Messages

1006

E-Mail / Re: SMTP one-time password

« on: January 21, 2023, 10:29:07 PM »

Are you authenticating users with postfix and have sender & access restrictions in place? Do your client(s) have a static IP address where you could restrict networks?

1007

CentOS 7 Problems / Re: CWP Apache domlogs cover 50% of my disk

« on: January 21, 2023, 10:01:13 PM »

If you don't need to save them, first start by truncating your apache error & access logs to zero bytes:

Code: [Select]

truncate -s0 /usr/local/apache/domlogs/*.error.log
truncate -s0 /usr/local/apache/domlogs/*.logAlso consider doing the same if you are sure you don't need your CWP access/error logs (for security auditing/troubleshooting):

Code: [Select]

truncate -s0 /usr/local/cwpsrv/logs/*_logAlso, look under /usr/local/cwp/php71/var/log/

To automatically rotate the logs, add a configuration to logrotate for apache logs. Put this code into /etc/logrotate.d/httpd (or use File Management > Logrotate Manager to create it):

Code: [Select]

/usr/local/apache/domlogs/*log {
    missingok
    notifempty
    sharedscripts
    daily
    rotate 7
    postrotate
        /bin/systemctl reload httpd.service > /var/log/httpd-rotate.log 2>&1 || true
    endscript
    compress
}


1008

DNS / Re: @pump_upp - best crypto pumps on telegram !

« on: January 21, 2023, 09:46:53 PM »

obviously, this is the wrong place to be posting spam threads. we don't need shills for crypto pumps here!
can a moderator please delete this thread?

1009

PHP / Re: Problem with PHP 7.4 error 500 on all sites

« on: January 21, 2023, 09:45:11 PM »

Is this referring to (standard) php 7.4 or to php-fpm 7.4?

1010

CentOS 7 Problems / Re: Pure-FTP fails to run

« on: January 21, 2023, 09:43:38 PM »

I'm sorry but pure-ftpd is running fine on my 3x CWP servers. Did you change a default? Your error pertains to too many levels of symbolic links, so that could be a clue as to its cause. You may want to remove pure-ftpd and reinstall it. Do you have it set for a default configuration or have you edited the conf file?

If I recall, implementing TLS was one of the few changes I made to the out-of-the-box pure-ftpd config. Otherwise what I have is vanilla.

1011

How to / Re: How to Change defult public_html folder to another folder?

« on: January 21, 2023, 09:35:48 PM »

If this is a one-off change (and not a tpl permanent change for future account creation), you can either edit the vhosts file, or an .htaccess file to set your site root. Are you using apache or nginx?

1012

Information / Re: error ? daily backup

« on: January 21, 2023, 09:32:43 PM »

I haven't had the backups fail on any of my 3x CWP servers.

As a workaround, you can implement AutoMySQLBackup for daily/weekly/monthly DB backups, with e-mail notification of backups, compression and encryption, backup rotation, and incremental database backups.

For /var/vmail, you can simply rsync it somewhere else for remote backup (as I do).

1013

Updates / Re: Update CWP

« on: January 21, 2023, 09:24:03 PM »

is it normal that for more than 1 month cwp has not published any update?

If you're itchy for quicker updates, you can change your settings in CWP Settings > Edit Settings > CWP Updates.
But as it warns on the tin,

Latest (Latest version, NOT fully tested)

So a conservative sysadmin would choose the default option:

Stable (Stable version, at least two weeks tested)

1014

E-Mail / Re: Not connect to mail from i-mac devices

« on: January 21, 2023, 09:20:07 PM »

Are you supporting STARTTLS ports in addition to the SSL/TLS mail ports?
143 for IMAP, 25 for SMTP, 110 for POP3, 587 for submission.
I can't say how your Mac clients are set to connect to the server, but they can support both STARTTLS or SSL/TLS.

1015

E-Mail / Re: Erro SMTP (450)

« on: January 21, 2023, 09:17:15 PM »

try to find and comment # this line

Code: [Select]

reject_unknown_helo_hostname
in /etc/postfix/main.cf an then

Code: [Select]

service postfix restart

If it exists, I would also suggest commenting out:
#reject_non_fqdn_hostname, # too many misconfigured servers out there...

Code: [Select]

1016

E-Mail / Re: There is a CWP server vulnerability. Please help me.

« on: January 21, 2023, 08:42:38 PM »

Well, yes there was a vulnerability. But if you have updated to 0.9.8.1148 or newer (we are 2 updates past the vulnerable version), you should be safe. But it sounds as if your Postfix installation is not sufficiently hardened, and perhaps CSF/LDF is not doing all it can do for you. Also, consider installing Mod_Security with the Comodo ruleset.
 

1017

Information / Re: disk r/w io speed

« on: January 15, 2023, 04:42:48 AM »

Which country? You can get a used 2012 Mac mini (space for 2x SATA SSD) with 16GB RAM and have it co-located here in the US for $50/mo at MacStadium or CyberLynk (MacMiniVault). You don't have to run macOS as the host OS -- you can run VMware ESXi or a Linux with KVM if you want to run VM(s). Or bare metal CentOS even!

1018

Information / Re: error ? daily backup

« on: January 15, 2023, 04:33:46 AM »

Have you looked for large files that could be deleted/truncated?

Code: [Select]

find / -type f -size +500MYou could delete older backups in /backup if you are confident you don't need them

Code: [Select]

[root@srv]# ls -al /backup
total 16
drw-------.  6 root root   61 Jan 11  2022 .
dr-xr-xr-x. 21 root root 4096 Jan 14 16:49 ..
drwxr-xr-x. 37 root root 4096 Feb 19  2022 daily
drwxr-xr-x. 37 root root 4096 Mar  1  2022 monthly
drwxr-xr-x. 37 root root 4096 Feb 20  2022 weeklyIn this case, maybe clean out /backup/monthly?

1019

Mod_Security / Re: Error 403 Forbidden (You don't have permission to access / on this server)

« on: January 15, 2023, 12:51:58 AM »

Change to Comodo WAF

Agreed, OWASP is too aggressive of a default.
But this tutorial has relevant info and suggested changes if you do decide to use OWASP rules.

1020

Mod_Security / Re: Custom modsec rules

« on: January 14, 2023, 11:59:47 PM »

Have you considered blocking at the CSF/LFD firewall level instead of mod_security?

Otherwise, the answer to your question is here. File for custom directives is:

Code: [Select]

nano /usr/local/apache/modsecurity-cwaf/custom_user.conf