Recent Posts
91
CentOS-WebPanel GUI / Re: Bug in GUI for New Backup (beta)
« Last post by adrianofnatal on May 15, 2026, 12:06:23 AM »Overseer.
Sure it has some bugs, but before added other options of backup, FTP worked well. Never had problems.
Now it simply does not respect when choose FTP os S3, for example.
It assumes that is a local file backup.
Sure it has some bugs, but before added other options of backup, FTP worked well. Never had problems.
Now it simply does not respect when choose FTP os S3, for example.
It assumes that is a local file backup.
92
CentOS-WebPanel GUI / Re: Bug in GUI for New Backup (beta)
« Last post by overseer on May 14, 2026, 10:47:56 PM »Still in beta, so definitely some bugs here & there.
93
Nginx / NGINX Rift (CVE-2026-42945): Patched nginx available in testing
« Last post by Starburst on May 14, 2026, 08:21:30 PM »This CVE does NOT include/involve CWP, only the direct Nginx package.
⚠️ A heap-based buffer overflow in nginx’s ngx_http_rewrite_module, disclosed as CVE-2026-42945 and nicknamed NGINX Rift, allows an unauthenticated attacker to crash a worker process, or potentially achieve remote code execution on hosts with ASLR disabled, by sending a single crafted HTTP request.
If you operate an internet-facing nginx instance, especially one with non-trivial rewrite rules in front of a PHP or application backend, this matters.
AlmaLinux's core team has built patched nginx packages, which are available in their testing repository.
After the community has helped verify them, AlmaLinux will release them to the production repositories.
⚠️ A heap-based buffer overflow in nginx’s ngx_http_rewrite_module, disclosed as CVE-2026-42945 and nicknamed NGINX Rift, allows an unauthenticated attacker to crash a worker process, or potentially achieve remote code execution on hosts with ASLR disabled, by sending a single crafted HTTP request.
If you operate an internet-facing nginx instance, especially one with non-trivial rewrite rules in front of a PHP or application backend, this matters.
AlmaLinux's core team has built patched nginx packages, which are available in their testing repository.
After the community has helped verify them, AlmaLinux will release them to the production repositories.
94
CentOS-WebPanel Bugs / Re: BUG* backup_manager2 not connecting to ftp server
« Last post by apartamenti on May 14, 2026, 07:17:51 PM »Also there are errors in console :
Uncaught SyntaxError: JSON.parse: unexpected end of data at line 1 column 1 of the JSON data
complete https://domain.com:2031/cwp_8fe31ccb5622ad76e7d62f7b7723767b/admin/index.php?module=backup_manager2:2626
jQuery 6
editbackup https://domain.com:2031/cwp_8fe31ccb5622ad76e7d62f7b7723767b/admin/index.php?module=backup_manager2:2616
onclick https://domain.com:2031/cwp_8fe31ccb5622ad76e7d62f7b7723767b/admin/index.php?module=backup_manager2:1
Uncaught SyntaxError: JSON.parse: unexpected end of data at line 1 column 1 of the JSON data
complete https://domain.com:2031/cwp_8fe31ccb5622ad76e7d62f7b7723767b/admin/index.php?module=backup_manager2:2626
jQuery 6
editbackup https://domain.com:2031/cwp_8fe31ccb5622ad76e7d62f7b7723767b/admin/index.php?module=backup_manager2:2616
onclick https://domain.com:2031/cwp_8fe31ccb5622ad76e7d62f7b7723767b/admin/index.php?module=backup_manager2:1
95
CentOS-WebPanel Bugs / BUG* backup_manager2 not connecting to ftp server
« Last post by apartamenti on May 14, 2026, 06:42:37 PM »I can't create backups to my ftp server! I tried to connect ssh server with ssh it's working but when i tried to connect from CWP panel it's giving login failed. This happened after updating to the new version of CWP server.
Log Monitor
2026-05-14 11:26:04 TYPE FTP --> 1
2026-05-14 11:26:04 Type conection Back FTP
2026-05-14 11:26:05 Failed to connect to xxxxx.storagebox.de (login failed)
2026-05-14 11:26:05 /
2026-05-14 11:26:08 Backup Finished
tail -f /var/log/cwp/cron_backup.log
* There is a bug in the CWP backup_manager2 module: Instead of saving the value you enter as the FTP password, it automatically generates a placeholder in the format PP + date + time (PP20260514112254). As a result, the FTP server
returns an “invalid credentials” error.
Log Monitor
2026-05-14 11:26:04 TYPE FTP --> 1
2026-05-14 11:26:04 Type conection Back FTP
2026-05-14 11:26:05 Failed to connect to xxxxx.storagebox.de (login failed)
2026-05-14 11:26:05 /
2026-05-14 11:26:08 Backup Finished
tail -f /var/log/cwp/cron_backup.log
* There is a bug in the CWP backup_manager2 module: Instead of saving the value you enter as the FTP password, it automatically generates a placeholder in the format PP + date + time (PP20260514112254). As a result, the FTP server
returns an “invalid credentials” error.
96
CentOS-WebPanel Bugs / Re: NodeJS cannot auto start after rebooting the server
« Last post by adrianofnatal on May 14, 2026, 04:36:16 PM »6Sense, but I didn't nothing to choose using PM2.
Just install NodeJS versions and start using it.
Just install NodeJS versions and start using it.
97
CentOS-WebPanel GUI / Re: Bug in GUI for New Backup (beta)
« Last post by adrianofnatal on May 14, 2026, 12:25:55 PM »The backup using S3 is using all root disk in /newbackup/ directory, but is marked to use S3. It should be using /home/tmp_bkp/ form temporary files, but still using /newbackup directory.
Something is wrong with this new backup.
Something is wrong with this new backup.
98
Updates / Re: [SECURITY] What should we update after a fresh CWP install?
« Last post by overseer on May 14, 2026, 11:55:34 AM »Apache, Nginx, Roundcube, MariaDB, CSF, ModSecurity
Tutorials available at:
https://www.alphagnu.com
https://starburst.help
Tutorials available at:
https://www.alphagnu.com
https://starburst.help
99
CentOS-WebPanel Bugs / Re: NodeJS cannot auto start after rebooting the server
« Last post by 6Sense on May 14, 2026, 11:00:08 AM »Mmm I don't use PM2 so it might be your issue.
CWP restarts the node.js server as long as you use the manager so you probably don't need it.
CWP restarts the node.js server as long as you use the manager so you probably don't need it.
100
Updates / [SECURITY] What should we update after a fresh CWP install?
« Last post by kandalf on May 14, 2026, 10:55:23 AM »After installing a new AlmaLinux server with CWP, what components should we really update manually to keep the server secure?
I know Apache currently has a serious security issue, and the default Nginx version installed with CWP also seems quite old. But it is not fully clear which components are handled by the OS, which ones are handled by CWP, and which ones we need to update manually.
For example, should we update Apache, Nginx, PHP versions, Roundcube, MariaDB, OpenSSL, OpenSSH, Postfix, Dovecot, CSF, ModSecurity, etc.?
Also, shouldn’t this be one of the main priorities of the CWP team? One of the reasons to use a control panel is to avoid having to manually inspect every component and guess what is outdated or vulnerable.
Can the community please share useful links, tutorials, or checklists explaining what really needs to be updated after installing CWP and the safest way to keep everything updated over time?
This would make life easier for everyone using CWP.
I know Apache currently has a serious security issue, and the default Nginx version installed with CWP also seems quite old. But it is not fully clear which components are handled by the OS, which ones are handled by CWP, and which ones we need to update manually.
For example, should we update Apache, Nginx, PHP versions, Roundcube, MariaDB, OpenSSL, OpenSSH, Postfix, Dovecot, CSF, ModSecurity, etc.?
Also, shouldn’t this be one of the main priorities of the CWP team? One of the reasons to use a control panel is to avoid having to manually inspect every component and guess what is outdated or vulnerable.
Can the community please share useful links, tutorials, or checklists explaining what really needs to be updated after installing CWP and the safest way to keep everything updated over time?
This would make life easier for everyone using CWP.
