Messages

1

Information / Re: Ebury trojan on all of my CWP servers

« on: Today at 09:18:28 AM »

You can quickly check if you are infected with Ebury by checking if the file /usr/lib64/libkeystats.so exists or by running the following command through the console -

Code: [Select]

ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected"

I'm sorry, but I don't think your information is accurate here -- on either count. The -G switch for SSH is now legitimate, and the existence of /usr/lib64/libkeystats.so does not prove an Ebury rootkit infection.

just did a complete scan. Took 108 minutes scanning almost half a million files. I dont have it

Have you confirmed that the malware security scanner accurately identifies Ebury? I did that scan but then a manual check -- and note that checking via SSH does not necessarily prove a clean bill of health. You need to check via a local console or else Ebury could alter the results shown via SSH.

2

SSL / Re: AutoSSL not working

« on: Today at 08:00:03 AM »

^ That's why I posted my comment above. I encountered that error before and you have to make sure you are not redirecting the site from HTTP to HTTPS. It needs to negotiate the AutoSSL certificate via (non-SSL) HTTP.

3

Information / Re: Ebury trojan on all of my CWP servers

« on: March 24, 2023, 03:02:39 AM »

Thanks for highlighting this! No Ebury Trojans here on any of my 3 CWP servers; just one case of Win.Trojan.Hide-1 under one WordPress install, which was promptly exorcised:

/home/account/public_html/wp-admin/zSROyV.php
Win.Trojan.Hide-1

4

New Modules / Re: [Module] Track E-mail Delivery

« on: March 20, 2023, 03:46:29 AM »

Great! This could be very handy when a customer asks me about mail delivery issues. Save some log sifting, for sure!

5

DKIM / Re: How to implement 2048 bit DKIM keys on CWP servers.

« on: March 20, 2023, 03:44:53 AM »

The takeaway from that tutorial I linked to was to use opendkim-genkey with the -b bits option:

       -b bits
              (--bits=n)  Specifies  the size of the key, in bits, to be generated.  The upstream
              default is 1024 which is the value recommended by the DKIM  specification,  but  in
              Debian the default is 2048 based on more current recommendations such as those from
              NIST 800-177.

So,

Code: [Select]

opendkim-genkey -b 2048is what you are looking for...

6

Information / Re: remote backup to house

« on: March 20, 2023, 03:39:48 AM »

I prefer a TrueNAS box for this as a target for DR (disaster recovery) -- there's nothing as good as a ZFS send, especially compared to rsync. I don't really trust home routers with USB ports to have high availability or acceptable performance. I see it as an afterthought or "gee whiz" feature. Maybe the Apple TimeCapsule devices are more solid by design, but even Western Digital's MyCloud NAS left a LOT to be desired (performance, security, etc. were sorely lacking). I have several Netgear Nighthawks with USB3.0 ports, but I must confess I've never even tried out that feature. But I'm sure you could find anecdotal experiences online, as well was benchmarks.

7

CentOS-WebPanel Bugs / Re: 2FA not working

« on: March 18, 2023, 06:09:23 AM »

Is there a bug? Yes, at least one.
Does it work for you? No, that's why I'm not currently using it.
Hopefully in the future...

8

E-Mail / Re: DMARC /DNS Record Published

« on: March 18, 2023, 06:04:23 AM »

Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. The purpose and primary outcome of implementing DMARC is to protect a domain from being used in business email compromise attacks, phishing email, email scams and other cyber threat activities.

DMARC is not an essential DNS record for mail delivery -- it mostly is to prevent spoofing of your domain. For proper mail delivery, you will need an A record and an MX record; an SPF TXT record is also highly recommended. And any more, a PTR (reverse DNS) record is essential for credibility with other mail servers. This is put in place by your hosting provider or ISP, whoever controls the IP space you use.

9

Installation / Re: mail server only

« on: March 18, 2023, 03:16:26 AM »

This way, you may also create a script that will manually renew the certificate without using http-verification method

Under a normal system, you would look at /etc/letsencrypt/renewal/domain.com.conf
and you set 

Code: [Select]

authenticator = dns-cloudflareand it works flawlessly with their token authentication. No need for a custom renewal script, in my experience. Under CWP, it looks as though you would need to edit:

Code: [Select]

/root/.acme.sh/cwp_certs/www.domain.com/www.domain.com.conf
/root/.acme.sh/cwp_certs/www.domain.com/www.domain.com.csr.conf

10

How to / Re: how to secure CentOS server using CWP features

« on: March 18, 2023, 02:54:23 AM »

#Port 22 <-- Here! Remove the # and change 22 to whatever you want
#AddressFamily any

[/quote]
Don't forget to also change the port in /etc/csf/csf.conf under the TCP_IN line:

Code: [Select]

TCP_IN = "20,21,[i][b]2222[/b][/i],25,53,80,110,143,443,465,587,993,995,2030,2031"(not that I recommend port 2222, as FritzFrog scans for that in addition to 22).

11

Installation / Re: Login after installation

« on: March 18, 2023, 02:48:42 AM »

Are you able to SSH into the server? Try running

Code: [Select]

sudo passed rootand change the roott password to the same as the MySQL root password. This will also have the positive effect of allowing you to login to phpMyAdmin without a password from the CWP Admin panel.

12

Information / Re: Roundcube version

« on: March 18, 2023, 02:45:59 AM »

IonCube should work in PHP versions up to 7.4. Do you have it enabled in all your installed versions? If not, recompile with IonCube support.

13

CentOS 7 Problems / Re: Error in trasnfer File

« on: March 14, 2023, 08:38:29 AM »

Can you post a little more of the log? Probably not the whole thing, but the last 20-25 lines so that might help us identify the cause of the error.

14

Installation / Re: HOME SERVER QUESTION

« on: March 14, 2023, 01:08:06 AM »

Yes -- a Mac mini at a specialized boutique host (MacStadium or MacMiniVault). They will do co-location for $50-60/mo (owing to the small form factor and small power draw). For that, you get symmetric gigabit speeds, unlimited transfer. They offer "remote hands" support and will swap out parts or change out SSDs for you if you want to upgrade. I've had very good success with this route over the past 5+ years. 3 servers running CentOS 7.9 in a data center, on the cheap...

15

CentOS 7 Problems / Re: Error in trasnfer File

« on: March 14, 2023, 12:59:10 AM »

Have you looked over the migration log?

Code: [Select]

/var/log/cwp/migration_cwptocwp.log
And the dot files look something like this while it is processing:

Code: [Select]

/home/.accountname2023030210162406c06f23df2524dbd24ad6f8dd4027a2
/home/cwpmove-accountname.tar.gz
/home/.CWPTOCWP_20230302090033