Messages

1

Information / Re: Ebury trojan on all of my CWP servers

« on: March 23, 2023, 08:33:50 PM »

I don't have that file

Are you on Centos 8 or Almalinux? If so the file won't be there, it's only there on Centos 7. My Centos 8 and Almalinux servers were exploited also on the 19th with the same notice of ebury from my host, still trying to figure out exactly how. My server admin believes it's just a vulnerability in CWP and we have to wait for a fix. Once again maybe the update on the 20th patched something? Who knows.

2

Information / Re: Ebury trojan on all of my CWP servers

« on: March 23, 2023, 08:25:20 PM »

thank you
but, can you please tell me which way I can be 100% sure that malware exists?
I'm asking this because many tess found on internet shows that my system is not infected.
Your test only shows that it is. And if I run it on other server (which is not connected to my original in any way), there too it shows positive

Check if you have /usr/lib64/libkeystats.so file in your system. If you do you're infected. I would say it's safe to bet that the majority of CWP users are infected and don't know it.

As top20 said most likely the vulnerability with CWP is still open so cleaning out the server, re-installing the OS and then putting back CWP will probably just end up with the same issue until it's patched.

3

Information / Re: Ebury trojan on all of my CWP servers

« on: March 23, 2023, 08:02:58 PM »

By the way, which hosting provider do you use? My servers are with hetzner.com.

Hetzner as well!

4

Information / Re: Ebury trojan on all of my CWP servers

« on: March 23, 2023, 11:39:24 AM »

My server admin said they saw rumblings about other CWP servers having this issue starting on March 17th -20th. Maybe the March 20th update was a patch?

Im running the scans now, will probably take a while. What OS were you running on the infected machines? One of mine was Centos 8 and the other was AlmaLinux 8.5. Also were you on a fully updated CWP?

Are you planning on re-building from scratch? From what I read thats the only definite solution.

5

Information / Re: Ebury trojan on all of my CWP servers

« on: March 22, 2023, 08:30:09 PM »

What are you using for your malware scan? We got the same notice but our scans are coming up clean.

6

Information / Re: Ebury trojan on all of my CWP servers

« on: March 22, 2023, 08:15:16 PM »

Yep got a notification to that this was the case. Would love to know whats going on here.

7

CentOS-WebPanel Bugs / Re: all my websites Account Suspended

« on: December 29, 2021, 04:48:40 AM »

There is an issue with the new update suspending accounts due to bandwidth for some reason. I fixed it by doing this:

- Deleting the domains file here /usr/local/cwp/users/suspended/

- Go to User Accounts then List Accounts. Under actions switching the suspend account toggle and then switching it back.

Then the domain was working but the bandwidth usage still showed over the limit. So I then:

- Went to User Quote under User Account clicked the packages link in the text "You can change the user quota by editing packages." and changed the bandwidth limit to a very high amount.

So far so good but this is crazy that they'd let an update out like this that totally brings down websites. Hopefully they get another update out asap.

8

CentOS-WebPanel Bugs / Re: all my websites Account Suspended

« on: December 29, 2021, 04:00:51 AM »

Yep same here. All my sites down with a 404 error.

9

CentOS-WebPanel Bugs / Re: Huge File Manager Bug - Converting Text

« on: June 16, 2020, 10:43:34 PM »

I vaguely remember zencart doing this as a security fix.

Huh? What does this have to do with zencart? The file editor in centos web panel is broken and converts html decoded characters automatically when they shouldn't be. This makes it unusable for saving code which defeats the purpose of having a file editor.

10

CentOS-WebPanel Bugs / Re: Huge File Manager Bug - Converting Text

« on: June 12, 2020, 03:58:26 PM »

Just to give an example. I spent 2 hours today after a script on my site wasn't working only to find out the regex in the script was broken because of this issue. Centos Web Panel just changing my code whenever I save a file.

11

CentOS-WebPanel Bugs / Huge File Manager Bug - Converting Text

« on: June 12, 2020, 03:19:46 PM »

The file manager is now completely unusable. Its converting html entities into the decoded text. For example I saved & in my file when I re-opened it was converted to &, so when I re-saved it converted all those entities into &. This is a HUGE bug and can cause major damage to users code. This needs to be fixed ASAP.

12

Updates / Re: File Manager problem after update to 0.9.8.932

« on: January 30, 2020, 01:13:03 PM »

Save is still not working in the new release 0.9.8.933.

13

CentOS-WebPanel GUI / Re: File manager SAVE not working!

« on: January 30, 2020, 01:12:02 PM »

Was told by support this would be fixed yesterday. I updated to the new release 0.9.8.933 and it's still not fixed. Save still does not work.

14

CentOS-WebPanel GUI / Re: File manager SAVE not working!

« on: January 29, 2020, 08:50:07 PM »

Same here

15

Updates / Re: File Manager problem after update to 0.9.8.932

« on: January 29, 2020, 08:47:54 PM »

Not working for me either. I can't save any files.