Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - damador

Pages: [1]
1
Updates / Re: CWP auto updates
« on: April 29, 2021, 01:09:51 PM »
another problem

[root@vps src]#  sh /scripts/update_cwp


====================================================
============= CentOS Web Panel Cron ================
====================================================


###########################
Firewall Flush Daily Blocks
###########################


######################
Update Server Packages
######################

Redirecting to /bin/systemctl restart cwpsrv.service
Redirecting to /bin/systemctl restart httpd.service
Redirecting to /bin/systemctl reload httpd.service
Redirecting to /bin/systemctl reload nginx.service
Redirecting to /bin/systemctl reload httpd.service


still didnt want update to 1056

2
Apache / Re: Apache log file too large
« on: April 25, 2021, 12:34:41 PM »
setup logorotate for dom logs and apache logs


/usr/local/apache/domlogs/*.log   /usr/local/apache/logs/*.log  /usr/local/apache/logs/*_log  {
    daily
    missingok
    rotate 30
    compress
    delaycompress
    notifempty
    create 640 root adm
    sharedscripts
    postrotate
   /bin/kill -HUP `cat /usr/local/apache/logs/httpd.pid 2>/dev/null` 2> /dev/null || true
        /bin/kill -USR1 `cat /run/nginx.pid 2>/dev/null` 2>/dev/null || true
    endscript
}

thiis will make smaler flies that you can remove after you dont need - keeping last 20-30 days if needed

4
Updates / VARNISH update - tutorial for varnish 6.6
« on: April 19, 2021, 05:57:27 PM »
How to make latest varnish on CWP 7 work

centos 7 cwp

first - backup

/etc/ld/so/conf.d/varnish-x86_64.conf
/etc/logorate.d/varnish
/etc/varnish *.* along with all conf.d vhost files

/usr/lib/systemd/system/ varnish.service   and varnishcsa.service



https://packagecloud.io/varnishcache/varnish66/install#bash-rpm

Code: [Select]
curl -s https://packagecloud.io/install/repositories/varnishcache/varnish66/script.rpm.sh | sudo bash
this will add repository with new 6.6 packages for centos 7

update varnish package via yum update or CWP panel

copy back all files from backup - restart varnish and voila

Code: [Select]
[root@vps ~]# varnishd -V
varnishd (varnish-6.6.0 revision ef54768fc10f5b19556c7cf9866efc88cfbda8ff)
Copyright (c) 2006 Verdens Gang AS
Copyright (c) 2006-2020 Varnish Software
[root@vps ~]#

5
Updates / Monit update
« on: April 18, 2021, 10:15:08 PM »
in CWP there is old monit v 5.26 - its is safe to update from sources or CWP use changed / modded version ?

6
CSF Firewall / Re: CSF - IP tables rules
« on: April 12, 2021, 06:23:33 PM »
119.45.95.69 - - [12/Apr/2021:20:20:58 +0200] "POST /xmlrpc.php HTTP/2.0" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.45.95.69 - - [12/Apr/2021:20:20:59 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.45.95.69 - - [12/Apr/2021:20:21:00 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.45.95.69 - - [12/Apr/2021:20:21:03 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.45.95.69 - - [12/Apr/2021:20:21:04 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.45.95.69 - - [12/Apr/2021:20:21:05 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.45.95.69 - - [12/Apr/2021:20:21:06 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.45.95.69 - - [12/Apr/2021:20:21:06 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.45.95.69 - - [12/Apr/2021:20:21:08 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.45.95.69 - - [12/Apr/2021:20:21:16 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.45.95.69 - - [12/Apr/2021:20:21:23 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.45.95.69 - - [12/Apr/2021:20:21:24 +0200] "POST /xmlrpc.php HTTP/2.0" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.45.95.69 - - [12/Apr/2021:20:21:27 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.45.95.69 - - [12/Apr/2021:20:21:28 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.45.95.69 - - [12/Apr/2021:20:21:29 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.45.95.69 - - [12/Apr/2021:20:21:30 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.45.95.69 - - [12/Apr/2021:20:21:31 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.45.95.69 - - [12/Apr/2021:20:21:33 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.45.95.69 - - [12/Apr/2021:20:21:34 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.45.95.69 - - [12/Apr/2021:20:21:38 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.45.95.69 - - [12/Apr/2021:20:21:39 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"


aaaand another :)

7
CSF Firewall / CSF - IP tables rules
« on: April 11, 2021, 02:56:26 PM »
Situation - i have set custom rules for Wordpress XMLRPC attack - csf deny rule was triggered and IP come to 24 h ban in CSF deny list but ... acces log for domain show

119.29.93.25 - - [11/Apr/2021:15:47:51 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:52 +0200] "POST /xmlrpc.php HTTP/2.0" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:52 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:53 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:53 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:53 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:54 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:54 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:55 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:55 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:56 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:56 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:56 +0200] "POST /xmlrpc.php HTTP/2.0" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:57 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:57 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"

- yeah webserver return 403 but i want to execute blok rule before it even hit nginx proxy or apache

i did  itables -A INPUT -s 119.29.93.25 -j DROP which added IP to drop chain and stopped the flood ( got 3 MB / munute log size )  - is there a rule / way to make it auto seems that CSF drop rule make server to respond with 403 but traffic still hit it and make log spam

8
Nginx / Re: Possible NginX Bug in CWP7
« on: July 02, 2017, 07:47:36 AM »
ive got similar thins - vps on OpenVZ

http://imgur.com/a/TELlf

centos 7 and no option to run nginx

Pages: [1]