Messages

16

Information / Re: Ebury trojan on all of my CWP servers

« on: March 25, 2023, 03:05:25 AM »

You can quickly check if you are infected with Ebury by checking if the file /usr/lib64/libkeystats.so exists or by running the following command through the console -

Code: [Select]

ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected"

Definitely, this command to check can get a false positive.
I have several servers, I'm checking these, and just one have the file '/usr/lib64/libkeystats.so', but all my servers are being pointed as "System infected" through this command.

The file 'libkeystats.so' can just be a legitimate file from the package 'keyutils-libs-1.5.8-3.el7.x86_64', if not infected.
In Centos 7, the check can be made through the following command:

Code: [Select]

rpm -qf /lib64/libkeyutils.so.1.5
Checking the server containing the file '/usr/lib64/libkeystats.so', with the instructions of the above security sites, it's pointing the file is not infected.

The packages using it can be listed by:

Code: [Select]

rpm -q --whatrequires keyutils-libs
Regards,
Netino

17

Information / [Poll] What is your current OS version?

« on: March 07, 2023, 08:38:32 PM »

Due to the EOL of Centos 7 in 2024-06-30, and the Centos Stream 8 in 2024-05-31, several people have already migrated to another version of OS, and others not. What is your version of SO (production environment)? If you chose "Other", please specify here which OS version.

18

MySQL / Re: Can not update MariaDB - Error downloading packages

« on: February 17, 2023, 08:03:08 PM »

That sounds great, but how do I do that?

You can try this:
https://wiki.centos-webpanel.com/mariadb-upgrade-to-new-version

But it's for 10.5 version. Instead, I would try to change to version 10.6, because it's a LTV - Long Term Version.

Regards,
Netino

19

MySQL / Re: Problem Danger: MySQL - BAD CONFIGURATION DETECTED

« on: March 28, 2022, 09:36:34 PM »

If the message is claiming about "BAD CONFIGURATION DETECTED", I would check the configuration.

Type here all your mysql configuration files for us to check.
Content of files '/etc/my.cnf' and all files from folder '/etc/my.cnf.d/'.

Regards,
Netino

20

Information / Re: Your cwp forum site has an ssl error

« on: March 24, 2022, 12:51:30 AM »

today i got an error while trying to visit forum.centos-webpanel.com

NET::ERR_CERT_DATE_INVALID

just for info, maybe you fix this site and renew the cert or force a https to http redirect if you don't wanna provide a https connection.

Yes, I second that: The cert is expired since yesterday.
Hello CWP Team, the forum cert was not renewed.

Regards,
Netino

21

FTP / Re: unable to connect via ftp

« on: March 21, 2022, 02:31:29 AM »

Seems your configuration is normal.
The two following lines are showin something strange, related to the same network:

Code: [Select]

Mar 15 16:38:00 vps-2434395-x pure-ftpd: (?@190.247.116.2) [INFO] fullstre@fullstreaming.ar is now logged in
Mar 15 16:38:10 vps-2434395-x pure-ftpd: (fullstreaming@190.247.116.2) [INFO] Timeout

The first one for user 'fullstre' is logged in, but the second for the same IP address for user 'fullstreaming' is not.
The second is returning "Timeout" problem, this is related to the network.
The home directory for that user really exists?

22

FTP / Re: unable to connect via ftp

« on: March 17, 2022, 10:42:39 PM »

[root@server1 ~] # ls -alF /var/run
lrwxrwxrwx. 1 root root 6 dic  3 15:50 /var/run -> ../run/

It's just a symbolic link.
Check the real directory: ls -alF /run

23

FTP / Re: unable to connect via ftp

« on: March 16, 2022, 11:19:31 PM »

Seems you are having problem with PID file.
Check if your /var/run directory exists, and have the right permissions (0755) wih the command: ls -alF /var/run

24

CentOS 7 Problems / Re: PureFTP TLS problem

« on: March 16, 2022, 11:15:46 PM »

Hi Netino,
I've used the CWP script to install TLS on the server..
this is what is written at the end of the pure-ftpd.conf file

TLS 1
TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3
CertFile /etc/pki/tls/private/hostname.pem

Do I need to change or add something?
thanks for helping!

The file /etc/pki/tls/private/hostname.pem must be a special file, composed by Private Key, Certificate and Intermediary Certificates.
Check that (this just can be checked by you)
If it's ok, seems your TLS configuration don't have any problem.

Try to check you /var/log/messages file, rigth after connect, issuing the following command:

Code: [Select]

# grep 'pure-ftpd' /var/log/messages | tail -50

25

FTP / Re: unable to connect via ftp

« on: March 15, 2022, 11:44:05 PM »

What's in your logs (just the last lines) when you issue the following command?:

Code: [Select]

# grep 'pure-ftpd' /var/log/messages
Regards,
Netino

26

CentOS 7 Problems / Re: PureFTP TLS problem

« on: March 15, 2022, 11:39:10 PM »

What is your configuration for the following parameters?:
TLS
TLSCipherSuite
CertFile

Regards,
Netino

27

PHP / PHP SECURITY VULNERABILITY => Urgent update to version 7.4.28, 8.0.16 and 8.1.3

« on: February 19, 2022, 08:52:13 PM »

Irony alert! PHP fixes security flaw in input validation code
https://nakedsecurity.sophos.com/2022/02/18/irony-alert-php-fixes-security-flaw-in-input-validation-code/

What to do?
If you’re a PHP user, update to 8.1.3. If you haven’t yet shifted to the 8.1 flavour of PHP, two other earlier branches are still supported: 8.0 needs upgrading to 8.0.16, and 7.4 needs upgrading to 7.4.28.

The problem here is these updates are not available to make these updates in CWP.

Regards,
Netino

28

CentOS-WebPanel Bugs / Re: Problem with VARNISH config files .... and CWP update to new version

« on: January 28, 2022, 02:51:00 AM »

I just right now installed a new CWP server, and had this problem too. (503 backend error)

For some reason, the CWP install script didn't install the correct file '/etc/varnish/default.vcl'.
The content of the installed file is the original file from the varnish distribution, without any modification, and is proxying to 127.0.0.1 on port 8080, which does not exist.

So, to fix the problem, just change the '/etc/varnish/default.vcl' file, removing its content and replacing it with the following content:

Code: [Select]

vcl 4.0;
backend default { .host = "107.191.125.119"; .port = "8181";}
include "/etc/varnish/conf.d/vhosts.conf";

Regards,
Netino

29

Apache / Re: WebServers Domain Configuration Reset

« on: January 15, 2022, 10:57:55 PM »

(...)
At the moment I have this on that file:
{
    "nginx_template-type": "default",
    "nginx_template-name": "laravel-force-https",
    "apache_template-type": "default",
    "apache_template-name": "laravel",
    "nginx": true,
    "php-cgi": true,
    "apache-additional": true
}

And it's working, this is a very strange bug, I saw lots of posts on the forum about the same, and any official solution.

Did you try to check if you reall have .tpl and .stpl files.?

Use the command:

Code: [Select]

find /usr/local/cwpsrv/htdocs/resources/conf/web_servers | grep laravel


30

CentOS-WebPanel GUI / Re: Mod_Security's Security incidents wrong IP

« on: January 15, 2022, 10:43:38 PM »

(...)
have you tried installing v3?

No. I'm using Comodo rules, and don't know if they are compatible.
https://github.com/SpiderLabs/ModSecurity/issues/1962