Recent Posts
11
PostgreSQL / Re: Error starting postgres
« Last post by gilliard on Today at 05:55:01 PM »Not works
[root@cwp ~]# systemctl is-masked postgresql.service
Unknown operation is-masked.
[root@cwp ~]# systemctl unmask postgresql.service
[root@cwp ~]# systemctl start postgresql.service
Failed to start postgresql.service: Unit postgresql.service is masked.
[root@cwp ~]# systemctl enable postgresql.service
Failed to enable unit: Unit file /usr/lib/systemd/system/postgresql.service is masked.
[root@cwp ~]#
[root@cwp ~]# systemctl is-masked postgresql.service
Unknown operation is-masked.
[root@cwp ~]# systemctl unmask postgresql.service
[root@cwp ~]# systemctl start postgresql.service
Failed to start postgresql.service: Unit postgresql.service is masked.
[root@cwp ~]# systemctl enable postgresql.service
Failed to enable unit: Unit file /usr/lib/systemd/system/postgresql.service is masked.
[root@cwp ~]#
12
Information / Re: Is CWP still maintained?
« Last post by cyberspace on Today at 03:24:09 PM »CWP did not disclosure that. They prefer hide it under a "update", that you don't even know what is. Or do you have a changelog for the versions lauch?
Hire the CWP team, pay them wage and set your rules how they must act. In other case you accept their rules and how they support their product.
If their rules aren't acceptable for you then you need to use another product.
13
CentOS 7 Problems / Re: Clamav database update blocked by CDN
« Last post by Painkiller88 on Today at 02:54:54 PM »ELevate is not a recommended upgrade path; you will likely introduce issues into the new system (Sandeep [a CWP dev] advises against it). Better to bring up a new AlmaLinux 8 system and use the CWP Migration module to transfer accounts. That's the route I chose and so I have a fresh system with very little cruft moved over from the old system. Fresh 'n shiny!
https://www.alphagnu.com/topic/578-does-it-possible-to-migrating-from-centos7-to-almalinux9-same-server-without-installing-to-new-server/
Ok thanks, i will have a look into it.
14
PostgreSQL / Re: Error starting postgres
« Last post by overseer on Today at 01:43:28 PM »Code: [Select]
systemctl is-masked postgresql.service
systemctl unmask postgresql.service
systemctl start postgresql.service
systemctl enable postgresql.service15
PostgreSQL / Error starting postgres
« Last post by gilliard on Today at 01:38:25 PM »I have an error starting postgres 16, alma linux 8
Failed to start postgresql.service: Unit postgresql.service is masked.
Failed to start postgresql.service: Unit postgresql.service is masked.
16
Information / Re: Is CWP still maintained?
« Last post by djprmf on Today at 01:32:24 PM »The RCE with CWP wasn't fixed? And by who?
Or now CWP doesn't uses PHP anymore? By your logic then.... this isn't fixable, since is a "PHP Thing"... so....
Or now CWP doesn't uses PHP anymore? By your logic then.... this isn't fixable, since is a "PHP Thing"... so....
17
Information / Re: Is CWP still maintained?
« Last post by Starburst on Today at 01:28:05 PM »Then, by your logic, we should blame the creators of the binary... because they created this digital thing.
Or we should blame the creators of guns... not who use them and for what...
You don't really see how your logic makes no sense?
I'm placing blame where is belongs - with PHP...
Quote
The flaw stems from unsafe handling of the id parameter, which is passed directly into PHP’s unserialize() function without validation.
Attackers can supply malicious serialized PHP objects that trigger arbitrary command execution via system().
So are all the CVE's of this PHP vulnerability.
Servers that where correctly secured where not affected.
18
Information / Re: Is CWP still maintained?
« Last post by djprmf on Today at 01:26:13 PM »Then, by your logic, we should blame the creators of the binary... because they created this digital thing.
Or we should blame the creators of guns... not who use them and for what...
You don't really see how your logic makes no sense?
Or we should blame the creators of guns... not who use them and for what...
You don't really see how your logic makes no sense?
19
Information / Re: Is CWP still maintained?
« Last post by Starburst on Today at 01:26:03 PM »Here is the fix to apply to your php.ini
The flaw stems from unsafe handling of the id parameter, which is passed directly into PHP’s unserialize() function without validation.
Attackers can supply malicious serialized PHP objects that trigger arbitrary command execution via system().
This is also blocked by ModSecurity and the OWASP CRS ruleset when correctly configured.
The flaw stems from unsafe handling of the id parameter, which is passed directly into PHP’s unserialize() function without validation.
Attackers can supply malicious serialized PHP objects that trigger arbitrary command execution via system().
This is also blocked by ModSecurity and the OWASP CRS ruleset when correctly configured.
20
Information / Re: Is CWP still maintained?
« Last post by Starburst on Today at 01:17:44 PM »Yes, they are responsible for the software they create, but they DID NOT CREATE PHP...
And that's where this vulnerability is located.
You are blaming CWP in your posts
You need to goto the PHP forums and blame them, as they are the ones who a responsible for the software they created.
Tell me where in the below it mentions CWP, or even cPanel, aaPanel, etc...
--
SUBJECT:
Multiple Vulnerabilities in PHP Could Allow for Remote Code Execution
OVERVIEW:
Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow for remote code execution. PHP is a programming language originally designed for use in web-based applications with HTML content. Successful exploitation could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
And that's where this vulnerability is located.
You are blaming CWP in your posts
Quote
THEY ARE RESPONSIBLE FOR THE SOFTWARE THAT THEY CREATED!for something they had NO control over. And hence it wasn't a CWP bug to even 'disclose' or responsible for.
You need to goto the PHP forums and blame them, as they are the ones who a responsible for the software they created.
Tell me where in the below it mentions CWP, or even cPanel, aaPanel, etc...
--
SUBJECT:
Multiple Vulnerabilities in PHP Could Allow for Remote Code Execution
OVERVIEW:
Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow for remote code execution. PHP is a programming language originally designed for use in web-based applications with HTML content. Successful exploitation could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
