Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - vtheod

Pages: [1]
1
Updates / CVE-2021-45466
« on: January 26, 2022, 02:58:48 PM »
Hello all!

After reading about the CVE-2021-45466 vulnerability, I did a cwp update to my servers. The problem is that in all servers, the update returns the following errors:

Code: [Select]
rm: cannot remove ‘/usr/local/cwpsrv/htdocs/admin/user/loader.php’: Permission denied
rm: cannot remove ‘/usr/local/cwpsrv/htdocs/admin/user/index.php’: Permission denied
rm: cannot remove ‘/usr/local/cwpsrv/htdocs/admin/user/design’: Permission denied

Since these files are the vulnerable ones, should I delete them manually or am I going to break something?

All servers are running on CentOS 7.9.2009 with CWPpro version: 0.9.8.1122.

Thanks in advance,

Vassilis

2
SSL / AutoSSL not working on Centos7
« on: May 05, 2017, 06:56:24 PM »
Hi!
When I set up my server I managed to create Let's Encrypt Certificates for each of my sites by using the Letsencrypt Manager.
After these certificates ended I can't use the AutoSSL. It keeps giving me the following error:
Code: [Select]
AutoSSL Issue Failed![Fri May  5 21:44:12 EEST 2017] Only RSA or EC key is supported.
[Fri May  5 21:44:12 EEST 2017] Please add '--debug' or '--log' to check more details.
[Fri May  5 21:44:12 EEST 2017] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
AutoSSL Issue Failed![Fri May  5 21:44:12 EEST 2017] Only RSA or EC key is supported.
[Fri May  5 21:44:12 EEST 2017] Please add '--debug' or '--log' to check more details.
[Fri May  5 21:44:12 EEST 2017] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

I used the debugger but it didn't give more info.
I tried to use again the old procedure with Letsencrypt Manager but it's not working either. Here's the output:
Code: [Select]
Bootstrapping dependencies for RedHat-based OSes... (you can skip this with --no-bootstrap)
yum is /usr/bin/yum
Package gcc-4.8.5-11.el7.x86_64 already installed and latest version
Package augeas-libs-1.4.0-2.el7.x86_64 already installed and latest version
Package 1:openssl-1.0.1e-60.el7_3.1.x86_64 already installed and latest version
Package 1:openssl-devel-1.0.1e-60.el7_3.1.x86_64 already installed and latest version
Package libffi-devel-3.0.13-18.el7.x86_64 already installed and latest version
Package redhat-rpm-config-9.1.0-72.el7.centos.noarch already installed and latest version
Package ca-certificates-2017.2.11-70.1.el7_3.noarch already installed and latest version
Package python-2.7.5-48.el7.x86_64 already installed and latest version
Package python-devel-2.7.5-48.el7.x86_64 already installed and latest version
Package python-virtualenv-1.10.1-3.el7.noarch already installed and latest version
Package python-tools-2.7.5-48.el7.x86_64 already installed and latest version
Package python2-pip-8.1.2-5.el7.noarch already installed and latest version
Package 1:mod_ssl-2.4.6-45.el7.centos.4.x86_64 already installed and latest version
Upgrading certbot-auto 0.13.0 to 0.14.0...
Couldn't verify signature of downloaded certbot-auto. Command '['openssl', 'dgst', '-sha256', '-verify', '/tmp/tmp.ZlnIflG8jH/public_key.pem', '-signature', '/tmp/tmp.ZlnIflG8jH/letsencrypt-auto.sig', '/tmp/tmp.ZlnIflG8jH/letsencrypt-auto']' returned non-zero exit status 127

I'm using Centos 7 and the CWP version is 0.9.8.318

So, nothing is working as it should and I'm stucked. I really like CWP and I have the pro version but if there is no workaround for this issue I'll have to change control panel.

Thanks in advance
Vasilis

3
CentOS 7 Problems / Problem with mod_security
« on: February 02, 2017, 05:21:09 PM »
Hi!
I've installed CWP7pro on a dedicated and I'm facing a problem with mod_security.
If I install mod_security, apache can't start and gives the following error:
Code: [Select]
httpd: Syntax error on line 510 of /usr/local/apache/conf/httpd.conf: Syntax error on line 9 of /usr/local/apache/conf.d/mod_security.conf: Cannot load modules/mod_security2.so into server: /usr/local/apache/modules/mod_security2.so: undefined symbol: apr_crypto_block_cleanup
Line 9 of /usr/local/apache/conf.d/mod_security.conf is the one inbetween IfModule tags:
Code: [Select]
<IfModule !mod_security2.c>
  LoadModule security2_module  modules/mod_security2.so
</IfModule>

Uninstalling mod_security brings apache back to life.
Any ideas?

Pages: [1]