Messages

1

CentOS-WebPanel Bugs / Re: Cannot Delete File

« on: July 17, 2025, 12:44:52 AM »

Not present on any servers I manage (one CentOS 7.9 holdout, a couple of AlmaLinux 8 servers, a couple of AL9 test beds).
Try to see if the immutable bit is set, then remove:

Code: [Select]

chattr -i error.php
rm -rf error.php

2

PHP Selector / Re: I can't Change my php version 8.1 to 8.2

« on: July 16, 2025, 03:24:06 PM »

You just need to purchase CWP Pro (PayPal is best) and assign your license to your IP address to activate Pro.

3

Mod_Security / Re: WordPress or WooCommerce, have a conflict with the OWASP CRS v4.16.0

« on: July 15, 2025, 12:44:28 PM »

More for WordPress:

Code: [Select]

## Wordpress ##
SecRuleRemoveById 981242
SecRuleRemoveById 981246
SecRuleRemoveById 981243
SecRuleRemoveById 959073
SecRuleRemoveById 958030
SecRuleRemoveById 981172
SecRuleRemoveById 981319
SecRuleRemoveById 981260
SecRuleRemoveById 973308
SecRuleRemoveById 973335
SecRuleRemoveById 973347
SecRuleRemoveById 973334
SecRuleRemoveById 950007

4

CSF Firewall / Re: CSF & Modsec

« on: July 15, 2025, 12:40:41 PM »

You followed the Mod Sec installation/upgrade instructions and are running the OWASP-old setup. (I know it's counterintuitive naming, as you will actually be using the newest ruleset.)

5

Suggestions / Re: Long Account Names / Rename Account Names

« on: July 15, 2025, 12:39:04 PM »

Would the developers please increase the account name length so that account names can be the same as domain names which are generally much longer.

Just to be clear, while the rest of your suggestions are good, this one is a bad idea. You do not want to make the username easy to guess, as that invites easier brute force attacks. And as we just saw with the File Manager flaw, if you knew the username it was game over. In the past, I have used cPanel systems the required a random number to be in the username just to add some randomness and make it less easily guessed.

6

E-Mail / Re: Postfix, SpamAssassin, or something else

« on: July 14, 2025, 03:58:49 PM »

https://www.leaseweb.com/en/about-us/legal/abuse-handling
https://kb.leaseweb.com/kb/compliance-security/compliance-and-security-contacting-abuse-prevention-department/

Use their contact forms (above) or e-mail them directly (handy if you have e-mail samples you can send them):
abusedesk@global.leaseweb.com

7

Suggestions / Re: Simple editor to Master php.ini

« on: July 14, 2025, 03:51:06 PM »

Each user can have .user.ini php settings file in the web root or if you would rather, you can name it php.ini. Just uncomment that directive in the version php-fpm php.ini file.

8

Suggestions / Re: SSH Key generation for domain users

« on: July 14, 2025, 03:48:23 PM »

In the case of SSH access and keygen, I would indeed think you would want direct help desk intervention. I don't think you want to open up shell access to your server lightly, so 1-2 help tickets per server is attainable.

9

Mod_Security / Re: WordPress or WooCommerce, have a conflict with the OWASP CRS v4.16.0

« on: July 14, 2025, 03:42:16 PM »

You will need to look through your error logs and see which rules are triggering the blocks, then add them to the global rules file:

Code: [Select]

grep "modsecurity" /usr/local/apache/domlogs/*.error.log
Afterward, don't forget to restart httpd. You can also disable Mod Security on a user-account basis to get you through the WordPress install process.

10

Suggestions / Re: :):):) Comodo WAF rules update required :):):)

« on: July 14, 2025, 03:33:39 PM »

yes, exactly.

11

PHP Selector / Re: I can't Change my php version 8.1 to 8.2

« on: July 13, 2025, 10:54:42 AM »

Have you tried changing it from the admin panel side?
https://demo.harkatco.com:2087/login/index.php

12

CSF Firewall / Re: CSF & Modsec

« on: July 12, 2025, 09:13:07 PM »

Confirm your update procedure was along these lines (no missing steps):
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-modsecurity-to-2-9-11-running-cwp-and-apache-on-almalinux-8-9/

Then install the latest OWASP ruleset:
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-owasp-crs-ruleset-to-4-16-0-running-cwp-and-apache-on-almalinux-8-9/

Then if you are having problems with CSF & LFD:
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/no-lfd-notifications-and-or-csf-not-blocking-ips-after-upgrading-to-owasp-latest-with-cwp-on-almalinux-8-9/

13

PHP Selector / Re: I can't Change my php version 8.1 to 8.2

« on: July 12, 2025, 02:08:14 PM »

And you have an active CWP Pro license for the IP of that server?

Code: [Select]

sh /scripts/update_cwp

14

Installation / Re: CWP-CentOS 8 MINIMAL ou BOOT Stream-Delayed

« on: July 12, 2025, 02:28:35 AM »

Please use AlmaLinux 8 or 9 as the foundation for a production-ready server. A beta quality or EOL (end of life) OS is not really suitable for a server.

15

MySQL / Re: increase the characters db

« on: July 10, 2025, 02:51:46 PM »

It takes the form of one entry per line (to map 8 char usernames to longer names):
shortname:longername