Messages

1

FTP / Re: ftp fails to list unless ip manually whitelisted in firewall

« on: March 05, 2021, 02:04:46 PM »

FTP doesn't just use a single port (e.g. 2248 in your example), it uses this port only for sending commands to the server. The actual data is sent and received over a range of separate ports. That's what you set via PassivePortRange. However, you cannot use the same port for the data and for the commands. So use something like this instread:
PassivePortRange as 30000 35000

Then you also need to allow this same port range (30000-35000) as incoming TCP ports in your firewall. This is not a security risk, the FTP server will open a port in this range just for the transfer, send or receive the data, and then close the port.

2

CentOS 7 Problems / Re: Installation of PHP 7.4 fail with Version Switcher (Centos 8)

« on: December 20, 2020, 10:53:27 AM »

According to the log, the program re2c is not installed. Try installing it via cwp terminal:
yum install -y re2c

3

CentOS 7 Problems / Re: Too many system updates

« on: November 25, 2020, 04:43:18 PM »

These system updates are provided by Centos and not by CWP. They are regular Linux security updates, and usually don't cause any problems.

Here is what I do when I get such a notification:
1. Wait at least one day, so updates causing major problems could be revoked/replaced
2. I run a copy of Centos 7 with CWP in Virtualbox in addition to my live server. This way I can install and test updates in there before I have to apply them to my main server. Sadly I can only use CentOS Web Panel free in Virtualbox because it's not reachable from the Internet.
3. After updating, I run the following command from a terminal:
needs-restarting -r
to check whether one of the updates requires a reboot. If necessary, I restart the system via Centos Web Panel.
4. I test all the services I normally use in the virtual machine.
5. Once I'm sure the updates have no negative side effect, I apply them also to my main server.

Btw, I have already tested and applied these new updates.

4

Information / Re: CWP Secure CentOS Kernel

« on: October 21, 2020, 02:36:23 PM »

Is there a way to remove this warning? I'm the only user of this VPS running CWP, but I run multiple domains which I admin via CWP. I don't have any needs for a secure kernel.

5

Updates / Re: Updating Apache to current version?

« on: October 09, 2020, 01:56:52 PM »

Just a small notification that 2.4.46 is available now via:
WebServer Settings- Apache Re-Build.

I have just installed it and it seems to work fine.
Thanks!

6

Updates / Updating Apache to current version?

« on: August 27, 2020, 08:36:28 AM »

Currently CWP is offering Apache 2.4.41 on the page "Apache Re-Build", which has been released more than a year ago on August 14, 2019.

I'm worried about security flaws in such an old Apache version, there have been a lot of security updates since then:
https://www.apachelounge.com/Changelog-2.4.html

Is there a way to install a newer Apache manually without damaging the rest of CWP?

7

E-Mail / postfix fails to start after yesterday's update

« on: February 20, 2020, 09:43:07 AM »

Hi!

After yesterday's update:
postfix.x86_64    2:3.4.7-1.el7    cwp

Postfix fails to start here:

/bin/systemctl start postfix.service
Job for postfix.service failed because the control process exited with error code. See "systemctl status postfix.service" and "journalctl -xe" for details.

systemctl status postfix.service returns the following two errors:

Unable to create missing queue directories
Postfix integrity check failed!

After a rollback of the last yum update, it works again. Rollback via:
yum history
then check what the newest ID is, and then
yum history undo <ID>

This returned to postfix-2.10.1-7.el7.x86_64, which is quite a big version jump.
I guess that Postfix 3.4.7 requires a different configuration than Postfix-2.10.1.

Any ideas how to find out what's going wrong? The logs don't tell me what queue directories couldn't be created.

Here are the changes I made to the default postfix configuration to use procmail to filter and deliver mails:

yum install procmail
chmod g+s /usr/bin/procmail
nano /etc/postfix/main.cf
Change virtual_transport = dovecot to:
virtual_transport = virtualprocmail:dummy
virtualprocmail_destination_recipient_limit = 1

nano /etc/postfix/master.cf
#
# procmail LDA
virtualprocmail unix - n n - - pipe flags=DRXhuq user=redacteduser
  argv=/usr/bin/procmail -m E_SENDER=$sender E_RECIPIENT=$recipient ER_USER=$user ER_DOMAIN=$domain ER_DETAIL=$extension NEXTHOP=$nexthop /etc/procmailrc

nano /etc/procmailrc
SHELL=/bin/bash
LOGFILE=/var/log/procmail.log
DEFAULT=/var/vmail/${ER_DOMAIN}/${ER_USER}
MAILDIR=/var/vmail/${ER_DOMAIN}/${ER_USER}
DELIVER="/usr/lib/dovecot/deliver -d $LOGNAME"
INCLUDERC=/home/redacteduser/.procmailrc
:0 w
| $DELIVER
HOST=end_of_processing

nano /etc/postfix/virtual
support@redacted.com redacteduser

service postfix restart

8

CentOS-WebPanel GUI / Re: Does "CWPpro Terminal" work for you?

« on: July 16, 2019, 09:38:35 AM »

I have a valid Hostname with A record DNS and ssl, and the normal CWPro admin panel shows up just fine. The "CWPpro Terminal" loads without any error messages, but the page is blank with a white square the size of a single character in the upper left.

9

CentOS-WebPanel GUI / Re: Does "CWPpro Terminal" work for you?

« on: July 15, 2019, 10:24:03 AM »

1c) I have now also tried with Internet Explorer 11: The "CWPpro Terminal" doesn't work either. The "SSH Java console" fails to launch due to an invalid signature of the applet jcterm-0.0.10.jar located at
admin/design/3rdparty/sshterm/jcterm-0.0.10.jar.

jarsigner.exe -verify jzlib-1.1.1.jar reports:

Warning:
This jar contains entries whose signer certificate has expired.
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2014-07-18) or after any future revocation date.

10

CentOS-WebPanel GUI / Re: Does "CWPpro Terminal" work for you?

« on: July 15, 2019, 07:54:19 AM »

I wonder what are the requirements for "CWPpro Terminal":

1. Does it require Java? I ask because there is a menu entry in "Service SSH" named "SSH Java Console", and it doesn't work either. To my knowledge, modern browsers no longer support Java. Here is a test page:
https://java.com/en/download/installed.jsp
a) In Firefox, I get "We have detected you are using the 64-bit version of Firefox which will not run the Java plugin."
b) In Chrome I get "The Chrome browser does not support NPAPI plug-ins and therefore will not run all Java content. Switch to a different browser".

2. Does it matter that I changed my SSH port (due to the many hacking attempts to port 22)? The "SSH Java Console" page allows to set the port and correctly shows the one I use, though.

11

CentOS-WebPanel GUI / Re: Does "CWPpro Terminal" work for you?

« on: July 14, 2019, 10:16:59 AM »

Well, I have waited for an hour now after entering user name and password, but nothing happened. I used user "root" for login. I also tried a non-root user, but then I got an error.

12

CentOS-WebPanel GUI / Does "CWPpro Terminal" work for you?

« on: July 12, 2019, 10:26:45 AM »

When I click on the "Terminal" button at the top in CWP Pro (paid version), I get a submenu with two options:
"Simple Terminal"
"CWPpro Terminal"

"Simple Terminal" opens a terminal just fine in a new tab, without asking again for the password. However,
"CWPpro Terminal" doesn't seem to work with Chrome or Firefox:
- it asks again for the user name and password
- once I enter them, I get a black screen with a tiny (about one character) white square in the upper left corner

I have tried disabling Noscript on that tab, but that didn't make any difference.

Maybe I need to install some additional packages via yum to make this work?

13

Updates / Re: Checking for new Apache or PHP versions via command line?

« on: April 08, 2019, 04:32:46 PM »

Interesting, I just got this update via Yum manager:
cwp-httpd.x86_64    2.4.39-1    cwp

After installing, the page "WebServer settings" - "Apache rebuild" shows:
Server version: Apache/2.4.39 (Unix)
Server built:   Apr  5 2019 10:19:42

Although 2.4.39 isn't even available under "Select NEW Apache version:".
So at least we got the security update now, thanks CWP support!

14

Updates / Re: Checking for new Apache or PHP versions via command line?

« on: April 04, 2019, 09:33:16 AM »

Hi!

Do you think it could be done via a paid custom module, e.g. a module which sends an e-mail when a new Apache build is available?

Chris

15

Updates / Checking for new Apache or PHP versions via command line?

« on: March 19, 2019, 02:03:18 PM »

Is there a command to check whether there is an update of Apache and/or PHP available in CWP?

Apache:
Currently I have to go to CWPro Admin - WebServer settings - Apache Re-Build, and open the combobox there to check whether these is a new Apache version. The latest Apache is 2.3.38 since January, but CWPro only has 2.3.37 - I'm a bit concerned about security.

PHP:
Here I have to go to CWPro Admin - PHP Settings - PHP Version Switcher, and also open the combobox. PHP is up to date in CWP.

I would prefer a command line check, so I could write a cron script which warns me when a new version gets available. Checking manually every day is tiring.