Our features site is undergoing a refresh! Be sure to explore the revamped site and discover our latest product roadmap launching here on Monday, March 18th.
New Topic
cPanel & WHM Feature RequestsTopicSecurity
Properties
Category Security

Stop using the non-secure HTTP CP download site of httpupdate.cpanel.net

Eitan Caspi shared this idea 13 months ago
Needs Review

Hello,

My CP showed an activity of accessing httpupdate.cpanel.net using un-secure port 80, plain text HTTP.

I approached CP support and they generally declared that it is what it is, and that CP secure the download of CP update files, as mentioned at https://docs.cpanel.net/knowledge-base/security/download-security/.

Even in CP posts of how to install CP - it directs to use https://securedownloads.cpanel.net

https://docs.cpanel.net/installation-guide/install/
https://support.cpanel.net/hc/en-us/articles/360050842894-How-to-install-cPanel


Usage of plain text HTTP is for a long time counted as insecure practice, also because HTTP can be attacked with traffic redirects and injection back to the source server.

I don't know why CP sill use this practice and I ask of it to stop using it ASAP.

1 I like this idea 0  
Leave a Comment
 
Attach a file

cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.