Michael

Easy thing to do

Username = front end Admin username = email address everything else can be the same.

Doesn't effect us as customers does it though, we apply the hotfix... why worry about other people?

Merci mate, bloody hell they said expect more than one patch but man 2 in a day, oh well better safe than sorry. I was just doing a client's server and mine and his server was updated with CloudLinux 6. Mine was updated via Centos updates repo (I think InterWorx ran it for us) [root@system ~]# yum update bash -y Loaded plugins: fastestmirror, replace Determining fastest mirrors epel/metalink | 16 kB 00:00 * base: centos.mirror.nac.net * epel: mirror.cs.pitt.edu * extras: mirror.symnds.com * remi: remi.check-update.co.uk * updates: centos.aol.com * webtatic: us-east.repo.webtatic.com base | 3.7 kB 00:00 base/primary_db | 4.4 MB 00:01 epel | 4.4 kB 00:00 epel/primary_db | 6.3 MB 00:00 extras | 3.3 kB 00:00 extras/primary_db | 19 kB 00:00 interworx-beta | 2.5 kB 00:00 interworx-beta/primary_db | 38 kB 00:00 interworx-beta-noarch | 2.5 kB 00:00 interworx-beta-noarch/primary_db | 43 kB 00:00 interworx-release | 2.5 kB 00:00 interworx-release/primary_db | 174 kB 00:00 interworx-release-candidate | 2.5 kB 00:00 interworx-release-candidate/primary_db | 57 kB 00:00 interworx-release-candidate-noarch | 2.5 kB 00:00 interworx-release-candidate-noarch/primary_db | 164 kB 00:00 interworx-release-noarch | 2.5 kB 00:00 interworx-release-noarch/primary_db | 252 kB 00:00 interworx-stable | 2.5 kB 00:00 interworx-stable/primary_db | 135 kB 00:00 interworx-stable-noarch | 2.5 kB 00:00 interworx-stable-noarch/primary_db | 157 kB 00:00 kernelcare | 951 B 00:00 kernelcare/primary | 2.7 kB 00:00 kernelcare 17/17 mod-spdy | 951 B 00:00 mod-spdy/primary | 1.1 kB 00:00 mod-spdy 1/1 remi | 2.9 kB 00:00 remi/primary_db | 1.0 MB 00:00 scl | 2.9 kB 00:00 scl/primary_db | 517 kB 00:00 updates | 3.4 kB 00:00 updates/primary_db | 5.3 MB 00:00 webtatic | 3.6 kB 00:00 webtatic/primary_db | 216 kB 00:00 Setting up Update Process No Packages marked for Update [root@system ~]# rpm -Uvh http://mirror.centos.org/centos/6.5/updates/x86_64/Packages/bash-4.1.2-15.el6_5.2.x86_64.rpm Retrieving http://mirror.centos.org/centos/6.5/updates/x86_64/Packages/bash-4.1.2-15.el6_5.2.x86_64.rpm Preparing... ########################################### [100%] package bash-4.1.2-15.el6_5.2.x86_64 is already installed [root@system ~]# yum list installed | grep bash bash.x86_64 4.1.2-15.el6_5.2 @updates [root@system ~]#

What order form are you using? Also what Blesta version are you using? Can you include a print screen of your order form creation page?

We use our business email addresses for admin usernames. You could do the same.

Nope they can't have the same usernames.

From what I'm aware of: CVE=2014-6271 Fixed in: bash-4.1.2-15.el6_4.x86_64 CVE-2014-7169 Fixed in: bash-4.1.2-15.el6_5.1.x86_64

Depends if you have more than one selected it should be like this:

And you get hit by Kernel issues, OS issues, as long as a script is locked down without a password I don't see what matters what they use. 5.6 might have more exploits than 5.4... MySQL 5.6 might just break your database...

Yes they have a choice if they want to, but why should you FORCE them to do it? Why should anyone tell you that you have to do something? Why should Blesta be the law of how people want to run their own business? You have to have the latest PHP because hey you should be using the latest technology.. How many people do you think Blesta would loose if they did that?

They fixed both CVE-'s today so ensure it says: Use: yum list installed | grep bash Should see: bash.x86_64 4.1.2-15.el6_5.2 @updates ------ Downloading Packages: bash-4.1.2-15.el6_5.2.x86_64.rpm | 905 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : bash-4.1.2-15.el6_5.2.x86_64 1/2 Cleanup : bash-4.1.2-15.el6_5.1.x86_64 2/2 Verifying : bash-4.1.2-15.el6_5.2.x86_64 1/2 Verifying : bash-4.1.2-15.el6_5.1.x86_64 2/2 Updated: bash.x86_64 0:4.1.2-15.el6_5.2

If you set the order form you can use the direct url to place a order or make it the default order form and when you have the portal installed you can click order and go straight to the order page.

Should be in the admin area, if you finished the above, but not showing the order form when you click order... Packages > order form > settings > default order form.

I used to have 1024MB but depends on you, if your not the only one on the server I'd use that, if it was just you, you could put whatever you like.

Yep sounds about right mate

Ran out of memory -> PHP.ini value needs expanding.

You first need a group -> Packages > Groups > Create one for domains You then need an order form, you have two options here: A ) Just domains: Packages > Order form > Type: Domains and Other > Dropdown: Domains > Box leave blank > Save. B ) Domains and Webhosting: Packages > Order form > Type: Domains and Other > Dropdown: Domains > Box: Move group(s) for Shared Hosting over from right to left. Then you need to make a package. Packages > create > Domains @ $4.99 > Module: Domain module (LogicBoxes, NameCheap, etc) > Tick all the domains for $4.99 and do the welcome email etc and save it to the Domains group.

Paul can help you with that.

The thing is not everyone wants to jump to the newest stuff. 5.4 yes, 5.5 no, 5.6 no. When 5.4 is getting near end of life sure, 5.5 but there's no point forcing everyone to be sheep and server stuff is not always secure. We've had HeartBleed, Bash exploits, what's next?

Right, and who uses Centos, Ubuntu etc and what happens... BASH Security... now was you using the latest one? I bet you was... now tell me everything is secure with the latest stuff.. not everyone wants to use the newest PHP or MySQL. Not everyone wants to jump head first in the deep end. Look at all the WHM** fans out there using inseucre software, and they are all webhosts and professionals too. And even some of them don't jump head first to the newest *Secure* version.

What's the difference between MySQL and PHP? They both are languages which can be insecure at any time, and you can if you use CloudLinux PHP Selector but hey I dont

1 out of thousands, the thing is not everyone wants to upgrade, I've upgraded MySQL & InnoDB default (Should be stabler) before and had too many issues than I can think of. So I wouldn't use that if it was the last on earth until I was sure and 10000% sure it was fine.

+1 would be very helpful and a great feature.

Yes if a service is Active / Pending / Cancelled it can't be removed for record reasons.