This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
E-Mail / Security level low, need fix some configurations.
« on: December 02, 2019, 01:14:51 PM »
Hi to all,
I'M new on Centos Panel.
I'm testing the panel and services and found that once the panel configure the email settings there are security issues.
The security issues is about the SSL configuration.
I created an user that has a domain configured with SSL.
The admin panel is setup in a SSL domain.
I login as user (CWP Panel), goes into email section.
Here i can see the created email address and below Mail Settings Secure SSL/TLS Settings.
This settings is not really secure just test here: https://www.immuniweb.com/ssl
See: https://www.immuniweb.com/ssl/?id=T1Zhx3qf
TLS 1.0 is still supported. How i can disable this for email?
How can i set different chippers suite for email?
Thanks
I'M new on Centos Panel.
I'm testing the panel and services and found that once the panel configure the email settings there are security issues.
The security issues is about the SSL configuration.
I created an user that has a domain configured with SSL.
The admin panel is setup in a SSL domain.
I login as user (CWP Panel), goes into email section.
Here i can see the created email address and below Mail Settings Secure SSL/TLS Settings.
This settings is not really secure just test here: https://www.immuniweb.com/ssl
See: https://www.immuniweb.com/ssl/?id=T1Zhx3qf
TLS 1.0 is still supported. How i can disable this for email?
How can i set different chippers suite for email?
Thanks
2
CentOS 7 Problems / Love VS Not Love of CWP Panel. Many issues on Centos 7
« on: February 04, 2017, 02:57:05 PM »
I love this new panel also if I AM new and I come from Webuzo who is a lot better as interface.
Testing CWP on CentOs 7 seems to have a lot of issues.
- Email is missing secure ciphers suite so postfix and dovecot should be configured better
- If Apache or Bind or Dovecot or one of the service running as pureftpd etc have issue because user change configuration and is creating an issue is not possible remove and resume ... for example if I made broke Apache in Webuzo I can simply uninstall Apache from the panel and reinstall with default settings. This with Bind, PureFTP and all. In CWP if some service is not working and you are unable to fix is a big problem. In my test I need reinstall the panel many different times (also for BUG and issues)
For example one of this BUG issue was that now whn I add an user with a domain BIND stop to work. IF I remove the user BIND turn again ON.
Also button messages on top if clicked show errors as the file manager.
If you install a Let's Encrypt certificate you can see it on the list but you cannot remove... so if you decide to come back to HTTP you cannot do.
If an user is suspended than reactive FTP may not work or if you have previously activated Let's Encrypt than FTP as been switced to FTP under TLS this settings is loosed so when user try to connect after being reactived have to use not secure FTP also if Let's Encrypt certificate is active. Administrator need to go on pureftpd and disallow manually non TLS connections.
Once you have installed an SSL the score on https://www.htbridge.com/ssl/ is very good. A but if you do a server test here: https://www.htbridge.com/websec/ the score will be very bad F.
I tried to add configuration in Apache as I have made in Webuzo and where now in Webuzo I get A but with CWP I AM unable to have more than C+ I don't know why.
The most bug issue maybe for me is that you do not have (as in Webuzo exist) the possibility to unistall and reinstall a component if this is not working (Apache, BIND, pureftpd, etc)
For example when I added an user with a domain BIND has stopped to work. For me this is an issue on the programming of the control panel as my installation was new.
Softaculous is not working for now but you will fix soon as you told.
There is a lot of work to do, for now I love this panel because Webuzo for now missed antivirus and antispam and is a single control panel so you cannot really manage users but also on CWP I see issues on managing user as seems there are different issues.
CWP is a good panel idea but need works.
This is all I found in this days by testing it.
Testing CWP on CentOs 7 seems to have a lot of issues.
- Email is missing secure ciphers suite so postfix and dovecot should be configured better
- If Apache or Bind or Dovecot or one of the service running as pureftpd etc have issue because user change configuration and is creating an issue is not possible remove and resume ... for example if I made broke Apache in Webuzo I can simply uninstall Apache from the panel and reinstall with default settings. This with Bind, PureFTP and all. In CWP if some service is not working and you are unable to fix is a big problem. In my test I need reinstall the panel many different times (also for BUG and issues)
For example one of this BUG issue was that now whn I add an user with a domain BIND stop to work. IF I remove the user BIND turn again ON.
Also button messages on top if clicked show errors as the file manager.
If you install a Let's Encrypt certificate you can see it on the list but you cannot remove... so if you decide to come back to HTTP you cannot do.
If an user is suspended than reactive FTP may not work or if you have previously activated Let's Encrypt than FTP as been switced to FTP under TLS this settings is loosed so when user try to connect after being reactived have to use not secure FTP also if Let's Encrypt certificate is active. Administrator need to go on pureftpd and disallow manually non TLS connections.
Once you have installed an SSL the score on https://www.htbridge.com/ssl/ is very good. A but if you do a server test here: https://www.htbridge.com/websec/ the score will be very bad F.
I tried to add configuration in Apache as I have made in Webuzo and where now in Webuzo I get A but with CWP I AM unable to have more than C+ I don't know why.
The most bug issue maybe for me is that you do not have (as in Webuzo exist) the possibility to unistall and reinstall a component if this is not working (Apache, BIND, pureftpd, etc)
For example when I added an user with a domain BIND has stopped to work. For me this is an issue on the programming of the control panel as my installation was new.
Softaculous is not working for now but you will fix soon as you told.
There is a lot of work to do, for now I love this panel because Webuzo for now missed antivirus and antispam and is a single control panel so you cannot really manage users but also on CWP I see issues on managing user as seems there are different issues.
CWP is a good panel idea but need works.
This is all I found in this days by testing it.
3
FTP / Access Denied for the user after be reactived
« on: February 03, 2017, 10:25:24 PM »
If you suspend an account than reactivate it or maybe you this 3 times user will be unable to log in into FTP client only web FTP.
FTP client say: Access Denied.
So how to renable the user to use FTP?
FTP client say: Access Denied.
So how to renable the user to use FTP?
4
Other / If the user try to configure dovecot or postfix or an app how to reset and reins
« on: February 03, 2017, 08:34:22 PM »
How to reinstall Apache or Postfix or Dovecot for have default settings?
I coming from Webuzo where you are able to delete Apache and reinstall or dovecot, etc.
How to do that in Centos Panel?
Thank you!
IF this is not avaiable in the user interface I suggest to add
I coming from Webuzo where you are able to delete Apache and reinstall or dovecot, etc.
How to do that in Centos Panel?
Thank you!
IF this is not avaiable in the user interface I suggest to add
5
Suggestions / Log to admin panel access for detect if someone is tying to access...
« on: February 03, 2017, 05:32:10 PM »
I suggest a section where Admin can check if someone is strying to access to the web panel.
You should be able to log in root and user should have a table when they can see the access sucessful and unsuccesfull, username tried and IP that is trying to access.
Also a brute force attack on Centos Panel should be added if is not existent.
You should be able to log in root and user should have a table when they can see the access sucessful and unsuccesfull, username tried and IP that is trying to access.
Also a brute force attack on Centos Panel should be added if is not existent.
7
Softaculous / Softacuolous is not working on Centos 7
« on: February 03, 2017, 04:48:57 PM »
Softaculous is not working on Centos 7.
I tried to install any app like wordpress. Connection is interrupted.
I tried to install any app like wordpress. Connection is interrupted.
8
Suggestions / RoundCube should be opened in HTTPS when the panel is loaded in HTTPS
« on: February 03, 2017, 01:59:14 PM »
I logged into the panel with HTTPS.
All link also RoundCube should be opened in HTTPS and is not, is opened without HTTPS.
All link also RoundCube should be opened in HTTPS and is not, is opened without HTTPS.
9
CentOS 7 Problems / BUG report: Install Softaculous (Script Installer) Issue
« on: February 03, 2017, 01:48:26 PM »
First, when I press the Install Softaculous the page is not reachable in Firefox and I need to refresh than I see Softaculous has been installed. When I lunch Softaculous I see no active user and script are not visible so it is not working.
10
CentOS 7 Problems / Issues: File Manager, Advanced File Manager, FTP
« on: February 02, 2017, 07:53:17 PM »
File Manager: I cannot create pages or upload file.
I tried logged as root to add a page from the File manager into suspend:account folder.
Was unable to do because of errors.
I AM unable to connect by FTP as root account "Access Denied"
Advanced System manager doesn't load.
I added a domain to an user but thei are unable to see the domain in the domain list.
I tried logged as root to add a page from the File manager into suspend:account folder.
Was unable to do because of errors.
Code: [Select]
Fatal error: Uncaught Error: Call to undefined function [obfuscated]() in /usr/local/cwpsrv/htdocs/resources/admin/modules/file_manager.php:0 Stack trace: #0 /usr/local/cwpsrv/htdocs/resources/admin/modules/file_manager.php(0): [obfuscated]('/root/user-thum...') #1 /usr/local/cwpsrv/htdocs/resources/admin/modules/file_manager.php(0): [obfuscated]('user-thumbnail....', '/root/') #2 /usr/local/cwpsrv/htdocs/admin/admin/index.php(0): unknown() #3 {main} thrown in /usr/local/cwpsrv/htdocs/resources/admin/modules/file_manager.php on line 0
I AM unable to connect by FTP as root account "Access Denied"
Advanced System manager doesn't load.
I added a domain to an user but thei are unable to see the domain in the domain list.
11
Apache / Apache and Live helper chat
« on: January 30, 2017, 01:42:42 PM »
Hi to all,
I AM new on Centos Panel and I will maybe install this panel in next month an a new VPS.
Actually I AM in a VPS that use Apache 2.2.31 with suphp activated. There is a check box on my VPS panel for activate Suphp so Live helper chat works. If I disable SuPHP or I try the new Apache 2 Live helper chat stop to works also phpbb so... my question is... when I will migrate to your panel, and maybe I will install Softaculous and than install Live helper chat this will work or I need activate suphp or FastCGI for the new Apache?
Where I can do that?
Thanks.
I AM new on Centos Panel and I will maybe install this panel in next month an a new VPS.
Actually I AM in a VPS that use Apache 2.2.31 with suphp activated. There is a check box on my VPS panel for activate Suphp so Live helper chat works. If I disable SuPHP or I try the new Apache 2 Live helper chat stop to works also phpbb so... my question is... when I will migrate to your panel, and maybe I will install Softaculous and than install Live helper chat this will work or I need activate suphp or FastCGI for the new Apache?
Where I can do that?
Thanks.
Pages: [1]