Recent Posts
11
MySQL / Re: Allow Remote Access to MariaDB Database
« Last post by overseer on March 26, 2026, 02:29:10 PM »I think we're all saying the same thing, just coming from different angles. I wasn't correcting you or your practices (specific use case). I was just wanting to put out a "for the record" notice for the sake of other new users and those wanting to reference the forum. In a normal use case, with CWP and other web hosting environments MariaDB is limited to local socket connections for security purposes. You can open it up from there with full knowledge & intent, keeping security in the forefront of your mind.
12
Information / Re: Modernizing CWP: Drop EOL, Support AL9, AL10 & Rocky
« Last post by saviorhost on March 26, 2026, 07:58:48 AM »I switched to KeyHelp panel because I no longer trust CWP. It works very stably.
13
MySQL / Re: Allow Remote Access to MariaDB Database
« Last post by Andrew C on March 26, 2026, 07:05:12 AM »Hello Starburst,
You need to read my post again.
In this thread only you have used the word "Public" not me. I have not suggested that mariadb should be made public by default. That is disingenuous for you to suggest that ! It undermines all the good work you have been doing helping others.
Yes I agree control panels do limit database access to localhost by default. However I have explained legitimate reasons for allowing restricted remote access to mariadb. If you don’t use advanced database tools or gui form builders or use database replication for backups etc that’s fine too. None of which can be achieved without restricted remote access to mariadb on CWP.
Yes I agree CWP and Mariadb are developed by too different entities. However they are packaged together in the same platform (CWP) so you have to consider them both when doing cyber security risk analysis.
CWP has not been rolling out security patches and fixes or rolling out new versions of those core application therefore putting CWP security at risk. Some of those apps are EOL and are not being patched by updates anymore. I am more concerned about this problem than allowing restricted remote access to mariadb.
However you and others have been helping user upgrade those apps on CWP and I thank you for providing that help.
CWP should be doing that work in their regular updates. So discussing both CWP and mariadb's security is perfectly reasonable and acceptable.
Thanks.
You need to read my post again.
In this thread only you have used the word "Public" not me. I have not suggested that mariadb should be made public by default. That is disingenuous for you to suggest that ! It undermines all the good work you have been doing helping others.
Yes I agree control panels do limit database access to localhost by default. However I have explained legitimate reasons for allowing restricted remote access to mariadb. If you don’t use advanced database tools or gui form builders or use database replication for backups etc that’s fine too. None of which can be achieved without restricted remote access to mariadb on CWP.
Yes I agree CWP and Mariadb are developed by too different entities. However they are packaged together in the same platform (CWP) so you have to consider them both when doing cyber security risk analysis.
CWP has not been rolling out security patches and fixes or rolling out new versions of those core application therefore putting CWP security at risk. Some of those apps are EOL and are not being patched by updates anymore. I am more concerned about this problem than allowing restricted remote access to mariadb.
However you and others have been helping user upgrade those apps on CWP and I thank you for providing that help.
CWP should be doing that work in their regular updates. So discussing both CWP and mariadb's security is perfectly reasonable and acceptable.
Thanks.
14
MySQL / Re: Allow Remote Access to MariaDB Database
« Last post by Starburst on March 25, 2026, 09:57:56 PM »In one sentence you say database access Should Be Public, but then you say you restrict access.
All control panels limit database access to only localhost be default, not just CWP. That is basic cyber security 101.
CWP has nothing to do with MariaDB. 2 different developers.
If you have the MariaDB.repo setup, then any updates & security patches will be applied.
All control panels limit database access to only localhost be default, not just CWP. That is basic cyber security 101.
CWP has nothing to do with MariaDB. 2 different developers.
If you have the MariaDB.repo setup, then any updates & security patches will be applied.
15
MySQL / Re: Allow Remote Access to MariaDB Database
« Last post by Andrew C on March 25, 2026, 12:42:56 PM »Hello overseer,
I have to disagree that allowing remote database access is poor security practice. Maybe if you are just using CWP for hosting websites or possibly for the in experienced that might be true.
It is common practice to remote connect to MariaDB with advanced admin tools to manage the database. Myphpadmin is only a very basic tool.
Many distributed apps use GUI form builders which connect to the database . Not all applications are web based and some don’t run on CWP or even on the same box but remotely.
Again if you need database replication and or clustering you also need remote access. Just because Mariadb runs on CWP does not mean you cant' use these advanced technologies etc. CWP is very useful for running multi-tenant applications with backup replication.
I'm a cyber security expert and experienced database and software developer. I have properly configured the firewall rules and mariadb user logon restrictions to only accept connections from specific local IP addresses and port numbers. And I have verified such settings by testing using various security apps. And I don't rely on CWPs firewall but have multiple firewalls from different vendors.
However I'm more concerned with CWP not rolling out regular security patches and instead focuses on changing the UI as job priority number one. That concerns me more.
Thanks.
I have to disagree that allowing remote database access is poor security practice. Maybe if you are just using CWP for hosting websites or possibly for the in experienced that might be true.
It is common practice to remote connect to MariaDB with advanced admin tools to manage the database. Myphpadmin is only a very basic tool.
Many distributed apps use GUI form builders which connect to the database . Not all applications are web based and some don’t run on CWP or even on the same box but remotely.
Again if you need database replication and or clustering you also need remote access. Just because Mariadb runs on CWP does not mean you cant' use these advanced technologies etc. CWP is very useful for running multi-tenant applications with backup replication.
I'm a cyber security expert and experienced database and software developer. I have properly configured the firewall rules and mariadb user logon restrictions to only accept connections from specific local IP addresses and port numbers. And I have verified such settings by testing using various security apps. And I don't rely on CWPs firewall but have multiple firewalls from different vendors.
However I'm more concerned with CWP not rolling out regular security patches and instead focuses on changing the UI as job priority number one. That concerns me more.
Thanks.
16
MySQL / Re: Allow Remote Access to MariaDB Database
« Last post by overseer on March 24, 2026, 09:48:10 PM »For the record, that is generally regarded as a poor security practice. Usually, you only want to allow localhost connections to your MariaDB database as remote access greatly increases your attack surface (and desirability as a target). Of course, you could securely tunnel in and connect that way, but better to keep it locally to a unix socket and forget remote TCP/IP connections to MariaDB.
17
MySQL / Re: Allow Remote Access to MariaDB Database
« Last post by Andrew C on March 24, 2026, 03:52:26 PM »Hello,
Today I managed to successfully connect to a specific MariaDB database on CWP and get the remote app working.
Thanks
Today I managed to successfully connect to a specific MariaDB database on CWP and get the remote app working.
Thanks
18
MySQL / Allow Remote Access to MariaDB Database
« Last post by Andrew C on March 24, 2026, 01:26:58 PM »Hello,
I can't seem to find anything related to enabling MariaDB remote access in the CWP user logon under the database section. Is the option hidden away some where else?
For a given MariaDB database in a particular account how do you enable remote access so that you can connect to it from the local ip network not the internet IP. I wish to use some remote management tools on a specific database.
Thanks.
I can't seem to find anything related to enabling MariaDB remote access in the CWP user logon under the database section. Is the option hidden away some where else?
For a given MariaDB database in a particular account how do you enable remote access so that you can connect to it from the local ip network not the internet IP. I wish to use some remote management tools on a specific database.
Thanks.
19
Information / Re: Modernizing CWP: Drop EOL, Support AL9, AL10 & Rocky
« Last post by Andrew C on March 23, 2026, 09:40:20 AM »Hello.
Yes I agree with you 100%.
I have revised my priority list as follow:
1. Security Fixes (Priority 0)
2. AlmaLinux and Rocky Linux 9.x support (Priority 1)
3. PHP updates (Priority 2)
4. Core application updates (e.g. MariaDB, Apache, Nginx etc ..) (Priority 3)
5. New modules and features (Priority 4)
6. Interface redesign (Priority 5)
7. AlmaLinux and Rocky Linux 10.x support (Priority 6)
Thanks
Yes I agree with you 100%.
I have revised my priority list as follow:
1. Security Fixes (Priority 0)
2. AlmaLinux and Rocky Linux 9.x support (Priority 1)
3. PHP updates (Priority 2)
4. Core application updates (e.g. MariaDB, Apache, Nginx etc ..) (Priority 3)
5. New modules and features (Priority 4)
6. Interface redesign (Priority 5)
7. AlmaLinux and Rocky Linux 10.x support (Priority 6)
Thanks
20
Information / Re: Modernizing CWP: Drop EOL, Support AL9, AL10 & Rocky
« Last post by ghoste on March 20, 2026, 06:03:22 PM »Hello everyone,
I agree with your proposal, but, have you ever checked your servers? For example shodan.io, then enter the public IP of the server or the IP to which the cwp server is connected and you will be amazed how many vulnerabilities you will find in the CWP Control Panel, regardless of whether you have servers with centos7 or almalinux, these CVEs must be resolved, when installing bring the latest versions of apache, nginx, mariadb, postfix, dovecot, roundcube (here is the big problem already, a lot of email accounts injected into sieve - with forward on all incoming emails)..etc, not to mention all the publications on CISA - the US Security Agency.
I have 20 cwp panel pro servers, and I don't know what to do, where to choose.
I know there are many control panels but I don't want to give up on cwp panel.
They say that a new version is coming, a new interface, what do we do then? Do we migrate the servers again? Are the security issues being resolved? What firewall will be in the new versions? CSF - LFD is dead.....
They don't say anything that will be resolved in the 2024 updates (and then the issue was ambiguous), they just change the version.
Check your servers on shodan.io or another site that can check vulnerabilities! Let's see then how things are with cwp!
Good luck
I agree with your proposal, but, have you ever checked your servers? For example shodan.io, then enter the public IP of the server or the IP to which the cwp server is connected and you will be amazed how many vulnerabilities you will find in the CWP Control Panel, regardless of whether you have servers with centos7 or almalinux, these CVEs must be resolved, when installing bring the latest versions of apache, nginx, mariadb, postfix, dovecot, roundcube (here is the big problem already, a lot of email accounts injected into sieve - with forward on all incoming emails)..etc, not to mention all the publications on CISA - the US Security Agency.
I have 20 cwp panel pro servers, and I don't know what to do, where to choose.
I know there are many control panels but I don't want to give up on cwp panel.
They say that a new version is coming, a new interface, what do we do then? Do we migrate the servers again? Are the security issues being resolved? What firewall will be in the new versions? CSF - LFD is dead.....
They don't say anything that will be resolved in the 2024 updates (and then the issue was ambiguous), they just change the version.
Check your servers on shodan.io or another site that can check vulnerabilities! Let's see then how things are with cwp!
Good luck
