Recent Posts
81
PHP / Re: When will PHP 8.4 be released in CWP?
« Last post by overseer on October 23, 2025, 02:53:48 PM »The fact that i am stating that CWP is lacking in updates, is a fact. Im not dumb to state that everything is OK, when you cannot provide me ONE SIMPLE THING about CWP that have been done in the last 1-2 years! That is a fact...The major work over the last year has been to transition out of CentOS 7 EOL and provide full support for EL8 distributions, with both a delayed repository (for CentOS 8 Stream) and for stable EL8 versions. This lays the groundwork for full EL9 support (which is currently in beta). So it's a big path forward after Red Hat pulled the rug out from under everyone using CentOS. Given this is Enterprise Linux, I would rather have a truly stable, long term supported foundation rather than shiny new features.
And now ConfigServer and Way to the Web pulled the rug out from everyone by closing up shop. At least they left ConfigServer Firewall as GPLv3 code so work can continue on it.
82
Information / Re: Is CWP still maintained?
« Last post by tradenet on October 23, 2025, 02:50:41 PM »My apologies, but I had to chime in.
My Linux experience goes back to 1991. H.J. Lu's boot/root floppy images and less than a few hundred of us on a Usenet group. Then SLS on about 10 floppies if I recall. It's been a long time.
With all due respect to the developers (and some of the "old timers" like me). At minimum, at least a change log needs to be maintained.
Please take it for what it's worth.
With respect,
G.
My Linux experience goes back to 1991. H.J. Lu's boot/root floppy images and less than a few hundred of us on a Usenet group. Then SLS on about 10 floppies if I recall. It's been a long time.
With all due respect to the developers (and some of the "old timers" like me). At minimum, at least a change log needs to be maintained.
Please take it for what it's worth.
With respect,
G.
83
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« Last post by overseer on October 23, 2025, 02:43:50 PM »I'm not sure if the File Manager issue is resolved with the updatehttps://fenrisk.com/rce-centos-webpanel
Quote
Conclusion
This exploitation scenario has been tested on versions 0.9.8.1204 and 0.9.8.1188 on Centos7 and reported to CWP developers the 13th of May 2025 as CVE-2025-48703. It allows a remote attacker who knows a valid username on a CWP instance to execute pre-authenticated arbitrary commands on the server.
The vulnerability has been patched on latest version 0.9.8.1205 during June 2025.
Timeline
13/05/2025: First contact with CWP.
23/05/2025: CVE-2025-48703 assigned.
18/06/2025: Patch available on version 0.9.8.1205.
84
PHP / Re: When will PHP 8.4 be released in CWP?
« Last post by djprmf on October 23, 2025, 02:22:56 PM »So... when will PHP 8.4 be released in CWP? 
And that is where you get it wrong. Just because i have a company that provides cPanel to my clients, doesn't mean im and against CWP. In fact, i use CWP in MANY servers (from my clients and myself, to the hundreds in fact), and i don't need to have a public record in what i have done to them.... im not counting stars in a github repo to increase my ego.
The fact that i am stating that CWP is lacking in updates, is a fact. Im not dumb to state that everything is OK, when you cannot provide me ONE SIMPLE THING about CWP that have been done in the last 1-2 years! That is a fact...
And me stating that is not being a cPanel envagelist... is stating something, because i use CWP, and as much as any other user - including YOU - i don't want it to be a dead panel.
Masking the lack of updates doesn't solve the issue. If you wanna live in your digital world of fantasies, and continue dreaming that CWP is updated, that is fine.... But don't mislead users when is a FACT that there is no update for a long time, not even for a recent version of PHP or a firewall since the end of CSF... (and you know what panel doesn't also have a Firewall? Yes, cPanel!)
And that leads to the point of this topic - when is PHP 8.4 be release? a version that is already "out of date" but CWP not even have.
Also: if your point to not be "toxic" is be tracking my work as that is a point to something... are you stalking me? =)
Im sorry, but are we talking about the same panel/team?
The developers that don't even acknowledge a security issue - and DO NOT still to this day confirm it publicly.
Or the developers that are asked about the CSF EOL, and the response is "we are aware" and nothing else?
Or maybe the developers that still didn't update the panel to support PHP 8.4, when is already a new version out and 8.4 is already outdated?
Please, stop me when i am being a "cpanel envagelist".
Please, prove me that i am wrong....
And that is where you get it wrong. Just because i have a company that provides cPanel to my clients, doesn't mean im and against CWP. In fact, i use CWP in MANY servers (from my clients and myself, to the hundreds in fact), and i don't need to have a public record in what i have done to them.... im not counting stars in a github repo to increase my ego.
The fact that i am stating that CWP is lacking in updates, is a fact. Im not dumb to state that everything is OK, when you cannot provide me ONE SIMPLE THING about CWP that have been done in the last 1-2 years! That is a fact...
And me stating that is not being a cPanel envagelist... is stating something, because i use CWP, and as much as any other user - including YOU - i don't want it to be a dead panel.
Masking the lack of updates doesn't solve the issue. If you wanna live in your digital world of fantasies, and continue dreaming that CWP is updated, that is fine.... But don't mislead users when is a FACT that there is no update for a long time, not even for a recent version of PHP or a firewall since the end of CSF... (and you know what panel doesn't also have a Firewall? Yes, cPanel!)
And that leads to the point of this topic - when is PHP 8.4 be release? a version that is already "out of date" but CWP not even have.
Also: if your point to not be "toxic" is be tracking my work as that is a point to something... are you stalking me? =)
What features are you wanting? Feel free to suggest it to their comment/bug report form. They are responsive there. (I for one do not want CWP to become as bloated as WHM and cPanel have become -- in an effort to include more and more features, their interface has become increasingly cluttered and difficult to navigate for end users.)
Im sorry, but are we talking about the same panel/team?
The developers that don't even acknowledge a security issue - and DO NOT still to this day confirm it publicly.
Or the developers that are asked about the CSF EOL, and the response is "we are aware" and nothing else?
Or maybe the developers that still didn't update the panel to support PHP 8.4, when is already a new version out and 8.4 is already outdated?
Please, stop me when i am being a "cpanel envagelist".
Please, prove me that i am wrong....
85
Apache / Re: rebuild vhosts
« Last post by overseer on October 23, 2025, 01:24:29 PM »Not that I'm aware of...
https://wiki.centos-webpanel.com/rebuild-apache-vhosts
https://wiki.centos-webpanel.com/rebuild-apache-vhosts
86
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« Last post by kurtmix on October 23, 2025, 11:48:32 AM »I'm not sure if the File Manager issue is resolved with the update because my server was recently hacked. Or it was hacked a while ago, but the hacker only acted now, because it only affected traffic to the sites I have on the VPS two weeks ago, and it only affected the .htaccess file since October 17th.
I've been closely monitoring the VPS since the 18th, and apparently nothing strange has happened again. However, I warn you that WordPress websites, in particular, have contaminated files. That is, in addition to new files, they also modify WordPress system files, and the only solution is deleting and restoring a backup.
Also, on WordPress websites, users appeared in the database that were not visible in the WordPress user manager. You need to remove them via PHPMyAdmin.
The hacker modified the robots.txt and .htaccess files to direct traffic to an online store.
I recommend everyone try a Google search for "site:yourdomain.tld" to check for abnormal results or redirects.
I recommend restoring backups of everything in the public_html folder because if any file is infected, the malicious files will reappear.
I've been closely monitoring the VPS since the 18th, and apparently nothing strange has happened again. However, I warn you that WordPress websites, in particular, have contaminated files. That is, in addition to new files, they also modify WordPress system files, and the only solution is deleting and restoring a backup.
Also, on WordPress websites, users appeared in the database that were not visible in the WordPress user manager. You need to remove them via PHPMyAdmin.
The hacker modified the robots.txt and .htaccess files to direct traffic to an online store.
I recommend everyone try a Google search for "site:yourdomain.tld" to check for abnormal results or redirects.
I recommend restoring backups of everything in the public_html folder because if any file is infected, the malicious files will reappear.
87
Updates / Re: ..no dir...
« Last post by Starburst on October 23, 2025, 11:17:50 AM »It's almost Halloween here in the US.
So either works.
All you should have to do is run
And any future kernel updates should not give an error.
So either works.
All you should have to do is run
Code: [Select]
depmod -aAnd any future kernel updates should not give an error.
88
Apache / rebuild vhosts
« Last post by setecabanas on October 23, 2025, 07:05:56 AM »Hello,
Do you know if there is any way to rebuld all apache vhosts from cli ?
Thanks
Do you know if there is any way to rebuld all apache vhosts from cli ?
Thanks
89
PHP / Re: When will PHP 8.4 be released in CWP?
« Last post by overseer on October 23, 2025, 02:34:18 AM »I am only trying to defuse the seemingly weekly threads that keep popping up here decrying CWP as "dead" -- which is NOT true.
What features are you wanting? Feel free to suggest it to their comment/bug report form. They are responsive there. (I for one do not want CWP to become as bloated as WHM and cPanel have become -- in an effort to include more and more features, their interface has become increasingly cluttered and difficult to navigate for end users.)
If this is your hosting company: https://host.tugatech.com.pt -- then I only see cPanel or Plesk offered, not CWP.
And if this is your GitHub repository, you only have a cPanel script, nothing for CWP:
https://github.com/djprmf
Hence my question, are you a cPanel evangelist? Are you a CWP user at all?
What features are you wanting? Feel free to suggest it to their comment/bug report form. They are responsive there. (I for one do not want CWP to become as bloated as WHM and cPanel have become -- in an effort to include more and more features, their interface has become increasingly cluttered and difficult to navigate for end users.)
If this is your hosting company: https://host.tugatech.com.pt -- then I only see cPanel or Plesk offered, not CWP.
And if this is your GitHub repository, you only have a cPanel script, nothing for CWP:
https://github.com/djprmf
Hence my question, are you a cPanel evangelist? Are you a CWP user at all?
90
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« Last post by pedromidiasf on October 22, 2025, 09:32:10 PM »Maybe someone could decode filemanager.php and apply a fix by adding a check for php sessions.
I read that filemanager.php it is already patched. If necessary, disable the client panel ports (2083 and 2082) on the firewall, then restart it to apply the changes.
Logged as admin, you will still be able to access these ports (firewall will whitelist your IP address). Ask a friend to test the URL to see if he gets timed out.
