Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - overseer

Pages: 1 ... 6 7 [8] 9 10 ... 127
106
Other / Re: Goodbye CWP — I’m done for good
« on: February 22, 2026, 03:37:21 AM »
Quote
Okay, goodbye. We'll miss your contribution here.
I'm all for ending the AI-composed echo chamber. You're making your choice, I've made mine. I'm sticking with CWP for the foreseeable future. Hope your new panel serves you well!

107
Save the panic attacks by silencing notifications! Create /etc/cron.daily/notifications_zero and it will run after the daily CWP scripts and empty out your notifications.
Code: [Select]
#!/bin/sh
echo '[]' > /usr/local/cwpsrv/htdocs/resources/admin/include/libs/notifications/notifications.json

108
Updates / Re: Roundcube vulnerability
« on: February 22, 2026, 12:07:32 AM »
Thanks for that! I've added it into my daily cron routines.
One thing I do is add an authentication hook at the beginning of privileged scripts, in case it is run interactively:
Code: [Select]
# Authentication
sudo -p "Please authenticate (admin password): " printf "" || {
    echo "Abort: could not authenticate" >&2
    exit 1
}
And then close out the script with
Code: [Select]
sudo -kto remove cached credentials.

109
Yes, that script gives the same worrying message on my servers. But it looks to be all-scare, not a legitimate security issue. Most odd thing is the 507 user:group ownership -- no longer valid, so probably more cleanup CWP needs to do.

110
I have the /usr/lib64/gconv/gconv-modules.cache file on my AlmaLinux 8 servers (28K in size). Seem like a normal harmless cache file. Maybe the recent update attempts to tighten up security, but is generating false positives.

Indeed, look at the new cron job that runs cwp_security_audit:
Code: [Select]
[root@srv1]# ls -al /etc/cron.daily/cwp_security_audit.sh
-rwxr-xr-x 1 root root 31 Feb 17 18:40 /etc/cron.daily/cwp_security_audit.sh

111
What operating system? I have that file (1.4M in size) on my AlmaLinux 8 servers. I assume it's necessary to decrypt & load the CWP core, which is still running on the hobbling old PHP 7.2 (even though the files are labeled PHP 7.1, it is really 7.2).

Looks like the recent update added the security audit and automatically enrolled servers to run it. Look at the new cron job that runs cwp_security_audit:
Code: [Select]
[root@srv1]# ls -al /etc/cron.daily/cwp_security_audit.sh
-rwxr-xr-x 1 root root 31 Feb 17 18:40 /etc/cron.daily/cwp_security_audit.sh

112
Other / Re: Goodbye CWP — I’m done for good
« on: February 19, 2026, 04:35:37 AM »
Goodbye CWP, I’m done for good.
Okay, goodbye. We'll miss your contribution here.

I for one (and my customers obviously agree) do NOT want rapid change. Slow, gradual iterative improvement is welcome as long as it doesn't introduce new bugs and CVEs. They do not want or need the kitchen sink of features nor do they want a fresh GUI for the sake of... something. They would revolt if the webmail suddenly changed from Roundcube to Rainloop. They want consistency. As long as their (fairly static) site is up and they can check their e-mail, they are happy.

Yes, they will want PHP 8.4 and someday 8.5. But 8.1 and 8.3 meets the minimum requirements of my most demanding customers. If I absolutely needed it, there are guides on AlphaGNU on how to install it. Changelogs would be nice, but are not strictly necessary. TBH, I maybe reference one or two changelogs per year. Time is too precious to pore over them, unless there's a specific CVE I need to address.

As for other panels, sure there are many, but they are 3x, 5x, or 10x the price of CWP. CWP is the sweet spot of price and features for me. Once cPanel went for the greed grab and upped their pricing tiers to the stratosphere, I jumped ship and haven't looked back. Now most panels set their reference pricing to cPanel, so most of them are out of reach. But if it would motivate the CWP team to increase their cadence and communication and hire more devs & support staff, I would pay 1.5x to 2x what I pay now for CWP Pro. But paying more, I would expect more. Right now, for the price point, I feel I am getting a good value for my money. Look around -- I have and I know Starburst has. Nothing is as good at this price point.

113
Apache / Re: Apache 2.4.66 released on 2025-12-04
« on: February 13, 2026, 02:32:38 PM »
Possibly a security weak spot, but consider that the CWP team leans into LTS branches of software, befitting an Enterprise Linux base (slow moving, break as little as possible). Manually following Starburst's guide (linked above) will get you 2.4.66 -- not difficult to do the update.

114
Hi Bill, thanks for your efforts -- any contribution is valuable. I for one will have to pass though -- I can't have my servers' security depend on one person's lone efforts no matter how noble the intent. I've been making the latest OWASP rulesets work (omitting a list of false positives) and it is generally stable. Wish Comodo wouldn't have lost their identity and their product direction, but had to cope and life goes on!

115
Updates / Re: Roundcube vulnerability
« on: February 11, 2026, 11:58:43 AM »
Just to affirm Starburst's previous guide to update Roundcube in light of the current vulnerability:
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/update-roundcube-webmail-to-version-1-5-11-in-cwp-on-almalinux-8-9/
or follow Sandeep's guide here:
https://www.alphagnu.com/topic/33-update-cwp-roundcube-mail-version-158-%E2%80%93-control-web-panel/
Simply update the Roundcube version number to 1.5.13 in the directions and download links and you will obtain a CWP-compatible LTS version of Roundcube, safe from the latest CVE.

116
PHP / Re: how to install and configure relay extension for php-fpm83 in cwp
« on: February 10, 2026, 02:53:53 PM »
I would look at this guide as a model:
https://www.alphagnu.com/topic/614-how-to-add-custom-php-fpm-84-85-support-to-cwp-on-almalinux-9x/
(You could try to customize the build scripts/extension scripts for 8.3 using this method.)

118
CentOS 9 Problems / Re: ClamAV issue in user panel
« on: February 04, 2026, 01:57:55 AM »
In earlier posts detailing his adventures installing CWP under AlmaLinux 9, he specifically noted that you have to install ClamAV BEFORE you install CWP:
https://forum.centos-webpanel.com/informations/tested-almalinux-9-4-beta-1-with-cwp-9-beta-0-9-8-1177/msg47238/#msg47238

119
Mod_Security / Re: atomic crop. free waf rules set
« on: February 01, 2026, 06:27:58 PM »
OWASP ruleset is updated manually under this setup. There is a script available to update, streamlining the process.

Pages: 1 ... 6 7 [8] 9 10 ... 127