A usernames leakage on Directadmin servers through phpMyAdmin logs was recently discovered. And here we will guide you through the security update in order to protect your server against this vulnerability.
On July 18th, 2016, a CGI application vulnerability, referred to as "HTTPoxy", was disclosed. An attacker can exploit vulnerable deployments by passing an HTTP Proxy header with their request, which will alter the URL used by the application when contacting backing services. This can be used to leak credentials, modify responses to the application, etc.
If Dovecot update/build with custombuild fails with an error: "sha1.h:80: error: static or type qualifiers in abstract declarator", here is a how to fix it.
It was noticed that caching does not work in NGINX if to try and enable it on a Directadmin server when using NGINX+Apache scheme. Here you can learn why...
If Apache or nginx does not start after Let's Encrypt cert renewal, and you see an error "certificate routines: X509_check_private_key:key values mismatch)" with nginx, here is a solution.
If System Backup on your Directadmin server fails to upload to a remote storage via SCP, and you are sure that RSA/DSA key is fine and there is not issue with connectivity, then here is a possible reason and a solution.
As of today Keep-Alive is disabled in nginx configs when using it as a reverse proxy in front of Apache, both installed with Custombuild 2.0 on Directadmin server. Here you can learn how to safely enable it.
We are glad to share a new great feature that appeared in Directadmin since 1.5 version that was released a day ago. With this you can install an absolutely free SSL certificate from Let's Encrypt. Have fun with this.
Want to have nginx_mainline installed on your server to gain from using HTTP/2, here are instructions on how to install it manually or with a simple bash script.
Directadmin since the version 1.431 allows to have two versions of PHP and a every user on such a server can change a PHP version per domain.