Control Web Panel

WebPanel => How to => Topic started by: puterfixer on April 11, 2019, 04:55:24 PM

Title: How do I get rid of Netdata?
Post by: puterfixer on April 11, 2019, 04:55:24 PM
Okay, I am seriously pissed. The appearance of netdata on my server was not announced, it exposes publicly internal server configuration details (such as user accounts) without requiring any authentication on the web frontend, and who knows what other issues it has - like, predefined account password?

I want it out of my server. Right. NOW.

But, after uninstalling it manually, it was re-added overnight automatically.

How do I f*ing get this piece of s* out of my system and keep it out? I mean, who's in control of my server, me or CWP?
Title: Re: How do I get rid of Netdata?
Post by: Igor S. on April 11, 2019, 06:06:43 PM
Hi,

To uninstall netdata please use this command, it will require some confirmation
Code: [Select]
/usr/local/src/netdata/packaging/installer/netdata-uninstaller.sh --yes
Title: Re: How do I get rid of Netdata?
Post by: puterfixer on April 12, 2019, 11:43:04 AM
I did that already, Netdata was installed again overnight by CWP's update script.

At the moment I turned off the service and removed it from autostarting, then edited the configuration file and set all "enabled = no" and limited access to localhost.

But I should be able to choose if I want this even to exist on the server, not to have it forcefully installed every time I uninstall it.
Title: Re: How do I get rid of Netdata?
Post by: studio4host on April 12, 2019, 12:04:04 PM
cwp is not installing netdata automatically so it must be some other script from netdata which is installing it.
Title: Re: How do I get rid of Netdata?
Post by: puterfixer on April 13, 2019, 07:39:43 PM
Netdata appeared on the server by itself a couple of weeks ago. After I uninstalled it manually, it reappeared overnight.

I'm the only admin on this server, and I did not install Netdata manually. From automated scripts point of view, only root has 4 cron jobs, which are custom defined for wordpress instances, no other users have cron jobs.

There is also the daily script which came with CWP, which checks latest CWP version and updates LFD and runs backups and all that. This is the only cause for Netdata to have been installed. After all, a new menu entry appeared in CWP for Netdata, with the marking "New", so the CWP admin interface was also updated automatically to add this feature.

Sorry, but I do not believe one second your statement that "cwp is not installing netdata automatically". It has installed the package, it has added the new entry in the CWP admin panel, and it is enforcing its installed status every night without my control.

So we get back to the big question - how come CWP determined that it can install stuff on my server without asking me, especially stuff which creates publicly accessible services with no authentication.

If CWP thinks it has full authority on my server and can install anything it wants on it, then I no longer have any trust in this software. You guys could install crypto mining software on my server overnight for all I know, just because you can. Or anything else for that matter, completely without visibility or control from the actual server owner.
Title: Re: How do I get rid of Netdata?
Post by: Netino on April 13, 2019, 11:18:20 PM
Netdata apeared in my server just by clicking on CWP -> Graphs -> Netdata.
I did not installed.
Check if this was not your case.

Regards,
Netino
Title: Re: How do I get rid of Netdata?
Post by: puterfixer on April 14, 2019, 09:41:42 AM
Correct.

1) Why did it install without asking me if I want it installed or not.

2) How can I get it out completely without Anacron daily job reinstalling it as part of the automated update of server packages.
Title: Re: How do I get rid of Netdata?
Post by: hugaagogo on April 14, 2019, 09:54:10 AM
- do you sell our datas or other things to netdata, why you automatically install this shit to my server?

- after this, how can i be sure you dont install any other applications to my server (botnet? cyrpto miners?)

I do not trust you and cwp anymore, i sure that i will delete cwp from my server.

Title: Re: How do I get rid of Netdata?
Post by: xelavalle on April 14, 2019, 01:35:31 PM
I confirm that Netdata was installed automatically without asking for confirmation of any kind when clicking just for curiosity in the menu CWP -> Graphs -> Netdata. And it does not show any option to uninstall it.
The worst thing is that it is showing ALL users of the server, folders, permissions, routes, resources, EVERYTHING through the URL http: // IP-SERVER: 19999 /
Since the server was installed this heavier, slower, and NetData consumes more resources than everything else on the server, now I understand, I must have all the hackers and robberies of the world stuck on port 19999 stealing my information  :'(.
It is URGENT that they disable NetData until they place more security and it is a service only accessible by the administrator of the server, and REPORT first and ask for confirmation for its installation.  >:( >:( >:(

----------------------------------------------------------------------------------------------

Confirmo que Netdata  se instaló automáticamente sin pedir confirmación de ningún tipo al dar clic  por mera curiosidad en el menú  CWP -> Graphs -> Netdata. Y  no muestra ninguna opción para desinstalarlo.
Lo peor es que está mostrando a TODO EL MUNDO  de forma totalmente abierta los usuarios del servidor, las carpetas, los permisos, las rutas, los recursos, TODO a través de la url http://IP-SERVER:19999/
Desde que se instaló el servidor esta más pesado, más lento, y NetData consume más recursos que todo lo demás del servidor, ahora entiendo, debo tener a todos los hacker y robos del mundo pegado en el puerto 19999 robándose mi información  :'(.
Es URGENTE que desabiliten NetData hasta que le coloquen más seguridad y sea un servicio solo accesible por el administrador del servidor, e INFORMEN primero y pidan confirmación para su instalación.  >:( >:( >:( >:(
Title: Re: How do I get rid of Netdata?
Post by: puterfixer on April 20, 2019, 08:54:37 AM
So? Any official reply on this?

Meanwhile I looked at other impact of Netdata on my system, during the 2 weeks period in which it was running.
was installed, peaks would occur multiple times per day, in the range of 1,3-2,3.

So why tf would anyone be running such a resource-intensive monitoring app, especially without being told that it is being enforced on their systems?
Title: Re: How do I get rid of Netdata?
Post by: studio4host on April 21, 2019, 05:09:36 PM
it's installed only when you click on it so nobody is forcing netdata to be installed, also you have uninstaller which was mentioned several times in other topics.
Title: Re: How do I get rid of Netdata?
Post by: adamjedgar on April 21, 2019, 08:59:09 PM
What about just closing the port?

I have port 19999 closed from my vps service peovider network firewall (outside cwp control) and netdata is not able to be reached from outside on thus port even if it was installed.

From what I read on security vulnerabilities websites, I think you are overreacting to this btw.
Title: Re: How do I get rid of Netdata?
Post by: puterfixer on April 22, 2019, 11:15:34 AM
it's installed only when you click on it so nobody is forcing netdata to be installed, also you have uninstaller which was mentioned several times in other topics.

#1: it doesn't say anywhere that, by clicking the link, a package will be installed.

#2: the uninstaller removes it, but then the nightly CRON job which updates CWP packages installs it again. Am I supposed to make a CRON job to uninstall it every day?

Please don't bother answering if you can't provide a meaningful, valuable information which addresses the topic.
Title: Re: How do I get rid of Netdata?
Post by: adamjedgar on April 22, 2019, 08:13:01 PM
Just close port 1999 at your vps service provider network firewall.

Cwp can't interact with that firewall and netdata external access is then blocked.

I gave you a meaningful workaround and you ignored it...Just close the damn port!

Title: Re: How do I get rid of Netdata?
Post by: ejsolutions on April 24, 2019, 02:05:10 PM
I have to agree with others here.

It IS a violation of the VPS to have this surreptitious script-kiddie software installed on ANY VPS.
It is utter crap and has no place on a secured server.

Netdata, once "removed" shouldn't even be shown on the GUI.
Explain how the database password isn't even set during install. I've had to remove the db user manually.
30+ years in IT and seen some crazy stuff and this is up there with them.

Let's have an integrated munin solution instead - there's no sneaky connections to external sites whatsoever; the admin is in control.
Title: Re: How do I get rid of Netdata?
Post by: netorigin on April 24, 2019, 06:36:13 PM
Agreed, this should never be installed on a live deployment server!
Title: Re: How do I get rid of Netdata?
Post by: adamjedgar on April 24, 2019, 09:58:06 PM
but even if it is...just dont open port 19999. If one is running a VPS, one can block that both on the VPS itself, or via the service providers network firewall (which is outside the control of CWP). Its not rocket science.
Title: Re: How do I get rid of Netdata?
Post by: hugaagogo on April 25, 2019, 10:19:19 AM
i dont want to share all my website secrets/stats and informations to netdata inc. stop selling our datas! stop installing 3party spywares to our servers !

i dont have time to delete/change your spyware-centoswebpanel right now.

stop automatically installing spywares on every night update, this is 3. times.
i'm uninstalling it for the third time, and you re automatically install and start it again at every night !!!
Title: Re: How do I get rid of Netdata?
Post by: puterfixer on May 03, 2019, 06:33:11 AM
@adamjedgar so let me get this straight, if someone brings a cat in your house and the cat starts sh*tting all over the place, by your logic the "solution" would be to ask your landlord to protect your furniture in plastic foil so that the cat doesn't make a mess? Because by my logic, the f*ing cat shouldn't be in the house to begin with.

And as a principle I don't want to need to react on stuff that happens on my physical server, and ask third parties to put protections AROUND it, just because CWP decided to force me to swallow the crap it has installed on my server.

Also, why the assumption that I use CWP on a VPS? I don't. I should be able to control my own server without requiring my host's firewall. If you consider otherwise, you need a reality check on your understanding of control, privacy, ownership and security.
Title: Re: How do I get rid of Netdata?
Post by: ejsolutions on May 03, 2019, 11:24:15 PM
There really is no reason to use this.
Reminds me of Attracta and cPanel but this is much worse.