This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
CSF Firewall / sshd Accepted root password? False positive? Help!
« on: February 07, 2024, 05:54:43 PM »
Hi there...
I had a problem today and I was scared!
I received this email from CSF alert: (changed some info to XXX for security reasons on this post)
BUT my /var/log/secure show only this lines:
Other logs when I do login, shows like:
There is no log lines like Accepted password for this IP 45.XXX.XXX.XXX
Is CSF sending wrong alert emails?
I can't say for sure, but I was very scared when I received this email!
Take a look on email body, it says LOG LINE:
Feb 7 14:00:15 srv01 sshd[18293]: Accepted password for root from 45.XXX.XXX.XXX port 47024 ssh2
Doesn't have this line im my /var/log/secure
WTF? The user who logged in deleted line at 14:00:15 from the /var/log/secure or what?
I still scared!
I had a problem today and I was scared!
I received this email from CSF alert: (changed some info to XXX for security reasons on this post)
Code: [Select]
Subject: lfd on srvXX.XXXXX.com: SSH login alert for user root from 45.XXX.XXX.XXX (EE/Estonia/XXXX-vds-XXXXXX.pp.ua)
Time: Wed Feb 7 14:00:17 2024 -0300
IP: 45.XXX.XXX.XXX (EE/Estonia/XXXX-vds-XXXXXX.pp.ua)
Account: root
Method: password authentication
Log line:
Feb 7 14:00:15 srvXX sshd[18293]: Accepted password for root from 45.XXX.XXX.XXX port 47024 ssh2
BUT my /var/log/secure show only this lines:
Code: [Select]
Feb 7 14:00:20 srvXX sshd[18293]: Received disconnect from 45.XXX.XXX.XXX port 47024:11:
Feb 7 14:00:20 srvXX sshd[18293]: Disconnected from 45.XXX.XXX.XXX port 47024
Feb 7 14:00:20 srvXX sshd[18293]: pam_unix(sshd:session): session closed for user root
Other logs when I do login, shows like:
Code: [Select]
Feb 7 14:07:41 srvXX sshd[18651]: Accepted password for root from 187.XX.XX.XXX port 38198 ssh2
Feb 7 14:07:41 srvXX sshd[18651]: pam_unix(sshd:session): session opened for user root by (uid=0)
There is no log lines like Accepted password for this IP 45.XXX.XXX.XXX
Is CSF sending wrong alert emails?
I can't say for sure, but I was very scared when I received this email!
Take a look on email body, it says LOG LINE:
Feb 7 14:00:15 srv01 sshd[18293]: Accepted password for root from 45.XXX.XXX.XXX port 47024 ssh2
Doesn't have this line im my /var/log/secure
WTF? The user who logged in deleted line at 14:00:15 from the /var/log/secure or what?
I still scared!
2
CentOS-WebPanel GUI / How to (steps) to increase GUI performance?
« on: February 06, 2024, 04:29:49 PM »
Hi there, I'm new to cwp and sorry about to ask it here before try to search inside the server, just trying to safe some time by trying to learn it!
Some times, I see the web gui (control panel) gets little slow to do some things, load pages and more. The server with is installed is a monster machine!
Where do I go to give more resources to make the GUI more faster, like more memory, and other things?
This use the main php over the system? Use other instance of webserver or the same as websites?
Thank you for the info!
Some times, I see the web gui (control panel) gets little slow to do some things, load pages and more. The server with is installed is a monster machine!
Where do I go to give more resources to make the GUI more faster, like more memory, and other things?
This use the main php over the system? Use other instance of webserver or the same as websites?
Thank you for the info!
3
CentOS-WebPanel GUI / Default entries on CWP where we listing accounts or domains! (10,25,50,100)
« on: September 20, 2019, 01:32:32 AM »
Hi there.
Sorry about to ask here for it, i tried to search instead of open a new topic but i haven't found anything.
Where we list accounts or other things, we have select box to how how many accounts we whants to show (10,25,50,100)
There is any option to make as default to "show all" instead of choose these values? Or maybe increase it to 999999 and put this 99999 as default?
Thank you for your time and help. (I'm just starting with cwp.pro version).
Sorry about to ask here for it, i tried to search instead of open a new topic but i haven't found anything.
Where we list accounts or other things, we have select box to how how many accounts we whants to show (10,25,50,100)
There is any option to make as default to "show all" instead of choose these values? Or maybe increase it to 999999 and put this 99999 as default?
Thank you for your time and help. (I'm just starting with cwp.pro version).
Pages: [1]