Immediately update WHM/cPANEL servers to maintain peak security and performance.

1. Update WHM/cPanel to a Patched Version Immediately

This is the only permanent fix. Update to any of the following patched builds:

• 11.86.0.41

• 11.110.0.97

• 11.118.0.63

• 11.124.0.35

• 11.126.0.54

• 11.130.0.19

• 11.132.0.29

• 11.134.0.20

• 11.136.0.5

Update command (run as root):

/scripts/upcp --force

After update, verify version and restart cPanel service:

/usr/local/cpanel/cpanel -V
/scripts/restartsrv_cpsrvd --hard

2. If You Cannot Patch Immediately — Apply Emergency Mitigation

Block all public access to cPanel/WHM login ports:

• 2083 (cPanel SSL)

• 2087 (WHM SSL)

• 2095 (Webmail)

• 2096 (Webmail SSL)

This was the first emergency action taken by major hosting providers.

Firewall example (CSF):

csf -td 0.0.0.0/0 2083,2087,2095,2096

3. Check if Your Server Was Compromised

Because this was a zero‑day actively exploited before patch release, you must check logs.

Look for suspicious entries in:

/usr/local/cpanel/logs/access_log
/usr/local/cpanel/logs/login_log
/var/log/secure

Indicators include:

• Unknown IPs accessing /login/

• Sudden root‑level WHM logins

• Session files created without valid authentication

4. Remove Version Lock / Custom Update Tier

If your server is not updating, you likely pinned a custom version.

Reset to RELEASE tier:

whmapi1 set_tier tier=RELEASE

Then run update again.

5. Restrict WHM Access to Trusted IPs Only

Even after patching, limit access:

• Allow WHM only from office/static IP

• Use VPN for admin access

• Disable password logins; use 2FA

This is recommended by multiple security advisories.

6. Restart Services After Patching

Restart cpsrvd and Apache to load new authentication logic:

/scripts/restartsrv_cpsrvd --hard
/scripts/restartsrv_httpd

7. If You Use WP Squared

Update to:

• WP2 version 136.1.7