Messages

1

How to / auto date/time sync

« on: July 14, 2023, 07:21:52 AM »

Hi,

is it possible to autoamtically sync date/time in cwp?
I've noticed that after manual time sync, after a few days there are a few minutes differences between real time and server time.

Thanks

2

CentOS-WebPanel Bugs / phpmyadmin problem

« on: July 07, 2023, 06:44:24 AM »

Hi,

recently I've got problem when accessing PhpMyAdmin from admin panel.
I've got error 400, and Request Header Or Cookie Too Large message

Is there any fix?

3

CentOS-WebPanel Bugs / Re: Cronjob not added from user panel

« on: May 12, 2023, 10:51:27 AM »

Cron is completly broken for a long time now.
Edit is not working, and if I delete some older cron, some random newer gets deleted.

Just use crontab -e from console to make changes

4

E-Mail / Re: Client host rejected: Access denied

« on: April 14, 2023, 08:44:19 AM »

does CWP have in plans some GUI management of postfix options?
regarding spam and similar things?

5

Information / Re: Roundcube version

« on: March 26, 2023, 07:38:19 AM »

what does the error log in roundcube states?

The error was an ajax error that came after

curl -s -L https://www.uxlinux.com/upload/tmp/cwp_rc_fix.sh | bash

run in ssh terminal like putty

Hi Sandeep,

will Roudcube be updated through CWP automatically, or it has to be done manually?

6

Information / Re: Ebury trojan on all of my CWP servers

« on: March 23, 2023, 09:44:42 PM »

check the server by the instructions just to be sure...but this looks like a false alert.
https://srvfail.com/check-clean-ebury-ssh-rootkit/

yes, I've checked with tests in that link, and it seems that my server is not infected

7

Information / Re: Ebury trojan on all of my CWP servers

« on: March 23, 2023, 09:09:48 PM »

Here is some more info for Ebury 2
https://www.welivesecurity.com/2017/10/30/windigo-ebury-update-2/

8

Information / Re: Ebury trojan on all of my CWP servers

« on: March 23, 2023, 08:35:20 PM »

I don't have that file

Are you on Centos 8 or Almalinux? If so the file won't be there, it's only there on Centos 7. My Centos 8 and Almalinux servers were exploited also on the 19th with the same notice of ebury from my host, still trying to figure out exactly how. My server admin believes it's just a vulnerability in CWP and we have to wait for a fix. Once again maybe the update on the 20th patched something? Who knows.

I'm on CentOS 7.9.2009

9

Information / Re: Ebury trojan on all of my CWP servers

« on: March 23, 2023, 08:34:30 PM »

But regarding ssh -G:

Code: [Select]

It should be noted that people using an OpenSSH version released after October 2014 will get a false positive with the ESET test, since there is now a legitimate -G switch in the SSH binary. See e.g. the SSH man page on OpenBSD.org or the Github mirror of the actual commit adding this switch. –
Daniel Andersson
 Feb 14, 2016 at 19:42
From:
https://stackoverflow.com/questions/22526214/ssh-g-21-grep-e-illegal-e-unknown-dev-null-echo-system-clean

I am in Croatia, and have local hosting provider

10

Information / Re: Ebury trojan on all of my CWP servers

« on: March 23, 2023, 08:26:38 PM »

thank you
but, can you please tell me which way I can be 100% sure that malware exists?
I'm asking this because many tess found on internet shows that my system is not infected.
Your test only shows that it is. And if I run it on other server (which is not connected to my original in any way), there too it shows positive

Check if you have /usr/lib64/libkeystats.so file in your system. If you do you're infected. I would say it's safe to bet that the majority of CWP users are infected and don't know it.

As top20 said most likely the vulnerability with CWP is still open so cleaning out the server, re-installing the OS and then putting back CWP will probably just end up with the same issue until it's patched.

I don't have that file

11

Information / Re: Ebury trojan on all of my CWP servers

« on: March 23, 2023, 08:16:57 PM »

Maybe. The first thing you can do is change the SSH port and restrict access to SSH login for all users on the system to trusted IP addresses. Change the passwords for absolutely all users. This does not solve the problem since CWP is compromised and requests can be executed as root from there, but somehow it ensures that the server is not used for botnets - DDoS, email spam, etc. As I said, the infection through CWP was long ago. Personally, I think one of my servers was infected minutes before 03.09.2021, 03:46:34, because the logs before that are missing, and it has been online since 2020. I also restored backups and the infection existed 2-3 years ago. Even if the server is cleaned, as long as the vulnerability in CWP exists, it is still under threat. Personally, I will wait for the CWP bug to be fixed and then reinstall the server with the new CWP panel.

thank you
but, can you please tell me which way I can be 100% sure that malware exists?
I'm asking this because many tess found on internet shows that my system is not infected.
Your test only shows that it is. And if I run it on other server (which is not connected to my original in any way), there too it shows positive

12

Information / Re: Ebury trojan on all of my CWP servers

« on: March 23, 2023, 07:03:04 PM »

so only way to get rid it is clean os install?

13

Information / Re: Ebury trojan on all of my CWP servers

« on: March 23, 2023, 06:34:42 PM »

Ok, I'am infected too...
I am scaning now with clam, will clam clean it?

Thx!

14

Other / Re: How to protect my files against download

« on: February 12, 2023, 06:30:55 PM »

content on web is open to all, so there is no way to prevent downloading that kind of stuff

you can add some scripts, for example to disable right click or something like that, but anyone with simple knowledge od console can download anything from your website

15

Information / Re: 0.9.8.1147 released ? what is the changelog ?

« on: October 25, 2022, 11:02:25 AM »

thx for an update
PS. do you have any timeline for bigger updates (spamassasin config, themes/templates) - those features are listed on CWP website as coming soon?

Thank you