Author Topic: Violation of the personal data protection law with CWP.  (Read 535 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Violation of the personal data protection law with CWP.
« on: April 06, 2020, 11:13:24 AM »
I have noticed, that by using CWP, the law of personal data protection is violated.

I have already reported it to the CWP team, but it seems that it is not urgent, as I was told.

When you create a domain, the SOA record is created with the client's email, which is showing private information and can lead to fines for this.

The CWP team told me that this is because I didn't have an email registered at CWP, which is not correct, it was there from the first moment and creating new packages doesn't solve it either.

It is necessary that you modify the template with which the DNS records are created and that the SOA record is used the one we have indicated in CWP and not the client one.

This is very important for us, since the agency of protection of personal data can give us a fine. While they are fixing this, we are going to cancel all the administration services that we have contracted with CWP, since it is not fair that it has not been corrected yet.

Greetings!

Re: Violation of the personal data protection law with CWP.
« Reply #1 on: April 06, 2020, 11:29:26 AM »
Put in context, this is not unusual.
In WHM/cPanel, you assign an email to receive server alerts. This is then used as the default for SOA DNS records too - a right PITA!
Every time I create a new DNS entry, I go back in and immediately change the email address to the server root account. I discovered this flaw about 20 years ago and nothing has change since! The times that I have forgotten has led to spam, I'm sure. :-(
 

Offline
*
Re: Violation of the personal data protection law with CWP.
« Reply #2 on: April 06, 2020, 11:51:36 AM »
The problem is that if I have the email registered, always in all servers is configured from the beginning.

But CWP ignores it completely. ;)

Re: Violation of the personal data protection law with CWP.
« Reply #3 on: April 06, 2020, 12:36:31 PM »
Are you using the default CWP nameservers and using them as a Registrar?
Use your own and bring back control of records to you.
There are a few freeDNS providers too.

Offline
*
Re: Violation of the personal data protection law with CWP.
« Reply #4 on: April 06, 2020, 01:19:02 PM »
We have created a DNS Cluster for the CWP servers.

Sorry if I don't understand some things, I use a translator and sometimes it's hard to understand :D

Re: Violation of the personal data protection law with CWP.
« Reply #5 on: April 06, 2020, 01:37:01 PM »
Your English is much better than any of my non-native languages! ;)

Offline
***
Re: Violation of the personal data protection law with CWP.
« Reply #6 on: April 06, 2020, 10:37:36 PM »
This is the default behavior of DNS.  However, you can always edit the template for DNS...

Edit

/usr/local/cwpsrv/htdocs/resources/conf/dns/bind/zones/default.tpl

Change the line in the SOA from:
@    86400        IN      SOA     %ns1%. %dns-email%. (

TO
@    86400        IN      SOA     %ns1%. root@yourserver.com. (
Google Hangouts:  rcschaff82@gmail.com

Re: Violation of the personal data protection law with CWP.
« Reply #7 on: April 06, 2020, 11:05:43 PM »
Nice one @rcshaff!
TBH, I didn't delve to find a fix - distracted by too many other things.  :-[
Thanks for the solution.
 8)

Would be better with a variable, however, something like root@%hostname%
« Last Edit: April 06, 2020, 11:08:36 PM by ejsolutions »

Offline
*
Re: Violation of the personal data protection law with CWP.
« Reply #8 on: April 10, 2020, 10:17:23 AM »
Thanks, I found an easy way to do it, which the CWP team could have told me already on the support ticket...

Here's what I did:

1 - Create a new file in: /usr/local/cwpsrv/htdocs/resources/conf/dns/bind/zones/ , with any name, but ending in .tpl = example.tpl.

2 - Copy the content of the file /usr/local/cwpsrv/htdocs/resources/conf/dns/bind/zones/default.tpl.

3 - Simply modify %dns-email% with the value of our generic email.

4 - Inside the CWP panel --> CWP Settings -> Edit Settings , modify the value: Default DNS Zone template . Here I have selected the file I created.

With this "I think" that it works, I will confirm it when I make several tests.

Re: Violation of the personal data protection law with CWP.
« Reply #9 on: April 10, 2020, 10:37:02 AM »
^ Good response, for the benefit of others.
 8)
I'll try to remember to have a play with this later and see if root@%hostname% (or similar) will work, as much more generic.
« Last Edit: April 10, 2020, 10:39:09 AM by ejsolutions »

Re: Violation of the personal data protection law with CWP.
« Reply #10 on: April 12, 2020, 01:10:25 PM »
@CoriaWeb
Thanks for prompting this.  8)
I've opted for the following and it does work; postmaster is a generic requirement according to RFCs and %hostname% with not parse into the DNS configuration. As HOSTNAME is a standard linux ENV, then heck knows why not! (I also tried %host%). Using postmaster is better than root, as many servers will not allow email to be directed to root - which is however beneficial in stopping spam.  ;)

Code: [Select]
cat /usr/local/cwpsrv/htdocs/resources/conf/dns/bind/zones/fixed-soa.tpl
; Generated by CWP
; Zone file for %domain%
$TTL 14400
@    86400        IN      SOA     %ns1%. postmaster@%domain%. (

This is not ideal (from my perspective), as it ties it to a user domain rather than the server FQDN but is a decent compromise.
An alternative might be postmaster@%ns1% but that's not great either, IMHO.