Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
1
PHP / Re: Need to upgrade CWPPHP from 7.2.30 to at least 7.2.31
« on: December 27, 2023, 02:14:30 PM »
Is that really true? According to their web site, their PHP Encoder 13 is working with PHP 4, 5, 7 and 8 up to 8.2:
https://www.ioncube.com/php_encoder.php
Anyway, another option would be putting a HTTP password on the page, so the vulnerable PHP wouldn't be exposed to the entire world. But I cannot find the directory of the panel to do this...
https://www.ioncube.com/php_encoder.php
Anyway, another option would be putting a HTTP password on the page, so the vulnerable PHP wouldn't be exposed to the entire world. But I cannot find the directory of the panel to do this...
2
PHP / Re: Need to upgrade CWPPHP from 7.2.30 to at least 7.2.31
« on: December 26, 2023, 01:57:00 PM »
It's now 3(!) years later and CWP is still using PHP 7.2.30:
Detected CVEs for PHP 7.2.30 with CVSS above 7.0.
Is there any way to update the php version used by CWP control panel? I can only update the PHP version used by web sites.
Or is there a way to only make CWP control panel accessible via VPN?
Detected CVEs for PHP 7.2.30 with CVSS above 7.0.
Is there any way to update the php version used by CWP control panel? I can only update the PHP version used by web sites.
Or is there a way to only make CWP control panel accessible via VPN?
3
FTP / Re: ftp fails to list unless ip manually whitelisted in firewall
« on: March 05, 2021, 02:04:46 PM »
FTP doesn't just use a single port (e.g. 2248 in your example), it uses this port only for sending commands to the server. The actual data is sent and received over a range of separate ports. That's what you set via PassivePortRange. However, you cannot use the same port for the data and for the commands. So use something like this instread:
PassivePortRange as 30000 35000
Then you also need to allow this same port range (30000-35000) as incoming TCP ports in your firewall. This is not a security risk, the FTP server will open a port in this range just for the transfer, send or receive the data, and then close the port.
PassivePortRange as 30000 35000
Then you also need to allow this same port range (30000-35000) as incoming TCP ports in your firewall. This is not a security risk, the FTP server will open a port in this range just for the transfer, send or receive the data, and then close the port.
4
CentOS 7 Problems / Re: Installation of PHP 7.4 fail with Version Switcher (Centos 8)
« on: December 20, 2020, 10:53:27 AM »
According to the log, the program re2c is not installed. Try installing it via cwp terminal:
yum install -y re2c
yum install -y re2c
5
CentOS 7 Problems / Re: Too many system updates
« on: November 25, 2020, 04:43:18 PM »
These system updates are provided by Centos and not by CWP. They are regular Linux security updates, and usually don't cause any problems.
Here is what I do when I get such a notification:
1. Wait at least one day, so updates causing major problems could be revoked/replaced
2. I run a copy of Centos 7 with CWP in Virtualbox in addition to my live server. This way I can install and test updates in there before I have to apply them to my main server. Sadly I can only use CentOS Web Panel free in Virtualbox because it's not reachable from the Internet.
3. After updating, I run the following command from a terminal:
needs-restarting -r
to check whether one of the updates requires a reboot. If necessary, I restart the system via Centos Web Panel.
4. I test all the services I normally use in the virtual machine.
5. Once I'm sure the updates have no negative side effect, I apply them also to my main server.
Btw, I have already tested and applied these new updates.
Here is what I do when I get such a notification:
1. Wait at least one day, so updates causing major problems could be revoked/replaced
2. I run a copy of Centos 7 with CWP in Virtualbox in addition to my live server. This way I can install and test updates in there before I have to apply them to my main server. Sadly I can only use CentOS Web Panel free in Virtualbox because it's not reachable from the Internet.
3. After updating, I run the following command from a terminal:
needs-restarting -r
to check whether one of the updates requires a reboot. If necessary, I restart the system via Centos Web Panel.
4. I test all the services I normally use in the virtual machine.
5. Once I'm sure the updates have no negative side effect, I apply them also to my main server.
Btw, I have already tested and applied these new updates.
6
Information / Re: CWP Secure CentOS Kernel
« on: October 21, 2020, 02:36:23 PM »
Is there a way to remove this warning? I'm the only user of this VPS running CWP, but I run multiple domains which I admin via CWP. I don't have any needs for a secure kernel.
7
Updates / Re: Updating Apache to current version?
« on: October 09, 2020, 01:56:52 PM »
Just a small notification that 2.4.46 is available now via:
WebServer Settings- Apache Re-Build.
I have just installed it and it seems to work fine.
Thanks!
WebServer Settings- Apache Re-Build.
I have just installed it and it seems to work fine.
Thanks!
8
Updates / Updating Apache to current version?
« on: August 27, 2020, 08:36:28 AM »
Currently CWP is offering Apache 2.4.41 on the page "Apache Re-Build", which has been released more than a year ago on August 14, 2019.
I'm worried about security flaws in such an old Apache version, there have been a lot of security updates since then:
https://www.apachelounge.com/Changelog-2.4.html
Is there a way to install a newer Apache manually without damaging the rest of CWP?
I'm worried about security flaws in such an old Apache version, there have been a lot of security updates since then:
https://www.apachelounge.com/Changelog-2.4.html
Is there a way to install a newer Apache manually without damaging the rest of CWP?
9
E-Mail / postfix fails to start after yesterday's update
« on: February 20, 2020, 09:43:07 AM »
Hi!
After yesterday's update:
postfix.x86_64 2:3.4.7-1.el7 cwp
Postfix fails to start here:
systemctl status postfix.service returns the following two errors:
After a rollback of the last yum update, it works again. Rollback via:
yum history
then check what the newest ID is, and then
yum history undo <ID>
This returned to postfix-2.10.1-7.el7.x86_64, which is quite a big version jump.
I guess that Postfix 3.4.7 requires a different configuration than Postfix-2.10.1.
Any ideas how to find out what's going wrong? The logs don't tell me what queue directories couldn't be created.
Here are the changes I made to the default postfix configuration to use procmail to filter and deliver mails:
After yesterday's update:
postfix.x86_64 2:3.4.7-1.el7 cwp
Postfix fails to start here:
Quote
/bin/systemctl start postfix.service
Job for postfix.service failed because the control process exited with error code. See "systemctl status postfix.service" and "journalctl -xe" for details.
systemctl status postfix.service returns the following two errors:
Quote
Unable to create missing queue directories
Postfix integrity check failed!
After a rollback of the last yum update, it works again. Rollback via:
yum history
then check what the newest ID is, and then
yum history undo <ID>
This returned to postfix-2.10.1-7.el7.x86_64, which is quite a big version jump.
I guess that Postfix 3.4.7 requires a different configuration than Postfix-2.10.1.
Any ideas how to find out what's going wrong? The logs don't tell me what queue directories couldn't be created.
Here are the changes I made to the default postfix configuration to use procmail to filter and deliver mails:
Quote
yum install procmail
chmod g+s /usr/bin/procmail
nano /etc/postfix/main.cf
Change virtual_transport = dovecot to:
virtual_transport = virtualprocmail:dummy
virtualprocmail_destination_recipient_limit = 1
nano /etc/postfix/master.cf
#
# procmail LDA
virtualprocmail unix - n n - - pipe flags=DRXhuq user=redacteduser
argv=/usr/bin/procmail -m E_SENDER=$sender E_RECIPIENT=$recipient ER_USER=$user ER_DOMAIN=$domain ER_DETAIL=$extension NEXTHOP=$nexthop /etc/procmailrc
nano /etc/procmailrc
SHELL=/bin/bash
LOGFILE=/var/log/procmail.log
DEFAULT=/var/vmail/${ER_DOMAIN}/${ER_USER}
MAILDIR=/var/vmail/${ER_DOMAIN}/${ER_USER}
DELIVER="/usr/lib/dovecot/deliver -d $LOGNAME"
INCLUDERC=/home/redacteduser/.procmailrc
:0 w
| $DELIVER
HOST=end_of_processing
nano /etc/postfix/virtual
support@redacted.com redacteduser
service postfix restart
10
CentOS-WebPanel GUI / Re: Does "CWPpro Terminal" work for you?
« on: July 16, 2019, 09:38:35 AM »
I have a valid Hostname with A record DNS and ssl, and the normal CWPro admin panel shows up just fine. The "CWPpro Terminal" loads without any error messages, but the page is blank with a white square the size of a single character in the upper left.
11
CentOS-WebPanel GUI / Re: Does "CWPpro Terminal" work for you?
« on: July 15, 2019, 10:24:03 AM »
1c) I have now also tried with Internet Explorer 11: The "CWPpro Terminal" doesn't work either. The "SSH Java console" fails to launch due to an invalid signature of the applet jcterm-0.0.10.jar located at
admin/design/3rdparty/sshterm/jcterm-0.0.10.jar.
jarsigner.exe -verify jzlib-1.1.1.jar reports:
Warning:
This jar contains entries whose signer certificate has expired.
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2014-07-18) or after any future revocation date.
admin/design/3rdparty/sshterm/jcterm-0.0.10.jar.
jarsigner.exe -verify jzlib-1.1.1.jar reports:
Warning:
This jar contains entries whose signer certificate has expired.
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2014-07-18) or after any future revocation date.
12
CentOS-WebPanel GUI / Re: Does "CWPpro Terminal" work for you?
« on: July 15, 2019, 07:54:19 AM »
I wonder what are the requirements for "CWPpro Terminal":
1. Does it require Java? I ask because there is a menu entry in "Service SSH" named "SSH Java Console", and it doesn't work either. To my knowledge, modern browsers no longer support Java. Here is a test page:
https://java.com/en/download/installed.jsp
a) In Firefox, I get "We have detected you are using the 64-bit version of Firefox which will not run the Java plugin."
b) In Chrome I get "The Chrome browser does not support NPAPI plug-ins and therefore will not run all Java content. Switch to a different browser".
2. Does it matter that I changed my SSH port (due to the many hacking attempts to port 22)? The "SSH Java Console" page allows to set the port and correctly shows the one I use, though.
1. Does it require Java? I ask because there is a menu entry in "Service SSH" named "SSH Java Console", and it doesn't work either. To my knowledge, modern browsers no longer support Java. Here is a test page:
https://java.com/en/download/installed.jsp
a) In Firefox, I get "We have detected you are using the 64-bit version of Firefox which will not run the Java plugin."
b) In Chrome I get "The Chrome browser does not support NPAPI plug-ins and therefore will not run all Java content. Switch to a different browser".
2. Does it matter that I changed my SSH port (due to the many hacking attempts to port 22)? The "SSH Java Console" page allows to set the port and correctly shows the one I use, though.
13
CentOS-WebPanel GUI / Re: Does "CWPpro Terminal" work for you?
« on: July 14, 2019, 10:16:59 AM »
Well, I have waited for an hour now after entering user name and password, but nothing happened. I used user "root" for login. I also tried a non-root user, but then I got an error.
14
CentOS-WebPanel GUI / Does "CWPpro Terminal" work for you?
« on: July 12, 2019, 10:26:45 AM »
When I click on the "Terminal" button at the top in CWP Pro (paid version), I get a submenu with two options:
"Simple Terminal"
"CWPpro Terminal"
"Simple Terminal" opens a terminal just fine in a new tab, without asking again for the password. However,
"CWPpro Terminal" doesn't seem to work with Chrome or Firefox:
- it asks again for the user name and password
- once I enter them, I get a black screen with a tiny (about one character) white square in the upper left corner
I have tried disabling Noscript on that tab, but that didn't make any difference.
Maybe I need to install some additional packages via yum to make this work?
"Simple Terminal"
"CWPpro Terminal"
"Simple Terminal" opens a terminal just fine in a new tab, without asking again for the password. However,
"CWPpro Terminal" doesn't seem to work with Chrome or Firefox:
- it asks again for the user name and password
- once I enter them, I get a black screen with a tiny (about one character) white square in the upper left corner
I have tried disabling Noscript on that tab, but that didn't make any difference.
Maybe I need to install some additional packages via yum to make this work?
15
Updates / Re: Checking for new Apache or PHP versions via command line?
« on: April 08, 2019, 04:32:46 PM »
Interesting, I just got this update via Yum manager:
cwp-httpd.x86_64 2.4.39-1 cwp
After installing, the page "WebServer settings" - "Apache rebuild" shows:
Server version: Apache/2.4.39 (Unix)
Server built: Apr 5 2019 10:19:42
Although 2.4.39 isn't even available under "Select NEW Apache version:".
So at least we got the security update now, thanks CWP support!
cwp-httpd.x86_64 2.4.39-1 cwp
After installing, the page "WebServer settings" - "Apache rebuild" shows:
Server version: Apache/2.4.39 (Unix)
Server built: Apr 5 2019 10:19:42
Although 2.4.39 isn't even available under "Select NEW Apache version:".
So at least we got the security update now, thanks CWP support!
Pages: [1] 2
