Messages

1

CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ

« on: July 12, 2025, 11:48:48 AM »

@mrgreen Thank you for this valuable feedback and GitHub link!

On our end, since Maldet's signature is from February and Rkhunter is discontinued since 2018, we actually ran Thor Lite w/ a collection of YARA custom rules to find and clean everything across the server.

Besides that, we blocked access to "module=filemanager&acc=findFiles" through CloudFlare only allowing our Whitelist of IPs to access it.

Would you be so kind as to share the inotify script for the .php files?

2

CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ

« on: July 09, 2025, 06:08:50 PM »

Also just to confirm, I am indeed using AlmaLinux 8.10 (Cerulean Leopard)

3

CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ

« on: July 09, 2025, 05:01:06 PM »

I noticed I had 3 users in /home/jail/ possibly from jailkit. But I never actually made any configs about this, so 3 of my users are using it, and the others aren't. That's just something odd but probably unrelated.

About the hidden files, just deleted them, thanks!
I had first renamed /tmp to /tmp_inf and created a new /tmp but that broke my websites sessions.

I will try to help as I can, I only have medium server experience!
I've noticed some executables and scripts being created and hidden inside wordpress folders, I've cleared them but if more appear I'll share here the names and contents.

4

CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ

« on: July 09, 2025, 04:44:59 PM »

I had the same problem, was going crazy, thinking it was a wordpress vulnerability, then started seeing processes from one user trying to access other users. This made me notic only 3 of my users are in jail and others aren't, no idea why this behaviour by CWP.

I've ran:

Code: [Select]

find / -type f \( -name "defauit.php" -o -name "nbpafebaef.jpg" \) -exec rm -f {} + 2>/dev/nullto delete all of this 2 files.

I've also renamed filemanager.php

Could any one provide with more insight/what more steps should be done to make sure it's clean?

5

CentOS-WebPanel Bugs / Re: Cronjobs adding backslash

« on: October 22, 2020, 09:49:49 PM »

Quick update: This seems to be fixed recently!

6

CentOS-WebPanel Bugs / Re: Cronjobs adding backslash

« on: October 07, 2020, 05:32:58 PM »

I concur - it's fubar!

php -f \\\"test.php parameter\\\" > /dev/nul

Delimiter is added on each edit, plus it strips out any comments that are added (no big deal, really).

There's also a bug reporting page, if you can be assed and think they'll act upon it.
https://bugs.control-webpanel.com/login_page.php

Thanks for testing!
I actually didn't know about that page, already registered and submited a bug ticket: https://bugs.control-webpanel.com/view.php?id=124

Hope they will fix it soon...
Have a great day!

7

CentOS-WebPanel Bugs / Re: Cronjobs adding backslash

« on: October 07, 2020, 03:59:54 PM »

Ahh! Now that is very grim. 
Definitely a flaw (not just a bug) in the code.
Cue the devs.

Yeah I think I'll send them something through the contact form, trying to get their attention on this matter!

Could you try on your installation and see if it behaves the same?
I don't think it could be a server configuration problem, but, you never know... ._.

8

CentOS-WebPanel Bugs / Re: Cronjobs adding backslash

« on: October 07, 2020, 03:28:49 PM »

Curiosity: does it actually affect the running of the tasks?
These are obviously being added by the GUI as delimiters for the double-quotes. If run from the command line as-is, then it shouldn't make any difference.

I was checking the cron file it creates, and it adds them on the file also...
From the user control panel, everytime I actually refresh the crontab page, it adds tem...
This is after a few refreshes:


And crontab file:


So it actually interferes, because I stop receiving the e-mails, and the commands aren't executed.

I mean, this feels like a big flaw as I have to setup manually directly in the file, all my cronjobs for my resellers :s

9

CentOS-WebPanel Bugs / Re: Cronjobs adding backslash

« on: October 07, 2020, 10:47:51 AM »

Hi there, I see there is new updates on crons, but still this error is not fixed:


Everytime I or a client saves/edits a cronjob with quotes, It adds a backslash, infinite times.

Can someone please help or at least let me know if happens the same to you?

10

CentOS-WebPanel Bugs / Cronjobs adding backslash

« on: September 17, 2020, 03:01:47 AM »

First of all, hello to this community!
I've recently purchased CWPPro and i'm liking it very much.
Can someone confirm to me if this is only happening in my installation or others?
Whenever I add a cronjob from the Admin Panel that has quotes (") it adds a backslash on it, forcing me to edit the cron file.
Whenever I open the cronjobs panel from the User Panel, it automatically adds this backslashes to existing cronjobs with quotes, making it virtually impossible for my clients to set up cronjobs efficiently
I think this is urgent and might be quick to fix, would it be possible for you to add the fix on next update?