Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - ejsolutions

Pages: [1] 2 3 ... 25
1
Information / Re: CWP Outbound Packets
« on: April 09, 2020, 10:14:29 PM »
Google is your friend:
https://lmgtfy.com/?q=clamav+2703


https://www.speedguide.net/port.php?port=2703
Revenge is sweet - got some of my own medicine. ;)
Wouldn't be so bad but thought I'd removed clamd/clamav/amavis/spamassassin on the ny and cwp instances. Speaking of which, the au instance keeps saying it needs updated, even though I've done it twice! (python3 reinstall required.) Grr, wish the clamav maintainers would get their act together.

2
it works only when using a password for login from the beginning as user panel access from admin is done via token and not password.
Done think that you're quite grasping the issue.
Please re-read all of the above.

3
CentOS 7 Problems / Re: Certificate expired
« on: April 09, 2020, 09:41:28 PM »
Suggest you locate the trustedcerts.xml file that Filezilla uses (depends on you PC OS) and rename it trustedcerts.xml.bak then try again.
You MUST do this whilst Filezilla is NOT running. Then try to connect again, making sure that you specify the full hostname.

Also, try sftp from a command prompt, preferably in verbose mode.

4
I left the IP change tick box unchecked when logging in - dunno if that makes the odds.
I do notice the URL includes a token, hence surmising a session issue.

5
At Admin level, it works fine (at second attempt).
At user level, I get the same as you, plus the opening as IP address instead of website, thus throwing a SSL warning.
So, not just you.
Tried it a second time, logging in independently as an end user and it worked.  ???

A session/cookie issue, perhaps.

6
Information / CWP Outbound Packets
« on: April 09, 2020, 12:06:12 PM »
Guys, what's going on here?
I first spotted this issue on a NAT VPS but have since seen similar activity on other VPS' with dedicated IPs. On the NAT one the packets were sourced from root, cwpsrv and amavis.
Why are systems attempting to contact cloudmark/proofpoint via a dedicated port?

Quote
Apr  5 15:43:18 cwp kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=10.0.0.130 DST=208.83.139.205 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=26965 DF PROTO=TCP SPT=50278 DPT=2703 WINDOW=29200 RES=0x00 SYN URGP=0 UID=0 GID=0
Apr  5 15:43:19 cwp kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=10.0.0.130 DST=208.83.139.205 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=26966 DF PROTO=TCP SPT=50278 DPT=2703 WINDOW=29200 RES=0x00 SYN URGP=0 UID=0 GID=0
Apr  5 15:43:42 cwp kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=10.0.0.130 DST=208.83.137.117 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6618 DF PROTO=TCP SPT=60906 DPT=2703 WINDOW=29200 RES=0x00 SYN URGP=0 UID=990 GID=986
Apr  5 15:43:43 cwp kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=10.0.0.130 DST=208.83.137.117 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6619 DF PROTO=TCP SPT=60906 DPT=2703 WINDOW=29200 RES=0x00 SYN URGP=0 UID=990 GID=986
Apr  5 15:43:43 cwp kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=10.0.0.130 DST=208.83.139.205 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=31254 DF PROTO=TCP SPT=50282 DPT=2703 WINDOW=29200 RES=0x00 SYN URGP=0 UID=990 GID=986
Apr  5 15:43:44 cwp kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=10.0.0.130 DST=208.83.139.205 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=31255 DF PROTO=TCP SPT=50282 DPT=2703 WINDOW=29200 RES=0x00 SYN URGP=0 UID=990 GID=986

Quote
[root@ny ~]# grep "TCP_OUT Blocked" /var/log/messages
Apr  5 10:43:00 ny kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=23.94.xxx.xxx DST=208.83.139.205 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=57075 DF PROTO=TCP SPT=35026 DPT=2703 WINDOW=29200 RES=0x00 SYN URGP=0 UID=0 GID=0
Apr  5 10:43:01 ny kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=23.94.xxx.xxx DST=208.83.139.205 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=57076 DF PROTO=TCP SPT=35026 DPT=2703 WINDOW=29200 RES=0x00 SYN URGP=0 UID=0 GID=0
Apr  5 10:43:01 ny kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=23.94.xxx.xxx DST=208.83.137.118 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1495 DF PROTO=TCP SPT=55922 DPT=2703 WINDOW=29200 RES=0x00 SYN URGP=0 UID=0 GID=0
Apr  5 10:43:02 ny kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=23.94.xxx.xxx DST=208.83.137.118 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1496 DF PROTO=TCP SPT=55922 DPT=2703 WINDOW=29200 RES=0x00 SYN URGP=0 UID=0 GID=0

Does appear to be amavis related and I'm very concerned that it runs under root privileges, in some cases - on another server..
Quote
Apr  9 06:09:45 au kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=103.108.xxx.xxx DST=208.83.137.118 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=28676 DF PROTO=TCP SPT=50150 DPT=2703 WINDOW=29200 RES=0x00 SYN URGP=0 UID=0 GID=0
Apr  9 17:01:06 au kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=103.108.xxx.xxx DST=208.83.137.117 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=57123 DF PROTO=TCP SPT=56586 DPT=2703 WINDOW=29200 RES=0x00 SYN URGP=0 UID=990 GID=986

[root@au ~]# grep 986 /etc/group
amavis:x:986:clamscan


Is this a known (stealth) activity?

7
CentOS 7 Problems / Re: Certificate expired
« on: April 08, 2020, 09:26:29 PM »
I have just tested it on my CWP.Pro instance, using a user account default FTP account and it worked fine, prompting to accept a valid SSL.
Trying with an Admin level generated account..
[Edit] Also worked perfect.

You have entered the server FQDN in Filezilla and not just left it blank?
Check your server has the FQDN listed with IP in /etc/hosts, not just localhost.localdomain (which should be removed and shouldn't be there, if the server was correctly setup.) 127.0.0.1 is the only valid entry for localhost.localdomain localhost

8
E-Mail / Re: Help. Script autoblock spam flag
« on: April 08, 2020, 02:19:17 PM »
Google is your friend.
...
Oi! That's my saying.  :P :D

9
CentOS 7 Problems / Re: Certificate expired
« on: April 08, 2020, 11:42:55 AM »
If is this a spoof question?
localhost.localdomain and you expect a valid SSL certificate - best you'll get is a self-signed one.
Change hostname.  :-X

10
Apache / Re: Apache doesn't seem to be updating
« on: April 08, 2020, 01:25:23 AM »
.41 is available in the GUI.
See your other thread on the same subject.

11
CentOS 7 Problems / Re: yum -y update conflict
« on: April 07, 2020, 09:05:29 PM »
More spoon feeding.  >:(

Just do it (TM)

Code: [Select]
yum remove python36u python36u-libs
yum install python3 python3-libs

Shared hosting is very cheap, these days.

12
Updates / Re: CWPpro version: 0.9.8.953
« on: April 07, 2020, 05:24:01 PM »
Quote
--2020-04-08 03:14:15--  http://static.cdn-cwp.com/files/mail/vacation.zip
Resolving static.cdn-cwp.com (static.cdn-cwp.com)... 137.74.148.116, 151.80.90.199, 167.114.21.226, ...
Connecting to static.cdn-cwp.com (static.cdn-cwp.com)|137.74.148.116|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2390 (2.3K) [application/zip]
Saving to: ‘vacation.zip.7’
:(

13
Backup / Re: Restore Option Missing
« on: April 07, 2020, 12:22:25 PM »
restore function is coming in future.
Can you imagine the damage to websites that these amateur hosters will create, doing restores?  :o :P
/sarcasm

14
CentOS 7 Problems / Re: How to rotate access logs
« on: April 07, 2020, 12:17:25 PM »
Scrub the above.
Just looked in both free CWP & CWP Pro: couldn't be easier! There's even a cut down man page alongside.
How much spoon feeding does one need? Jeez!

15
CentOS 7 Problems / Re: How to rotate access logs
« on: April 07, 2020, 10:50:17 AM »
Very easy to do on the command line- especially if you read the docs/man pages! Come out of the Windoze/Mac buuble.  :o
/etc/logrotate.conf
/etc/logrotate.d/

Clue 1: compress
Clue 2: Size 2M

Pages: [1] 2 3 ... 25