Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - peopleinside

Pages: [1] 2
1
E-Mail / Re: Security level low, need fix some configurations.
« on: December 09, 2019, 10:25:49 AM »
Understood. And indication is just the forum that is insecure under HTTP :)

2
E-Mail / Re: Security level low, need fix some configurations.
« on: December 09, 2019, 09:44:55 AM »
Hope this post can help someone.
Centos Panel is a great panel,m free and has big potentiality but security issue is not something of Good.
I discovered also phpmyadmin in Centos Panel seems to be very old.

My worry is: old software = security issue / vulnerability.

3
E-Mail / Re: Security level low, need fix some configurations.
« on: December 07, 2019, 05:16:09 PM »
Seems no staff reply and support here.
I opened a ticket (also if I'm not currently a paid user) and received what i think is wrong replies where was told to me there are no security issues just compatibility configuration. Not need to edit postfix but only dovecot, etc.

You cannot fix security issue on port 465 and 993 by editing only dovecot.

On in /etc/postfix edit main.cf you need to add:

Code: [Select]
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
#smtpd_tls_cert_file = /etc/pki/tls/certs/centospanel-peopleinside.it.crt
#smtpd_tls_key_file = /etc/pki/tls/private/centospanel-peopleinside.it.key
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem

tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
tls_preempt_cipherlist = no

smtpd_tls_eecdh_grade = strong

Need now generate the file /etc/postfix/dh2048.pem
Execute as root (prime group generation can take a few seconds to a few minutes):
Code: [Select]
  # cd /etc/postfix
    # umask 022
    # openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
    # chmod 644 dh512.pem dh1024.pem dh2048.pem

For fix issue on port 993:
Have to disable TLS 1.0 /etc/dovecot/dovecot.conf

Code: [Select]
ssl_protocols = !SSLv2 !SSLv3 !TLSv1

ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl_prefer_server_ciphers = yes
ssl_dh_parameters_length = 2048

Than restart dovecot and postfix

4
E-Mail / Re: I am receiving a lot of spam emails in all of my accounts,
« on: December 05, 2019, 11:33:16 AM »
Hi, I'm sad to hear you are having issue with spam emails.
Have you tried spamassasin and advanced spam option into centos panel?

I like this panel but i cannot currently use due to some email SSL issue. I will try to see if there is someone of the Centos Panel Team that can reply.

If you are unable (as me with a current another panel) to manage spam you can try https://mxguarddog.com/ service. I'm using that as i started to have a big spam issue.

5
E-Mail / Re: Security level low, need fix some configurations.
« on: December 03, 2019, 01:15:08 PM »
Security issue are present in dovecot and postfix in centos panel.
Score is always F on https://www.immuniweb.com/ssl for the port 993, 465

Now for the port 465 as i edit something into dovecot configuration the score is B-
there is a Logjam vulnerability present for dovecot and postfix.

For postfix I'm completely unable to disable TLS 1.0 even if i followed online guide and edited main.cf



Seems there is no support that reply here in the forum.

6
E-Mail / Security level low, need fix some configurations.
« on: December 02, 2019, 01:14:51 PM »
Hi to all,
I'M new on Centos Panel.

I'm testing the panel and services and found that once the panel configure the email settings there are security issues.
The security issues is about the SSL configuration.

I created an user that has a domain configured with SSL.
The admin panel is setup in a SSL domain.

I login as user (CWP Panel), goes into email section.
Here i can see the created email address and below Mail Settings Secure SSL/TLS Settings.

This settings is not really secure just test here: https://www.immuniweb.com/ssl



See: https://www.immuniweb.com/ssl/?id=T1Zhx3qf

TLS 1.0 is still supported. How i can disable this for email?
How can i set different chippers suite for email?

Thanks

7
Thanks, after create the folder my.domain/.well-known/acme-challenge and index.html in each one, now the let's encrypt certificate is installed successfully.
You are welcome  :)

8
If you do not have a static or blank page let's encrypt are unable to install. You need have an index page.

9
I had installed on a clean VPS.
For now I will continue to use Webuzo Panel. I will maybe look at this panel in the future.
Thanks.

10
Happy to hear the issues are not present for you  :)

11
CentOS 7 Problems / Love VS Not Love of CWP Panel. Many issues on Centos 7
« on: February 04, 2017, 02:57:05 PM »
I love this new panel also if I AM new and I come from Webuzo who is a lot better as interface.
Testing CWP on CentOs 7 seems to have a lot of issues.

- Email is missing secure ciphers suite so postfix and dovecot should be configured better
- If Apache or Bind or Dovecot or one of the service running as pureftpd etc have issue because user change configuration and is creating an issue is not possible remove and resume ... for example if I made broke Apache in Webuzo I can simply uninstall Apache from the panel and reinstall with default settings. This with Bind, PureFTP and all. In CWP if some service is not working and you are unable to fix is a big problem. In my test I need reinstall the panel many different times (also for BUG and issues)

For example one of this BUG issue was that now whn I add an user with a domain BIND stop to work. IF I remove the user BIND turn again ON.

Also button messages on top if clicked show errors as the file manager.

If you install a Let's Encrypt certificate you can see it on the list but you cannot remove... so if you decide to come back to HTTP you cannot do.

If an user is suspended than reactive FTP may not work or if you have previously activated Let's Encrypt than FTP as been switced to FTP under TLS this settings is loosed so when user try to connect after being reactived have to use not secure FTP also if Let's Encrypt certificate is active. Administrator need to go on pureftpd and disallow manually non TLS connections.

Once you have installed an SSL the score on https://www.htbridge.com/ssl/ is very good. A but if you do a server test here: https://www.htbridge.com/websec/ the score will be very bad F.
I tried to add configuration in Apache as I have made in Webuzo and where now in Webuzo I get A but with CWP I AM unable to have more than C+ I don't know why.

The most bug issue maybe for me is that you do not have (as in Webuzo exist) the possibility to unistall and reinstall a component if this is not working (Apache, BIND, pureftpd, etc)

For example when I added an user with a domain BIND has stopped to work. For me this is an issue on the programming of the control panel as my installation was new.

Softaculous is not working for now but you will fix soon as you told.

There is a lot of work to do, for now I love this panel because Webuzo for now missed antivirus and antispam and is a single control panel so you cannot really manage users but also on CWP I see issues on managing user as seems there are different issues.

CWP is a good panel idea but need works.
This is all I found in this days by testing it.

12
FTP / Re: Access Denied for the user after be reactived
« on: February 04, 2017, 12:00:29 AM »
Centos 7.3
FTP version last of cwp

U susended user and reactivate it.
Client FTP of user is giving access denied

13
FTP / Access Denied for the user after be reactived
« on: February 03, 2017, 10:25:24 PM »
If you suspend an account than reactivate it or maybe you this 3 times user will be unable to log in into FTP client only web FTP.

FTP client say: Access Denied.

So how to renable the user to use FTP?

14
How to reinstall Apache or Postfix or Dovecot for have default settings?

I coming from Webuzo where you are able to delete Apache and reinstall or dovecot, etc.
How to do that in Centos Panel?
Thank you!

IF this is not avaiable in the user interface I suggest to add :)

15
I suggest a section where Admin can check if someone is strying to access to the web panel.
You should be able to log in root and user should have a table when they can see the access sucessful and unsuccesfull, username tried and IP that is trying to access.

Also a brute force attack on Centos Panel should be added if is not existent.

Pages: [1] 2