 will be made available across all servers. On October 1, 2022, we will set the default PHP version on all servers to PHP 8.0. This means that any account or application set to use the server default version will be using PHP 8.0 from this point on. PHP 7.3 and PHP 7.4 will still be available for the time being after this change, so if an application or user is inheriting the server default and there are concerns about application compatibility, users will need to manually set which version to use.
On January 1, 2023, we will remove PHP 7.2 from all servers; this means the lowest version available on our servers will be PHP 7.3 from this point on. Any installation or account still using PHP 7.2 at this point will be brought up to PHP 7.3. Users will need to address incompatibility of individual applications.
You can learn more about supported PHP versions at php.net. You can also learn how to change your PHP Version in cPanel by referencing our documentation.
Updates to Root Access
Beginning summer 2022, we are implementing security improvements across Reclaim Hosting infrastructure. In an effort to prevent malicious activity on servers, we will be locking down potential pathways for this activity to occur. These changes will impact how project admins access the root account of all servers.
The first of these changes, beginning July 15, 2022, will be blocking SSH logins to root except from specific IP addresses. We are looking into login alternatives for admins (such as setting up a separate admin account for SSH access), but if an admin is in need of root access while we are in this transition, you will need to be provide Reclaim Hosting with one or more fixed IP addresses from which to allow root logins via SSH.
We will continue to allow root logins via WHM, but this will be subject to change as we investigate alternatives; the root terminal in WHM has already been disabled. In the interim, we also encourage you to be very protective over who is given WHM/root access.
cPanel LTS and Ubuntu
cPanel has begun the process of deprecating the Basic style and Paper Lantern theme in favor of their Glass style and Jupiter theme. This change has been very disruptive, not only for Reclaim Hosting users, but for many other cPanel users. Paper Lantern will still be included in the most recent LTS (long term support) version of cPanel (v102) until it is no longer supported (Summer 2023). We are currently looking for alternatives, but to both preserve Paper Lantern and ensure long term stability, we have switched all servers to use cPanel’s LTS tier and will set up all future servers with cPanel LTS.
Due to CentOS 8x’s premature EOL (and the coming EOL of CentOS 7x), pending further testing, future servers will have Ubuntu Linux installed rather than a RHEL-based Linux distribution. The current LTS version of cPanel (v102) offers full support for Ubuntu Linux.
Security Patches
We are pushing out two patches to prevent future server compromises.
The first is a set of additional rules for the all-users .htaccess file (/home/.htaccess). These rules will prevent anyone from directly accessing any WordPress installation’s configuration file (wp-config.php). While WordPress provides no useful information by default on accessing this file, misconfiguration on the part of a user can expose the site’s database credentials when this file is accessed. These rules will mitigate by outright denying access to this file.
The second is a script that will search for WordPress (and WHMCS) configuration files and set their permissions so that only the user to whom the site belongs can access the file. The script is set to run on each hour and will re-set the permissions on each run. This, in addition to rules we’ve added to mitigate a separate symlink vulnerability, should further prevent attackers from using a compromised site to “hop” over to other sites on the server.
Please contact us if you have any questions or concerns.
