Messages

1

Updates / Re: ..no dir...

« on: October 22, 2025, 06:55:00 AM »

Run:

Code: [Select]

depmod -a
Should take scare of the notification.

Should take scare of the notification. - ?!?

2

Other / Re: Nginx Varnish Apache php-fpm 403 Forbidden

« on: October 21, 2025, 06:36:29 PM »

First look to opcache + Redis to speed up WP sites:
https://blog.alphagnu.com/speedup-wordpress-decrease-server-load-redis-cache-cwp-centos-webpanel/

Hi,

Redis Object cache or W3 Total Cache?

BR
Venty

3

Updates / Re: ..no dir...

« on: October 21, 2025, 05:22:07 PM »

Do you have Rocky or AL 9.6 installed?

Are you doing BIOS or UEFI boot?

Hi,

the installation is AL 9.6...

BR
Venty

4

Updates / Re: ..no dir...

« on: October 20, 2025, 06:43:11 AM »

I don't see that error on AL8. You could try setting install_weak_deps=False in /etc/dnf/dnf.conf

https://prnt.sc/Bu91kkLy-Aij   

5

Updates / Re: ..no dir...

« on: October 19, 2025, 10:42:21 AM »

There is nothing at your link that display's 

Updates usually happen around 0300, and don't show in the control panel while they are updating.

Did you do this update manually, because even that just give a spinning circle, then you have to manually restart the cpwsrv service.

Hi,

sorry, this is the image...:
https://prnt.sc/7BlUhvTLOoBl

...several times when updating I get this...

BR
Venty

6

Updates / ..no dir...

« on: October 18, 2025, 04:13:43 PM »

Hi,

during the last update via the CVP the following part is received:
https://prnt.sc/s-YC2zPIZkIF
which is part of the whole message.. .Other updates go through without problems...

BR
Venty

7

CSF Firewall / csf: v14.24, do I need to update it?

« on: September 02, 2025, 08:14:08 AM »

Hi,

I am currently using csf: v14.24, do I need to update it?

These days I received the following message in my email:

Subject: Cron <root@hosting> /usr/sbin/csf -u
Message: Oops: Unable to download: Can't connect to download2.configserver.com:443 (Connection refused)

What should I do?

Thanks in advance!

BR
Venty

8

Mod_Security / Re: OWASP CRS v4.15.0 Just Release

« on: September 01, 2025, 05:49:54 PM »

If you're calling it with an "Include" line as with Starburst's configuration, it will be utilized by Mod Security. But the GUI in CWP will be editing a different file:
/usr/local/apache/modsecurity-owasp-old/global_disabled_rules.conf
So you may want to Include that one specifically/additionally as well.

I didn't understand it... "Include" - in which file?

9

Mod_Security / Re: OWASP CRS v4.15.0 Just Release

« on: September 01, 2025, 04:58:11 PM »

Someone has to include 2 very critical details on these guides:

1) the CWP admin dashboard "Global Disabled Rules" file is NOT the same with the one that our customized mod_security is currently using.

No edit on that file will work. The user has to add/remove rules on the new global_disabled.conf under the newly created folder.

--------------------------------------------------------------------------
I hope this helps.

Hi,

for me the file global_disabled_rules.conf is in the folder:

usr/local/apache/ modsecurity-rules/custom-rules/before

and it also doesn't work?

10

DKIM / DKIM is marked yellow "INVALID"...

« on: August 12, 2025, 06:41:46 AM »

Please help, I have a CWP server (AL 9.6) installed, with one user who manages several domains...

I have followed all the instructions given here for setting up DKIM, all domains have a DKIM record, but when I go to the Email - DKIM Manager menu in the list where the domains are selected in the DKIM records column, all are marked green, only the domain that is associated with the user is marked yellow "INVALID"...
This domain is with the Internet provider where the server is located, in the DNS he has set a DKIM record, which I have also set in the domain settings, the two match - checked, all mail services have been restarted, but again the mark for this domain is yellow "INVALID"...

I also tested with a mail checker, for all other domains DKIM works and is recognized, for this domain it is again unrecognized...

Please advise, what should I check or do?

BR
Venty

11

Mod_Security / Re: WordPress or WooCommerce, have a conflict with the OWASP CRS v4.16.0

« on: July 25, 2025, 08:27:48 AM »

There is more than 1 global_disabled_rules.conf file in the mix.

It depends how you set your modsec up (eg: which one is it pointed to).

Hi,

I basically use the following recommendations from @Starburst:

https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/recommended-ruleset-paths-running-cwp-and-apache-on-almalinux-8-9/

https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-owasp-crs-ruleset-to-4-16-0-running-cwp-and-apache-on-almalinux-8-9/

https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-modsecurity-to-2-9-11-running-cwp-and-apache-on-almalinux-8-9/

Again, according to his instructions, I placed the global_disabled_rules.conf file in a "before" folder and supposedly I have an entry for the folder to read *.conf

└── custom-rules
├── startup
├── before
└── after

How can I check if this is happening and the global_disabled_rules.conf file is being read from there?

BR
Venty

12

Mod_Security / Re: WordPress or WooCommerce, have a conflict with the OWASP CRS v4.16.0

« on: July 24, 2025, 08:31:07 AM »

Hi,

When I put the following rules 941100, 949110, 980170 and 932235 in the file global_disabled_rules.conf, which is located in the folder /usr/local/apache/modsecurity-rules/custom-rules/before/ they are not removed ...

When I add the same rules via CWP UI / Security/Mod Security / Domains tab / Edit rules on required domain... then they are removed and the administrative panel of the site, which is on the WordPress works...

Why does this happen, isn't the file global_disabled_rules.conf for disabling the rules for all domains?

BR
Venty

13

Mod_Security / Re: WordPress or WooCommerce, have a conflict with the OWASP CRS v4.16.0

« on: July 23, 2025, 08:33:21 PM »

I'm wondering if this isn't a plugin conflict wit the OWASP rules.

We run WordPress, and haven't had any problems mentioned.

Hi,

I think it's exactly like that, but not from a plugin, but rather from the theme...

I tested from different IPs, but the result I see in the error logs is the same - the same rule IDs that block several PHP files related to the AVIA editor that the theme uses...

In addition, I received messages that the IP I was using was blocked - Blocked: Permanent Block [LF_MODSEC] (IP match in csf.allow, block may not work)...
1. Now, I read that the rules starting with 980 and 949 should not be excluded entirely, maybe there is an option to set mod_security not to block the AVIA editor files and IPs?
2. IP match in csf.allow, but I assume this does not prevent me from setting rules for this IP so that it is not blocked?

BR
Venty

14

Mod_Security / Re: WordPress or WooCommerce, have a conflict with the OWASP CRS v4.16.0

« on: July 23, 2025, 02:09:18 PM »

Hi,

I checked the error logs again, tested with ОWASP CRS version 4.15.0 and ОWASP CRS version 4.16.0, mod_security version 2.9.11 and again found that rules with identifiers 980170, 949110, 930130 and 932235 are the ones that block.

- ОWASP CRS version 4.15.0 blocks stop work in the WordPress panel and theme settings...
- OWASP CRS version 4.16.0 - error 403...
When disabling mod_security  - everything works normally...

I set them in global_disabled_rules.conf, but again the services are blocked...

I also noticed that the rule with ID 980170 appears very often in the error logs...

1. What should I do in this case?
2. Is it correct to enter the rule with ID 980170 in global_disabled_rules.conf ?
3. How can I reliably verify that global_disabled_rules.conf is working?

BR
Venty

15

PHP / Re: Difference in the php views...

« on: July 16, 2025, 09:12:06 AM »

The main php version from the CLI that you have set used by PHP Switcher is called for php info on your first case. The display is typical for a 7.x version -- CWP renders it using their stylesheet so it matches the rest of the panel. But if you have an 8.x or later, it will call the normal php.info and display it in that space.

Hi,

Thank you very much for the answer, but I updated it to a higher version of PHP - 8.1.32, and the display is the same...
I found that when I select menu PHP Settings/PHP info in the error logs, I have the following entries:

[Wed Jul 16 09:24:02.156951 2025] [security2:error] [pid 57264:tid 57296] [client 80.100.247.29:57842] ModSecurity: Warning. Unconditional match in SecAction. [file "/usr/local/apache/modsecurity-rules/owasp-crs/coreruleset-4.15.0/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=8, detection=8, per_pl=8-0-0-0, threshold=5) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=4) - (SQLI=0, XSS=0, RFI=0, LFI=0, RCE=0, PHPI=5, HTTP=0, SESS=0, COMBINED_SCORE=8)"] [ver "OWASP_CRS/4.15.0"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "80.100.247.29"] [uri "/phpinfo.php"] [unique_id "aHdFgh8PEqQ3cHJu45Rg6gAAAIM"]
[Wed Jul 16 09:24:02.156739 2025] [security2:error] [pid 57264:tid 57296] [client 80.100.247.29:57842] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/local/apache/modsecurity-rules/owasp-crs/coreruleset-4.15.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: "] [ver "OWASP_CRS/4.15.0"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "80.100.247.29"] [uri "/phpinfo.php"] [unique_id "aHdFgh8PEqQ3cHJu45Rg6gAAAIM"]
[Wed Jul 16 09:24:02.156378 2025] [security2:error] [pid 57264:tid 57296] [client 80.100.247.29:57842] ModSecurity: Warning. Matched phrase "phpinfo" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-rules/owasp-crs/coreruleset-4.15.0/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "339"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: phpinfo found within REQUEST_FILENAME: /phpinfo.php"] [severity "CRITICAL"] [ver "OWASP_CRS/4.15.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-PHP"] [tag "capec/1000/152/242"] [hostname "80.100.247.29"] [uri "/phpinfo.php"] [unique_id "aHdFgh8PEqQ3cHJu45Rg6gAAAIM"]
[Wed Jul 16 09:24:02.155614 2025] [security2:error] [pid 57264:tid 57296] [client 80.100.247.29:57842] ModSecurity: Warning. Pattern match "(?:^([\\\\d.]+|\\\\[[\\\\da-f:]+\\\\]|[\\\\da-f:]+)(:[\\\\d]+)?$)" at REQUEST_HEADERS:Host. [file "/usr/local/apache/modsecurity-rules/owasp-crs/coreruleset-4.15.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "730"] [id "920350"] [msg "Host header is a numeric IP address"] [data "78.108.247.29"] [severity "WARNING"] [ver "OWASP_CRS/4.15.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "80.100.247.29"] [uri "/phpinfo.php"] [unique_id "aHdFgh8PEqQ3cHJu45Rg6gAAAIM"]


I added the IDs to global_disabled_rules.conf, but when I select menu PHP Settings/PHP info, the display is the same and the entries appear again...

What should I do?

BR
Venty