Recent Posts

81

MySQL / Re: MariaDB Password Reset Script Doesn't Work

« Last post by overseer on October 26, 2025, 11:30:08 PM »

Yes, that script is defunct. Use this instead:
https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password

82

MySQL / MariaDB Password Reset Script Doesn't Work

« Last post by Wonder on October 26, 2025, 10:11:03 PM »

I know this script worked perfectly before.

Code: [Select]

/scripts/mysql_pwd_reset
I've recently done several installations of CWP 8 (for various tests), and after installing CWP 8 without restarting, if we run the password reset script, it works. However, if we restart CWP 8 after installing it, it no longer works, and from what I can see, we lose access to CWP administration (and therefore, the MariaDB service is inoperative).
I've tested it with both the stock and upgraded versions of MariaDB.

I understand that, over time and with updates, the script has become "outdated."

This is the code that appears when we run it:

Code: [Select]

[root@server ~]# /scripts/mysql_pwd_reset

Enter the new root password (at least 8 chars).
Or leave it empty if you would like to generate it.
Or press CTRL+C to abort and do not touch it

Enter MySQL root password (NO special characters): testpass9876
Shutting down any mysql processes...
/scripts/mysql_pwd_reset: line 14: [: -eq: unary operator expected
Redirecting to /bin/systemctl stop mariadb.service
/scripts/mysql_pwd_reset: line 26: [: -eq: unary operator expected
Redirecting to /bin/systemctl start mariadb.service
Resetting password... hold on
--------------
UPDATE mysql.user SET Password=PASSWORD('testpass9876'),Authentication_string=PASSWORD('testpass9876') WHERE user='root'
--------------

ERROR 1348 (HY000) at line 1: Column 'Password' is not updatable
Cleaning up...
/scripts/mysql_pwd_reset: line 14: [: -eq: unary operator expected
Redirecting to /bin/systemctl stop mariadb.service

Password reset has been completed

New MySQL root password: testpass9876

Remember to store this password safely!

/scripts/mysql_pwd_reset: line 26: [: -eq: unary operator expected
Redirecting to /bin/systemctl start mariadb.service
[root@server ~]#

83

Installation / Re: Problems installing CWP 8 with MariaDB

« Last post by Wonder on October 26, 2025, 09:41:24 PM »

There's isn't a mariadb repo right after the CWP installation anymore, since the version they are installing is past EOL.

Yes, that's what I've seen. A fresh CWP installation doesn't have a MariaDB repository.

Regarding these instructions:

You also don't need to disable the whole cwp.repo, you can just add this form the above, so MariaDB won't try to install from it.

You add this to cwp.repo below enabled=1

Code: [Select]

exclude=mariadb*
Then follow the upgrade instructions from AlphaGNU.

I could swear I tried it, I could swear I tried it and it didn't work, but now I'm doubting it. I did a lot of testing to be able to post here with confidence. And this point, I think I tried it and it didn't work, but I can't be 100% sure, maybe 90% sure. Since I have a test server now, I can test it and be sure.

All of our servers run AL9 with CWP.

If you don't need PHP below 7.4 or site migration (problem with 2 different security algorithms) AL9 would be better.

And if you want, do the basic AL9 image, and I can login and get everything installed for you. (no cost)
You would just need to PM me your login info.

Indeed, I don't need PHP below 7.4 on two out of three sites, and I'm using AL8 on all of them.
But... if I have the problem you mentioned, I need a migration. I can migrate the website and the database manually, but not the email accounts. I can rsync the email accounts, but, above all, I have a server with many email accounts and the password. I can't ask them to reset it (the password for the email accounts). That would have to be migrated. And it's one of the two issues you mentioned, the migration, which is why it's so important to me, because of the email accounts.

Regarding the basic AL9 image, you can't imagine how much I appreciate it. I installed AL9 from scratch, but unlike AL8, I've noticed that iptables must be installed to activate CSF, and that makes me think maybe more things are needed. It would be helpful to know what those things are. I'll contact you.
Let's see if CWP 9 evolves further and isn't still in Beta...
Thank you sincerely.

84

CentOS-WebPanel Bugs / Re: Issues with PHP version swither (php_switch_v2)

« Last post by overseer on October 26, 2025, 06:35:37 PM »

I don't follow your logic. No company offers indemnity against CVE or 0-day exploits. Not Red Hat, not Oracle, not cPanel. None will reimburse you for lost time or recovery efforts (and even a product refund is very unlikely). Many are setting up bug bounty programs to prevent such public damage to their products (and therefore their reputation) and the open source world expects their code to be reviewed by knowledgeable coders. You can purchase insurance against exploits if you want, though...

But really, this is a value proposition to provide you with an inexpensive web panel to make administration easier for you and end users. It's up to you to secure your core system and reduce your attack surface. A secure (and backed up) system won't have as much of a problem with a 0-day or CVE without an immediate patch.

85

CentOS-WebPanel Bugs / Re: Issues with PHP version swither (php_switch_v2)

« Last post by Linux on October 26, 2025, 05:23:26 PM »

CWP Pro is well worth the few $$ to support the development and gain useful features.

Yeah right, I can see that very well with the "development" part. Buy and use pro, then surprize - your server is hacked. Is cwp going to pay any damages to hundreds of websites for not securing their panel? No.

86

CentOS-WebPanel Bugs / Re: Issues with PHP version swither (php_switch_v2)

« Last post by Linux on October 26, 2025, 05:20:24 PM »

What OS are you installing CWP onto?

Are you able to switch to PHP 8.2 or 8.3?

Cwp is installed on Almalinux 8.10
There are 2 versions of PHP that don't have vulnerabilities: 8.1.33 and 8.2.29. No, it did not work switching to php 8.2. I'm not interested in making experiments with my time.

87

Installation / Re: Problems installing CWP 8 with MariaDB

« Last post by Starburst on October 26, 2025, 02:56:26 PM »

There's isn't a mariadb repo right after the CWP installation anymore, since the version they are installing is past EOL.

You also don't need to disable the whole cwp.repo, you can just add this form the above, so MariaDB won't try to install from it.

You add this to cwp.repo below enabled=1

Code: [Select]

exclude=mariadb*
Then follow the upgrade instructions from AlphaGNU.

All of our servers run AL9 with CWP.

If you don't need PHP below 7.4 or site migration (problem with 2 different security algorithms) AL9 would be better.

And if you want, do the basic AL9 image, and I can login and get everything installed for you. (no cost)
You would just need to PM me your login info.

88

Installation / Re: Problems installing CWP 8 with MariaDB

« Last post by Wonder on October 26, 2025, 12:17:50 PM »

Yes, I reinstalled yesterday and the same thing happened again, the same problem and errors at the same point or points, so I deduced that the installer + Almalinux 8 had changed something (I mean the installer: https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-install-tutorials/updated-cwp-installer-script-for-almalinux-8-with-mariadb-10-6/ )
So, indeed, I used the stock CWP installer (from CWP web) and then updated MariaDB following the instructions here:
https://www.alphagnu.com/topic/23-upgrade-mariadb-1011-in-cwp-centos-7-centos-8-stream-almalinux-78-rockylinux-78/
But as I mentioned, there is one point that is not viable, it gives the error I indicated In the first post, at this point:

Code: [Select]

yum clean all
yum install MariaDB-server MariaDB-client MariaDB-devel MariaDB-shared net-snmp perl-DBD-MySQL -y
yum update -yJust before

Code: [Select]

yum install MariaDB.... etc....We need to disable the CWP repo. If you don't disable the CWP repo, the MariaDB update won't happen.

You must disable the MariaDB repo. The instructions would be:

Code: [Select]

yum clean all
nano /etc/yum.repos.d/cwp.repo
Set enabled=0
Save changes, and then:
yum install MariaDB-server MariaDB-client MariaDB-devel MariaDB-shared net-snmp perl-DBD-MySQL -y
Then, very important:
nano /etc/yum.repos.d/cwp.repo
Set enabled=1
Save changes
yum update -y The following steps are as described in the manual.

This is the only viable way I found to update MariaDB. I performed several installations (on the same server for testing) so I can provide accurate instructions here.

By the way, sorry for being off-topic, you say you've moved to AL9 using CWP9. I currently have a server for testing, and I've tested it. To install CSF, I have to install iptables (iptables doesn't come installed by default, although it's not a major problem), but... is CWP9 fully operational?
It still has the problem of not being able to migrate accounts from CWP8 to CWP9, and that's important to me. I would migrate some to AL/CWP9, but if I can't do the migration, I can't. AL9 is only viable for fresh installations, but for existing ones, if the account can't be migrated, CWP -> CWP Migration is important to me.

Thanks

89

CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ

« Last post by pedromidiasf on October 26, 2025, 09:44:01 AM »

I'm not sure if the File Manager issue is resolved with the update because my server was recently hacked. Or it was hacked a while ago, but the hacker only acted now, because it only affected traffic to the sites I have on the VPS two weeks ago, and it only affected the .htaccess file since October 17th.
I've been closely monitoring the VPS since the 18th, and apparently nothing strange has happened again. However, I warn you that WordPress websites, in particular, have contaminated files. That is, in addition to new files, they also modify WordPress system files, and the only solution is deleting and restoring a backup.
Also, on WordPress websites, users appeared in the database that were not visible in the WordPress user manager. You need to remove them via PHPMyAdmin.
The hacker modified the robots.txt and .htaccess files to direct traffic to an online store.
I recommend everyone try a Google search for "site:yourdomain.tld" to check for abnormal results or redirects.

I recommend restoring backups of everything in the public_html folder because if any file is infected, the malicious files will reappear.

Configure your vhosts (or add an .htaccess configuration to your websites).

If you don't need, disable these php functions:
Command execution: exec, system, passthru, shell_exec, proc_open, popen, pcntl_exec
File and folder permissions: chmod, chown, chgrp
Date time manipulation of files: touch
Code evaluation: eval, create_function, assert

Make sure that in your php.ini you have this configuration:
allow_url_include = Off

Then change your file permissions so no one can change the content. Only allow file changes in uploaded folders and don't allow then to execute files.

At the moment, your vulnerabilities are just within PHP.

90

CentOS-WebPanel Bugs / Re: Issues with PHP version swither (php_switch_v2)

« Last post by overseer on October 25, 2025, 11:41:47 PM »

CWP Pro is well worth the few $$ to support the development and gain useful features.