Messages

1

Updates / Re: ..no dir...

« on: October 18, 2025, 08:54:05 PM »

There is nothing at your link that display's 

Updates usually happen around 0300, and don't show in the control panel while they are updating.

Did you do this update manually, because even that just give a spinning circle, then you have to manually restart the cpwsrv service.

2

Installation / Re: install cwp panel rocky linux

« on: October 18, 2025, 08:51:10 PM »

Rocky Linux is still missing some libraries.

The recommended version for CWP is AlmaLinux 8 or 9.

If you don't need PHP below 7.4 or migrate sites, or limit user resources (storage, cpu, etc.) then AL9 is the best.

3

CSF Firewall / Re: Firewall off in cwp panel

« on: October 18, 2025, 08:48:28 PM »

That's what we run.

Usually once you start it & enable it via the CLI, and maybe reboot, CWP will see it running.

All CWP is doing in the background is running

Code: [Select]

systemctl status csfAnd then displaying On/Off

4

CentOS 9 Problems / Re: monit with AL9

« on: October 18, 2025, 08:46:05 PM »

I hate that program, and I hate that CWP forces you to install it.

I usually install it, disable it from ever starting again.

Would recommend a 3rd party solution, but you mentioned you only have the 1 server.

5

CSF Firewall / Re: Configserver down?

« on: October 16, 2025, 08:14:35 PM »

Related this guide: https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/csf-firewall-gplv3-release-tweaked-for-cwp/

 https://dl.starburst.help/configserver-scripts/csf.tgz
generate 404 error

Thanks for letting me know.
It's been fixed, missed that when I switched the site to a new server. 

All working now.

6

CSF Firewall / Re: Firewall off in cwp panel

« on: October 16, 2025, 07:56:07 PM »

What OS are you running on the server?

7

Mod_Security / Re: OWASP Latest

« on: October 15, 2025, 09:59:39 PM »

Ok. Same for Almalinux 8? I just saw the Alma9 in the link.

Yes, it is the same for AL8.

8

Mod_Security / Re: OWASP Latest

« on: October 15, 2025, 08:24:40 PM »

@overseer post the 2 links you need to follow.
It's mostly cut & paste in the CLI.

9

Mod_Security / Re: OWASP Latest

« on: October 15, 2025, 07:12:45 PM »

Comodo WAF has been dead for over a year now.

OWASP doesn't automatically update, even though it says it does.
The ModSecurity version installed by default by CWP is 2.9.6 and is incompatible with the new OWASP CRS rulesets.

10

CSF Firewall / Re: Firewall off in cwp panel

« on: October 14, 2025, 05:50:55 PM »

SSH into the server, and from the CLI:

csf -e, if working you should see what you are "csf and lfd are not disabled!"
That's a good thing.

Then run:

Code: [Select]

systemctl start csf

Code: [Select]

systemctl start lfd

Code: [Select]

systemctl enable csf

Code: [Select]

systemctl enable lfd
Some system are weird.

Log back into CWP, and it should show as 'On' now.

11

DKIM / Re: I'm a bit lost

« on: October 14, 2025, 05:48:14 PM »

There is another file to check, opendkim.conf

Also some installation are missing opendkim & opendkim-tools, so you want to make sure they are installed and enabled.

If you are running AL9, see:
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/dkim-not-working-on-almalinux-9-with-cwp/

12

CentOS 8 Problems / Re: packages update error AlmaLinux 8

« on: October 11, 2025, 02:01:54 PM »

@overseer

Please reframe posting any of our help or articles in the furture when 'djprmf' is helping in a thread, that user made it clear our help and knowledge is not wanted by other users...

13

CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ

« on: October 10, 2025, 06:07:58 AM »

I have not posted False or Mis-information.
Your post doesn't even make sense.

And all here know that I know what I'm talking about from my posts.

So just insulting me and others here hasn't made you any friends and lost you any support.

Unlike yourself.

I'm guessing your some kid or tween who just wants to come on the forums, post your BS mis-information, and argue with everyone.

So FOCUS...

14

Information / Re: Is CWP still maintained?

« on: October 09, 2025, 01:28:05 PM »

Then, by your logic, we should blame the creators of the binary... because they created this digital thing.
Or we should blame the creators of guns... not who use them and for what...

You don't really see how your logic makes no sense?

I'm placing blame where is belongs - with PHP...

The flaw stems from unsafe handling of the id parameter, which is passed directly into PHP’s unserialize() function without validation.
Attackers can supply malicious serialized PHP objects that trigger arbitrary command execution via system().

So are all the CVE's of this PHP vulnerability.

Servers that where correctly secured where not affected.

15

Information / Re: Is CWP still maintained?

« on: October 09, 2025, 01:26:03 PM »

Here is the fix to apply to your php.ini

The flaw stems from unsafe handling of the id parameter, which is passed directly into PHP’s unserialize() function without validation.
Attackers can supply malicious serialized PHP objects that trigger arbitrary command execution via system().

This is also blocked by ModSecurity and the OWASP CRS ruleset when correctly configured.