Control Web Panel
WebPanel => Information => Topic started by: tshetumd on April 18, 2016, 07:52:53 AM
-
My cwp webserver is getting hacked , can somebody guide me to make it more secure. Thanks
-
Hello.
If your PHP scripts have a "holes" you can use "File System Lock" from CWP.User . This will help.
But if the root password was compromised, nothing help. Reinstall OS only.
-
change ports for cwp and ssh, disable pure ftp if you're not using it. rebuild Apache to latest 2.2.31. use csf and Nginx reverse proxy.
-
Thanks for the reply. I meant the some of the websites especially designed using wordpress are getting hacked. I am using csf but I don't know much about Ngnix.
Regards,
-
nginx is more secure than apache use it as reverse proxy to handle all your legit traffic. most threats and ddos are stopped by nginx
WordPress sites are getting hacked mainly for outdated themes and plugins else the platform is secure
-
Thanks for the reply. Could you please guide me how to configure nginx .
Regards,
-
Go to apache > web server > select apache + nginx
After installing nginx the installation will ask u to rebuild vhost.
-
Thanks for the help
-
Dear Sandeep,
Do you have any idea about using letsencrpyt with CWP.
Regards,
-
I did play around with the letsencrypt SSL few days ago, taking me quite some times to get it installed.
First, you must make sure you have at least the Python v2.7.x or above, and also the virtualenv installed.
Install the letsencrypt.
cd /root
git clone https://github.com/letsencrypt/letsencrypt10
cd letsencrypt
./letsencrypt-auto
And if you get the following error, please refer to the link, https://www.digitalocean.com/community/tutorials/how-to-set-up-python-2-7-6-and-3-3-3-on-centos-6-4, to get the virtualenv installed.
virtualenv: command not found
In fact, I still got the error (not virtualenv error, could not remember thou) when running ./letsencrypt-auto command. So, I did in manual method to generate the SSL.
./letsencrypt-auto certonly --webroot -w /home/your_domain/public_html -d your_domain.com -d www.your_domain.com
Then, copy the SSL into /etc/pki/tls directory.
cp -f /etc/letsencrypt/live/your_domain/cert.pem /etc/pki/tls/certs/your_domain.cert
cp -f /etc/letsencrypt/live/your_domain/fullchain.pem /etc/pki/tls/certs/your_domain.bundle
cp -f /etc/letsencrypt/live/your_domain/privkey.pem /etc/pki/tls/certs/your_domain.key
At your CWP, go to Apache settings >> SSL cert manager, on your right hand side form, choose the cert, user & enter your domain; then install SSL. Done.
Note: Make sure you have the 443 port open in firewall & listen to port 443.
You may test the score of SSL cert at https://www.ssllabs.com/ssltest.
At the beginning, I got the score C and after did some researches, I added the following lines onto this file /usr/local/apache/conf.d/vhosts-ssl.conf.
....
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS"
....
Restart the apache.
I got the score A now. ;D Hope this guide will help you. Cheer.
-
follow the guide posted above by infinitech07
-
Thank you for your insparing posts. I created an account such as cp.domain.com and followed all steps.
Now, ssl works great but i cannot reach the cwp via 2031 port.
You can check the links below;
- https://cp.domain.com:2031/ (ERR_SSL_PROTOCOL_ERROR)
- http://cp.domain.com:2031/ (NON-SECURE CONNECTION)
- http://cp.domain.com:2030/ (ANOTHER NON-SECURE CONNECTION)
My purpose to provide secure connection to cwp. Could you help me to solve this?
-
access
your server ip:2031
eg :
192.168.0.1:2031
-
https://123.123.123.123:2031 :'( same result
I want to use a secure connection. Because of this, i created cp.domain.com account and ssl for that domain.
Let's Encyript SSL works on cp.domain.com quite well.
-
check the port in this file : cwp-ssl.conf it must be 2031 not 2030 or any
Location :
/usr/local/cwpsrv/conf.d/cwp-ssl.conf
-
This is my ssl configuration for cwp
Listen 2031
<VirtualHost cp.domain.com:2031>
ServerName cp.domain.com
SSLEngine on
SSLCertificateKeyFile /etc/pki/tls/certs/cp.domain.com.key
SSLCertificateFile /etc/pki/tls/certs/cp.domain.com.cert
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
By the way, 2030 and 2031 ports are work without ssl (via http)
-
their is no virtual entry for your server ip create one
with your server ip:2031
and with certs
-
My cwp webserver is getting hacked , can somebody guide me to make it more secure. Thanks
Also install maldet together (for speeding the scan up with clamscan) see https://www.rfxn.com/projects/linux-malware-detect/
and schedule a regular scan through cron.
It can help you find malware . It does not find everything but can be helpful.
(edit) I believe clamscan is already installed on CWP panels.
-
their is no virtual entry for your server ip create one
with your server ip:2031
and with certs
I changed cp.domain.com to the private ip (not the public ip).
It's work great! Thank you.
-
I have installed letsencrypt on cwp and here is my /usr/local/apache/conf.d/vhosts-ssl.conf
ServerName tshetum.bt
ServerAlias www.tshetum.bt
DocumentRoot /home/tshetumb/public_html
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/tshetum.bt.cert
SSLCertificateKeyFile /etc/pki/tls/private/tshetum.bt.key
SSLCertificateChainFile /etc/pki/tls/certs/tshetum.bt.bundle
<IfModule mod_suexec.c>
SuexecUserGroup tshetumb tshetumb
</IfModule>
<IfModule mod_suphp.c>
suPHP_UserGroup tshetumb tshetumb
suPHP_ConfigPath /home/tshetumb
</IfModule>
<Directory "/home/tshetumb/public_html">
AllowOverride All
</Directory>
And when I open my domain as https://tshetum.bt , its not working , please help
Thanks
-
add Port : listen 443
add the ip :
<VirtualHost x.x.x.x:443>
-
i did that too...
# vhost_start tshetum.bt
<VirtualHost 202.144.128.217:443>
-
Hello.
Try to add
Listen 443
NameVirtualHost 202.144.128.217:443
-
Thanks, it worked ..
-
I am getting following while restarting the mysql, please help me :
Warning: Error while sending SET_OPTION packet. PID=1229 in /usr/local/cwpsrv/htdocs/resources/admin/include/functions.php(1) : eval()'d code(1) : eval()'d code on line 5
MySQL server has gone away
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/cwpsrv/htdocs/resources/admin/include/functions.php(1) : eval()'d code(1) : eval()'d code on line 5
Thanks
-
what version of mysql you're running ?
-
mysql version is 5.1.73
and moreover I am getting following error while using mod Security :
Forbidden
You don't have permission to access /phpMyAdmin/import.php on this server.
-
do you know about mariadb ?
Mariadb have all the functions of mysql and easy to manage as mysql commands
ModSecurity :
check the error log file and white list the ID
-
yes i did hear but i didn't use so far.
can you guide me how go about the mod security white listing .
Thanks
-
when you're restarting mysql from cwp GUI then the error code is normal just ignore it
Modsecurity :
http://forum.centos-webpanel.com/mod_security/mod_security-config/
-
Is there any option to unzip the zip files in cwp under user account?
Regards,
-
enable shell access for the user account
or you can install extplorer :
https://extplorer.net/files
-
Thanks, but there is no way to unzip from the GUI?
and one more query how display php warnings, errors in CWP ?
Regards,
-
you can do that from php.ini
serch for this :
display_errors = on
or try using this to ur php.ini :
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
-
Sorry I meant how to disable the php errors and warning ? I did set display_error = off ? or is there anything to do with mod_security ?
Thanks
-
you need to set display_error to on
-
Sorry I meant how to disable the php errors and warning ? I did set display_error = off ? or is there anything to do with mod_security ?
-
to off you change "on" to "off"
mod_security is only for security
Some applications may require you to disable mod_security for them to function correctly
-
Thanks ...
-
Disk quota for users are showing 0/0 irrespective of their usage, I have checked /etc/fstab everything seems fine. Please help me to sort out.
Thanks
-
I already replied.
-
Disk quota usage for users are not showing irrespective of their usage. Please help.
Regards,
-
openvz, KVM xen ???
if you're using openvz ask your hosting provider
-
Dear Sandeep,
We are using default, I mean what is there in CWP( We have configured CWP server and hosted many websites , but none of their quota are displaying i,e User Accounts -> User quota )
Regards,
-
search this forum and wiki, you'll get the solution.
Openvz need to configured by backend i.e. by the provider.
-
its KVM.
Thanks
-
I am using DKIM but there isn't anything under DKIM & SPF Manager and drop down list against file /var/named/ is empty . Please help.
Thanks
-
Not able to add DKIM Key against any domain from CWP web portal .
Regards,
-
Dear Sandeep,
Do you have any idea on the above problem?
Regards,
-
Dear Sandeep,
Do you have any idea on the above problem?
Regards,
did you VPS is rectified by support team ?
-
Dear Sandeep,
Do you have any idea on the above problem?
Regards,
did you VPS is rectified by support team ?
Which support team?
Thanks
-
did you rebuild DKIM and restart all mail services ?
-
did you rebuild DKIM and restart all mail services ?
Yes I did.
Thanks
-
mysql version is 5.1.73
and moreover I am getting following error while using mod Security :
Forbidden
You don't have permission to access /phpMyAdmin/import.php on this server.
You need to whitelist your desktop ip address in the mod configuration file.
-
mysql version is 5.1.73
and moreover I am getting following error while using mod Security :
Forbidden
You don't have permission to access /phpMyAdmin/import.php on this server.
You need to add your ip address to mod security configuration file like this
SecRule REMOTE_ADDR "@ipMatch 71.49.29.142" "id:26091975,phase:2,pass,nolog,allow,ctl:ruleEngine=Off"