Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
SSL / sslcerty.com no longer working. Domain is for sale
« on: August 04, 2024, 11:22:46 PM »
In SSL Certificate module you have the option to test if your SSL Certs are working well.
There are 4 test buttons there.
Testbutton 4 is linked to sslcerty.com . i just found out this domain is no longer being hosted and working. when looking up on isdown . com it says the domain is parked or for sale.
So maybe the programmers can take the button away or replace it with a link to another test site ?
There are 4 test buttons there.
Testbutton 4 is linked to sslcerty.com . i just found out this domain is no longer being hosted and working. when looking up on isdown . com it says the domain is parked or for sale.
So maybe the programmers can take the button away or replace it with a link to another test site ?
2
CSF Firewall / Security Alert: Potential SSH Backdoor Via Liblzma
« on: March 30, 2024, 01:37:49 PM »
Are we affected too ?
https://hackaday.com/2024/03/29/security-alert-potential-ssh-backdoor-via-liblzma/
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
What is xz?
xz is a general purpose data compression format present in nearly every Linux distribution, both community projects and commercial product distributions. Essentially, it helps compress (and then decompress) large file formats into smaller, more manageable sizes for sharing via file transfers.
In breaking news that dropped just after our weekly security column went live, a backdoor has been discovered in the xz package,
that could potentially compromise SSH logins on Linux systems. The most detailed analysis so far seems to be by [Andres Freund] on the oss-security list.
The xz release tarballs from 5.6.0 in late February and 5.6.1 on March 9th both contain malicious code. A pair of compressed files in the repository contain the majority of the malicious patch, disguised as test files. In practice, this means that looking at the repository doesn’t reveal anything amiss, but downloading the release tarballs gives you the compromised code.
This was discovered because SSH logins on a Debian sid were taking longer, with more CPU cycles than expected. And interestingly, Valgrind was throwing unexpected errors when running on the liblzma library. That last bit was first discovered on February 24th, immediately after the 5.6.0 release. The xz-utils package failed its tests on Gentoo builds.
https://hackaday.com/2024/03/29/security-alert-potential-ssh-backdoor-via-liblzma/
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
What is xz?
xz is a general purpose data compression format present in nearly every Linux distribution, both community projects and commercial product distributions. Essentially, it helps compress (and then decompress) large file formats into smaller, more manageable sizes for sharing via file transfers.
In breaking news that dropped just after our weekly security column went live, a backdoor has been discovered in the xz package,
that could potentially compromise SSH logins on Linux systems. The most detailed analysis so far seems to be by [Andres Freund] on the oss-security list.
The xz release tarballs from 5.6.0 in late February and 5.6.1 on March 9th both contain malicious code. A pair of compressed files in the repository contain the majority of the malicious patch, disguised as test files. In practice, this means that looking at the repository doesn’t reveal anything amiss, but downloading the release tarballs gives you the compromised code.
This was discovered because SSH logins on a Debian sid were taking longer, with more CPU cycles than expected. And interestingly, Valgrind was throwing unexpected errors when running on the liblzma library. That last bit was first discovered on February 24th, immediately after the 5.6.0 release. The xz-utils package failed its tests on Gentoo builds.
3
CSF Firewall / Nearly 11 million SSH servers vulnerable to new Terrapin attacks
« on: February 23, 2024, 02:14:56 PM »
https://www.bleepingcomputer.com/news/security/nearly-11-million-ssh-servers-vulnerable-to-new-terrapin-attacks/
Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections.
The Terrapin attack targets the SSH protocol, affecting both clients and servers, and was developed by academic researchers from Ruhr University Bochum in Germany.
It manipulates sequence numbers during the handshake process to compromise the integrity of the SSH channel, particularly when specific encryption modes like ChaCha20-Poly1305 or CBC with Encrypt-then-MAC are used.
An attacker could thus downgrade the public key algorithms for user authentication and disable defenses against keystroke timing attacks in OpenSSH 9.5.
A notable requirement for the Terrapin attack is the need for attackers to be in an adversary-in-the-middle (AitM) position to intercept and modify the handshake exchange.
It is worth noting that threat actors often compromise networks of interest and wait for the right moment to progress their attack.
A recent report by security threat monitoring platform Shadowserver warns that there are nearly 11 million SSH servers on the public web - identified by unique IP addresses, that are vulnerable to Terrapin attacks.
Another issue that i am not sure about how much it affects our CWP servers. Also another thing to look at byt our " Einsteins "
Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections.
The Terrapin attack targets the SSH protocol, affecting both clients and servers, and was developed by academic researchers from Ruhr University Bochum in Germany.
It manipulates sequence numbers during the handshake process to compromise the integrity of the SSH channel, particularly when specific encryption modes like ChaCha20-Poly1305 or CBC with Encrypt-then-MAC are used.
An attacker could thus downgrade the public key algorithms for user authentication and disable defenses against keystroke timing attacks in OpenSSH 9.5.
A notable requirement for the Terrapin attack is the need for attackers to be in an adversary-in-the-middle (AitM) position to intercept and modify the handshake exchange.
It is worth noting that threat actors often compromise networks of interest and wait for the right moment to progress their attack.
A recent report by security threat monitoring platform Shadowserver warns that there are nearly 11 million SSH servers on the public web - identified by unique IP addresses, that are vulnerable to Terrapin attacks.
Another issue that i am not sure about how much it affects our CWP servers. Also another thing to look at byt our " Einsteins "
4
DNS / DNS Server Vulnerability: Single DNS Packet can Bring Down the System
« on: February 23, 2024, 02:08:29 PM »
https://gbhackers.com/critical-dnssec-flaw/
A new flaw has been discovered in DNSSEC, which, when exploited by threat actors, could result in the unavailability of technologies such as web browsing, email, and instant messaging. This new class of attacks has been termed “KeyTrap” by researchers.
Moreover, a threat actor could completely disable large parts of the worldwide internet. KeyTrap attacks affect not only DNS but also the applications using it. The “KeyTrap” class of attacks has been assigned with CVE-2023-50387, and the severity is yet to be categorized. As of December 2023, 31.47% of the web clients used DNSSEC-validating DNS resolvers worldwide.
Im am not sure in how much our DNS server in the CWP servers are affected by this.. but maybe something for the " Einsteins " amongst us to look at.
A new flaw has been discovered in DNSSEC, which, when exploited by threat actors, could result in the unavailability of technologies such as web browsing, email, and instant messaging. This new class of attacks has been termed “KeyTrap” by researchers.
Moreover, a threat actor could completely disable large parts of the worldwide internet. KeyTrap attacks affect not only DNS but also the applications using it. The “KeyTrap” class of attacks has been assigned with CVE-2023-50387, and the severity is yet to be categorized. As of December 2023, 31.47% of the web clients used DNSSEC-validating DNS resolvers worldwide.
Im am not sure in how much our DNS server in the CWP servers are affected by this.. but maybe something for the " Einsteins " amongst us to look at.
5
DNS / New addresses for b.root-servers.net per 2023-05-16
« on: February 02, 2024, 08:52:16 PM »
https://b.root-servers.org/news/2023/05/16/new-addresses.html
New addresses for b.root-servers.net
2023-05-16
USC/ISI is renumbering both its IPv4 and IPv6 addresses for b.root-servers.net on 2023-11-27. Our new IPv4 address will be 170.247.170.2 and our new IPv6 address will be 2801:1b8:10::b. USC/ISI will continue to support root service over our current IPv4 and IPv6 addresses for at least one year (until 2024-11-27) in order to provide a stable transition period while new root hints files are distributed in software and operating system packages.
We are renumbering to increase the resilience of the Root Servers System by further diversifying the number of Regional Internet Registries (RIRs) that have allocated IP addresses to Root Server Operators. Our addresses will be the first in the Root Server System to have been allocated by LACNIC and our routes will be verifiable through LACNIC’s Resource Public Key Infrastructure (RPKI) Trust Anchor Location (TAL). We thank LACNIC for helping make this renumbering possible, and ARIN for supporting our prior addressing assignments.
Update on 2023-05-30: LACNIC posted a separate announcement about this renumbering.
The named.root or named.ca file in our centos distrubutions were made in 2018. They not have been Updated since.
New addresses for b.root-servers.net
2023-05-16
USC/ISI is renumbering both its IPv4 and IPv6 addresses for b.root-servers.net on 2023-11-27. Our new IPv4 address will be 170.247.170.2 and our new IPv6 address will be 2801:1b8:10::b. USC/ISI will continue to support root service over our current IPv4 and IPv6 addresses for at least one year (until 2024-11-27) in order to provide a stable transition period while new root hints files are distributed in software and operating system packages.
We are renumbering to increase the resilience of the Root Servers System by further diversifying the number of Regional Internet Registries (RIRs) that have allocated IP addresses to Root Server Operators. Our addresses will be the first in the Root Server System to have been allocated by LACNIC and our routes will be verifiable through LACNIC’s Resource Public Key Infrastructure (RPKI) Trust Anchor Location (TAL). We thank LACNIC for helping make this renumbering possible, and ARIN for supporting our prior addressing assignments.
Update on 2023-05-30: LACNIC posted a separate announcement about this renumbering.
The named.root or named.ca file in our centos distrubutions were made in 2018. They not have been Updated since.
6
Other / Cant post a reply on my own started topic
« on: January 30, 2024, 01:51:25 PM »
Forbidden
You don't have permission to access this resource.
is what i get after i pushed the post button.
As you see i dont have troubles creating a new post.
HELP
You don't have permission to access this resource.
is what i get after i pushed the post button.
As you see i dont have troubles creating a new post.
HELP
7
PHP / php-fpm83 not installing well / working
« on: January 29, 2024, 09:46:25 PM »
I have tried installing php-fpm83 about 10 times . i did 2 times a new setup of my bare metal server. i downloaded and have used the latest 8 stream version ( Kernel: Linux 4.18.0-535.el8.x86_64) and the version before that. no matt what i do, i can not get 8,3 installed working. during install i get multiple errors. can not find can not make. I installed while firewall was disabled as i found out that a rule in my firewall ( ip that tried to gain access and was automatic banned, but no idea wich) was blocking access to the repositories. so that cant be the issue either.
Im honestly a bit done with CWP. i have so many little issues that not getting solved.... and i after 10 times reinstalling im a bit done honestly.
anyone any clue what i can do ?
i will paste some messages from the cli
this is the last part of the installation with errors.
when i do a "ls /opt/alt/php-fpm83/usr/lib/php/extensions"
This is the output
This is the output
I have tried to install with the basic settings. turned off ioncube, and still same.
I have zipped and uploaded the complete php-selector-rebuild.log
https://gofile.io/d/5rzfxS
Hope someone can figure out whats wrong,
So im serious in need of help / assistance.
Im honestly a bit done with CWP. i have so many little issues that not getting solved.... and i after 10 times reinstalling im a bit done honestly.
anyone any clue what i can do ?
i will paste some messages from the cli
this is the last part of the installation with errors.
Code: [Select]
Package libsodium-devel-1.0.18-2.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
chdir: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 28505 100 28505 0 0 51360 0 --:--:-- --:--:-- --:--:-- 51360
/usr/local/cwpsrv/htdocs/resources/conf/el8/php-fpm_selector/external_modules/8.3/sodium.sh: line 9: /opt/alt/php-fpm83/usr/bin/phpize: No such file or directory
/usr/local/cwpsrv/htdocs/resources/conf/el8/php-fpm_selector/external_modules/8.3/sodium.sh: line 10: ./configure: No such file or directory
make: *** No targets specified and no makefile found. Stop.
make: *** No rule to make target 'install'. Stop.
/usr/local/cwpsrv/htdocs/resources/conf/el8/php-fpm_selector/external_modules/8.3/sodium.sh: line 14: /opt/alt/php-fpm83/usr/bin/php-config: No such file or directory
ERROR: Missing extension file /sodium.so
Build Completed
###################
Notification added
this is the result when i do a " systemctl status php-fpm83 "Code: [Select]
]# systemctl status php-fpm83
● php-fpm83.service - The PHP FastCGI Process Manager
Loaded: loaded (/usr/lib/systemd/system/php-fpm83.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2024-01-29 22:20:55 CET; 7min ago
Process: 554732 ExecStart=/opt/alt/php-fpm83/usr/sbin/php-fpm --nodaemonize --fpm-config /opt/alt/php-fpm83/usr/etc/php-fpm.conf (code=exited, status=203/EXEC)
Main PID: 554732 (code=exited, status=203/EXEC)
Jan 29 22:20:55 stdwwwsrv001.standerhosting.nl systemd[1]: Started The PHP FastCGI Process Manager.
Jan 29 22:20:55 stdwwwsrv001.standerhosting.nl systemd[1]: php-fpm83.service: Main process exited, code=exited, status=203/EXEC
Jan 29 22:20:55 stdwwwsrv001.standerhosting.nl systemd[1]: php-fpm83.service: Failed with result 'exit-code'.
when i do a "ls /opt/alt/php-fpm83/usr/lib/php/extensions"
This is the output
Code: [Select]
ls: cannot access '/opt/alt/php-fpm83/usr/lib/php/extensions': No such file or directory
When i do "systemctl | grep php " This is the output
Code: [Select]
cwp-phpfpm.service loaded active running The PHP FastCGI Process Manager
cwpsrv-phpfpm.service loaded active running The PHP FastCGI Process Manager
php-fpm53.service loaded active running The PHP FastCGI Process Manager
php-fpm72.service loaded active running The PHP FastCGI Process Manager
php-fpm82.service loaded active running The PHP FastCGI Process Manager
● php-fpm83.service loaded failed failed The PHP FastCGI Process Manager
I have tried to install with the basic settings. turned off ioncube, and still same.
I have zipped and uploaded the complete php-selector-rebuild.log
https://gofile.io/d/5rzfxS
Hope someone can figure out whats wrong,
So im serious in need of help / assistance.
8
CentOS Configuration / Suggestion Improvement of the TCP stack for higher speed
« on: April 27, 2022, 11:23:50 PM »
I may have a suggestion for those running the CWP on a linux distribution.
To improve the upload to your webclients you can implement a different way how the TCP stack is handeling the requests.
Here a link to get more information on how to test it before and after implementation. https://www.cyberciti.biz/cloud-computing/increase-your-linux-server-internet-speed-with-tcp-bbr-congestion-control/
To improve the upload to your webclients you can implement a different way how the TCP stack is handeling the requests.
Quote
Enable TCP BBR and other network stack optimizations
BBR is a new congestion control agorithm which dramatically decreases the time needed for a TCP connection to ramp up to maximum speed. It also contains improvements to counter other problems like router buffer bloat which causes network latency spikes.
To enable BBR you need you have kernel version 4.9 or higher. See your kernel version with uname -a. On Ubuntu you can upgrade to a newer kernel by enabling HWE.
Create a file called /etc/sysctl.d/60-bbr.conf with the following contents:Code: [Select]net.core.default_qdisc = fq_codel
net.ipv4.tcp_congestion_control = bbr
net.ipv4.tcp_notsent_lowat = 16384
net.ipv4.tcp_slow_start_after_idle = 0
After doing that you can run sysctl -p or reboot to apply the changes.
Verify that it’s working with this command: sysctl net.ipv4.tcp_congestion_control. It should return bbr.
Here a link to get more information on how to test it before and after implementation. https://www.cyberciti.biz/cloud-computing/increase-your-linux-server-internet-speed-with-tcp-bbr-congestion-control/
9
PHP / Failed to Download PHP version 8.1.2!
« on: January 31, 2022, 01:17:07 PM »
After going to the PHPO switcher and telling i want to upgrad from 8.1.1 to 8.1.2 the tail log gives me this message after about 3 minutes
/usr/local/src/php-rebuild.sh: line 78: [: -ge: unary operator expected
Failed to Download PHP version 8.1.2!
i tried this on 2 equal same machines and both have same error.
the machine doesnt finish anything and the version stays 8.1.1
/usr/local/src/php-rebuild.sh: line 78: [: -ge: unary operator expected
Failed to Download PHP version 8.1.2!
i tried this on 2 equal same machines and both have same error.
the machine doesnt finish anything and the version stays 8.1.1
10
CentOS 7 Problems / Missing the redirect option in customer userpanel under domain options
« on: October 04, 2021, 10:20:22 PM »
Hello,
I wanted to redirect a domain name i host on my server to another server that i dont own, so i was looking for the redirect option under domain options in the userpanel. It is not there to be found as you can see.
However, when for example i click one of the modules under the domain option and i click with my mouse on the address bar and change the clicked module name into "redirect" i do get the redirect page / module and i can do the things i wanted... and it is still functioning as you can see
So my request to the makers / programmers, is it possible you just put the redirect link in function back in the domain menu again ? That is more convenient to access and a less hassle
Thanks in advance
regards,
Mike
im running centos 8 stream updated to the last updates
I wanted to redirect a domain name i host on my server to another server that i dont own, so i was looking for the redirect option under domain options in the userpanel. It is not there to be found as you can see.
However, when for example i click one of the modules under the domain option and i click with my mouse on the address bar and change the clicked module name into "redirect" i do get the redirect page / module and i can do the things i wanted... and it is still functioning as you can see
So my request to the makers / programmers, is it possible you just put the redirect link in function back in the domain menu again ? That is more convenient to access and a less hassle
Thanks in advance
regards,
Mike
im running centos 8 stream updated to the last updates
11
CentOS-WebPanel Bugs / cwp8
« on: October 16, 2020, 01:01:31 AM »
Hi,
I installed as a vm a new centos 8 minimal and choose for cwp8 with the installation.
But after i logged in it still shows me cwp7 pro in the upper left corner.
Is that ok ? or did something went wrong ?
Does it has to show somewhere cwp8 pro ?
Regards,
Mike
I installed as a vm a new centos 8 minimal and choose for cwp8 with the installation.
But after i logged in it still shows me cwp7 pro in the upper left corner.
Is that ok ? or did something went wrong ?
Does it has to show somewhere cwp8 pro ?
Regards,
Mike
12
PHP Selector / Try to install PHP-FPM 7.4 through the panel but doesnt work
« on: June 17, 2020, 01:40:11 AM »
Hi,
i tried to install PHP-FPM 7.4 through the selector in the panel, but it doesn do anything.
When i look in the log file and in my console with the command tail -f /var/log/php-selector-rebuild.log i get this as output:
-2020-06-17 03:38:07-- http://dl1.centos-webpanel.com/files/php/selector/el7/php-dependencies.sh
Resolving dl1.centos-webpanel.com (dl1.centos-webpanel.com)... 37.187.72.216
Connecting to dl1.centos-webpanel.com (dl1.centos-webpanel.com)|37.187.72.216|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1011 [application/x-sh]
Saving to: '/usr/local/src/php-dependencies.sh'
0K 100% 98.1M=0s
2020-06-17 03:38:07 (98.1 MB/s) - '/usr/local/src/php-dependencies.sh' saved [1011/1011]
Redirecting to /bin/systemctl restart httpd.service
Build Completed
###################
Error:Can't add notification!
Help ?
Regards,
Mike
i tried to install PHP-FPM 7.4 through the selector in the panel, but it doesn do anything.
When i look in the log file and in my console with the command tail -f /var/log/php-selector-rebuild.log i get this as output:
-2020-06-17 03:38:07-- http://dl1.centos-webpanel.com/files/php/selector/el7/php-dependencies.sh
Resolving dl1.centos-webpanel.com (dl1.centos-webpanel.com)... 37.187.72.216
Connecting to dl1.centos-webpanel.com (dl1.centos-webpanel.com)|37.187.72.216|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1011 [application/x-sh]
Saving to: '/usr/local/src/php-dependencies.sh'
0K 100% 98.1M=0s
2020-06-17 03:38:07 (98.1 MB/s) - '/usr/local/src/php-dependencies.sh' saved [1011/1011]
Redirecting to /bin/systemctl restart httpd.service
Build Completed
###################
Error:Can't add notification!
Help ?
Regards,
Mike
13
Backup / New Backup 2
« on: February 16, 2020, 10:12:26 PM »
Implementation of improvement requested.
So far im using the new back up and its functioning well. I am just missing the option to name the file.
I would like the output file name to be able to manual configured, or that you guys put the date of creation in the file name.
Now the file name on the remote location is the same everytime.
I have no idea where the scripts are that i can do it myself, otherwise i would.
But just add / append the creation date and time to the file name so u can have multiple offsite file backups a day
Regards
Mike
So far im using the new back up and its functioning well. I am just missing the option to name the file.
I would like the output file name to be able to manual configured, or that you guys put the date of creation in the file name.
Now the file name on the remote location is the same everytime.
I have no idea where the scripts are that i can do it myself, otherwise i would.
But just add / append the creation date and time to the file name so u can have multiple offsite file backups a day
Regards
Mike
14
CentOS-WebPanel Bugs / Missing start buttons in service status windows
« on: September 14, 2019, 09:42:19 PM »
Hi
I had a working installation before.. and after updates i noticed im missing the start buttons in the service status window.
I been checking and testing but could not find a solution. Since im still learning and playing around.. i decided to make a new installatation on a VM and work from there.
I was even more surprised that after a fresh installation the buttons still missing.
Ido run cwp pro
See attachment
so what to do ?
I had a working installation before.. and after updates i noticed im missing the start buttons in the service status window.
I been checking and testing but could not find a solution. Since im still learning and playing around.. i decided to make a new installatation on a VM and work from there.
I was even more surprised that after a fresh installation the buttons still missing.
Ido run cwp pro
See attachment
so what to do ?
Pages: [1]
