Author Topic: How to Secure CWP webserver  (Read 63890 times)

0 Members and 2 Guests are viewing this topic.

Offline
*
Re: How to Secure CWP webserver
« Reply #15 on: April 20, 2016, 05:03:47 PM »
This is my ssl configuration for cwp

Code: [Select]
Listen 2031
<VirtualHost cp.domain.com:2031>
        ServerName cp.domain.com
        SSLEngine on
        SSLCertificateKeyFile /etc/pki/tls/certs/cp.domain.com.key
        SSLCertificateFile /etc/pki/tls/certs/cp.domain.com.cert
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>

By the way, 2030 and 2031 ports are work without ssl (via http)
« Last Edit: April 21, 2016, 09:43:55 AM by alafurtanfuni »

Offline
*****
Re: How to Secure CWP webserver
« Reply #16 on: April 20, 2016, 05:52:19 PM »
their is no virtual entry for your server ip create one

with your server ip:2031

and with certs
« Last Edit: April 20, 2016, 05:55:55 PM by Sandeep »

Offline
*
Re: How to Secure CWP webserver
« Reply #17 on: April 20, 2016, 06:20:16 PM »
My cwp webserver is getting hacked , can somebody guide me to make it more secure. Thanks


Also install maldet together (for speeding the scan up with clamscan) see https://www.rfxn.com/projects/linux-malware-detect/
and schedule a regular scan through cron.
It can help you find malware . It does not find everything but can be helpful.

(edit) I believe clamscan is already installed on CWP panels.

Offline
*
Re: How to Secure CWP webserver
« Reply #18 on: April 21, 2016, 09:48:54 AM »
their is no virtual entry for your server ip create one

with your server ip:2031

and with certs

I changed cp.domain.com to the private ip (not the public ip).
It's work great! Thank you.

Offline
**
Re: How to Secure CWP webserver
« Reply #19 on: April 22, 2016, 06:28:40 AM »
 I have installed letsencrypt on cwp and here is my  /usr/local/apache/conf.d/vhosts-ssl.conf

 ServerName tshetum.bt
 ServerAlias www.tshetum.bt
 DocumentRoot /home/tshetumb/public_html
 SSLEngine on
 SSLCertificateFile /etc/pki/tls/certs/tshetum.bt.cert
 SSLCertificateKeyFile /etc/pki/tls/private/tshetum.bt.key
 SSLCertificateChainFile /etc/pki/tls/certs/tshetum.bt.bundle
<IfModule mod_suexec.c>
    SuexecUserGroup tshetumb tshetumb
</IfModule>

<IfModule mod_suphp.c>
    suPHP_UserGroup tshetumb tshetumb
    suPHP_ConfigPath /home/tshetumb
</IfModule>

<Directory "/home/tshetumb/public_html">
    AllowOverride All
</Directory>

And when  I open my domain as https://tshetum.bt , its not working , please help


Thanks

Offline
*****
Re: How to Secure CWP webserver
« Reply #20 on: April 22, 2016, 07:25:21 AM »
add Port : listen 443

add the ip :

<VirtualHost x.x.x.x:443>
« Last Edit: April 22, 2016, 07:31:27 AM by Sandeep »

Offline
**
Re: How to Secure CWP webserver
« Reply #21 on: April 22, 2016, 07:30:44 AM »
i did that too...

# vhost_start tshetum.bt
<VirtualHost 202.144.128.217:443>

Offline
*****
Re: How to Secure CWP webserver
« Reply #22 on: April 25, 2016, 10:12:57 AM »
Hello.

Try to add
Code: [Select]
Listen 443
NameVirtualHost 202.144.128.217:443
You can ask me to solve any problem with your server for some money in pm  ;)
Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor
Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp

Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
**
Re: How to Secure CWP webserver
« Reply #23 on: April 27, 2016, 03:43:31 AM »
Thanks, it worked ..
« Last Edit: April 27, 2016, 03:49:40 AM by tshetumd »

Offline
**
Re: How to Secure CWP webserver
« Reply #24 on: April 29, 2016, 03:50:31 AM »
I am getting following while restarting the mysql, please help me :


Warning: Error while sending SET_OPTION packet. PID=1229 in /usr/local/cwpsrv/htdocs/resources/admin/include/functions.php(1) : eval()'d code(1) : eval()'d code on line 5
MySQL server has gone away
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/cwpsrv/htdocs/resources/admin/include/functions.php(1) : eval()'d code(1) : eval()'d code on line 5


Thanks

Offline
*****
Re: How to Secure CWP webserver
« Reply #25 on: April 29, 2016, 04:30:56 AM »
what version of mysql you're running ?

Offline
**
Re: How to Secure CWP webserver
« Reply #26 on: April 29, 2016, 04:34:15 AM »
mysql version is 5.1.73

and moreover I am getting following error while using mod Security :

Forbidden

You don't have permission to access /phpMyAdmin/import.php on this server.

Offline
*****
Re: How to Secure CWP webserver
« Reply #27 on: April 29, 2016, 05:31:58 AM »
do you know about mariadb ?

Mariadb have all the functions of mysql and easy to manage as mysql commands

ModSecurity :
check the error log file and white list the ID
« Last Edit: April 29, 2016, 05:38:04 AM by Sandeep »

Offline
**
Re: How to Secure CWP webserver
« Reply #28 on: April 29, 2016, 05:46:13 AM »
yes i did hear but i didn't use so far.

can you guide me how go about the mod security white listing .


Thanks

Offline
*****
Re: How to Secure CWP webserver
« Reply #29 on: April 29, 2016, 06:35:31 AM »
when you're restarting mysql from cwp GUI then the error code is normal just ignore it

Modsecurity :
http://forum.centos-webpanel.com/mod_security/mod_security-config/