Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - JeroenL

Pages: [1]
1
CSF Firewall / lfd: (WPLOGIN) WP Login Attack (false positives)
« on: May 11, 2022, 09:03:58 AM »
Hi, since a couple of months i have been getting this issue, probably since centos webpanel added new features or made excisting features more strict.

I use CWP pro on different servers variating from CentOS 7-8.

Whenever a user or admin for a wordpress website reauthenticate it's login or resets it's password the users ip address gets blocked with the following rule.

lfd: (WPLOGIN) WP Login Attack 123.123.123.123 (XX/Country/-): 5 in the last 3600 secs - ##Timestamp##

I tried raising the max allowed failed logins but all settings that used "5" in the config file don't affect the setting.
Changing the period of time to check from 3600 to 60 gives same result, changing it to 1 sec seems to solve the false positives but also makes the solution worthless..

So how can i raise the max failed login's for wordpress sites in CSF/LFD so these false positives will stop blocking real customers.....

If this isn't an option i allrdy have a superb block/allow list which basicly makes this whole wordpress LFD solution obsolete since the only thing it blocks now is real customers.

I rather keep this part of CSF/LFD runnning correctly as intended with let's say a higher number then "5" instead of turning it off completely.

Thanks in advance for your replies!

2
CentOS-WebPanel Bugs / cron uses different php version
« on: May 24, 2021, 12:09:24 PM »
I use CWP Pro (CWPpro version: 0.9.8.1064)

I have edited php.ini version for PHP-FPM 7.3.28

User account's use the correct version.

But now it seems that cwp and also cron uses the old version from PHP Version Switcher which was used before the upgrade to cwppro.

Is it intended that after upgrade and activating PHP-FPM 2 different php versions are used?

The problem i run into is.

When a user is using cron then cron is being run with different php.ini settings.

When using USE_PHP=/usr/local/bin/php inside the file that is executed by cron then the settings are being used from the cwp php.ini configuration.
When i try to set it as;
/opt/alt/php-fpm73/usr/php/php.ini then i get file permission errors.

Since i rather don't change those file permissions i would like to ask what would be the best way togo?

I could maintain 2 versions but that seems a little odd

extra info:

I need cron to be able to use the opcache module that comes with fpm....

PHP Version switcher doesn't seem to have those options

3
Hello,

I have been using CWP Pro for several years now for myself and some clients.
This is working as expected, very good job there for the team.

I'm busy making a whitelist for services that should be able to connect to specific servers for specific tasks.
The CWP Pro license on one of the machines that is participating suddenly got expired :o.

Since the firewall on that machine has been setup very strict i'm guessing it needs to be allowed certain connections to maybe certain ports.

Is there anyone who can telle me what ip(s) to exclude from the deny list?

Kind regards

4
Information / Outgoing api call blocked
« on: September 22, 2019, 09:23:44 PM »
Hosting a front-end https://github.com/dvandal/cryptonote-nodejs-pool pool site. Used code is inside the website_example folder. The outgoing api call to the pool server on a different host is being blocked somewhere. Test with same files on a different host works straight out of the box.

The api call is being made to port 8117.

Server info
Distro Name: CentOS Linux release 7.7.1908 (Core)
Kernel Version: 3.10.0-1062.1.1.el7.x86_64
Platform: x86_64 kvm
Apache version: Apache/2.4.39
PHP version: 7.2.12 PHP-FPM is forced
MySQL version: 10.1.41-MariaDB
FTP version: 1.0.47
Web Servers: nginx-varnish-apache

I tried disabling the firewall and mod security but that doesnt make a difference.
Any other ideas where to look?

Thanks in advance.

Pages: [1]