Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - overseer

Pages: 1 [2] 3 4 ... 127
16
Of course I'm tracking the reports of an issue like this. All my servers are working fine, as is another one I am working on for someone else. All are running AlmaLinux 8 with no issues related to this to report.

17
Updates / Re: Did 0.9.8.1239 remove extra DB users?
« on: July 01, 2026, 11:03:33 PM »
To disable a bash script (such as the hacker check), simply insert exit 0 after the first shebang line:
Code: [Select]
#!/bin/bash
exit 0
For a PHP script such as cron.php, insert the exit function at the start of the script:
Code: [Select]
exit()

18
All users (including postfix) are intact on my servers after the update.
Do you backup your MySQL (MariaDB) DB regularly?

21
The CWP default comes with MariaDB 10.6. It should be manually upgraded to the 10.11 LTS version, or if you have a specific need for the 11.x branch, you can install that instead. It's a simple enough upgrade that; you shouldn't need managed support to do it.
https://endoflife.date/mariadb
https://www.alphagnu.com/topic/23-upgrade-mariadb-1011-in-cwp-centos-7-centos-8-stream-almalinux-78-rockylinux-78/
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/upgrade-mariadb-10-x-to-10-11-with-cwp-on-almalinux-9/

22
Ouch! Looks to need some serious cleanup work, unless you can roll back a few days before the infection. See this thread for remediation techniques and scripts:
https://forum.centos-webpanel.com/centos-webpanel-bugs/i-think-there-is-a-very-serious-security-vulnerability-in-cwp-right-now/

23
Other / Re: 9 CVE's just dropped for those running Node.js
« on: June 26, 2026, 02:39:40 PM »
Welcome to the brave new world of AI-excavated exploits! Devs are getting bombarded by valid & invalid bug reports and CVE discoveries, thanks to helpful AI tools digging into source code.

24
Other / Re: 9 CVE's just dropped for those running Node.js
« on: June 26, 2026, 11:57:23 AM »
Very relevant since CWP has the NodeJS Application Manager:
/admin/index.php?module=mod_nodejs

25
How to / Re: OWASP_CRS 4.27.0 keeps reverting to 3.3.2 after one day?
« on: June 26, 2026, 11:55:03 AM »
Are you running ModSecurity 2.9.13? It should be the latest in the 2.9.x series to be compatible with CWP:
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-modsecurity-to-2-9-13-running-cwp-and-apache-on-almalinux-8-9/

27
Want me to take a look at your server? If so, PM me connection details.

28
MySQL / Re: Invalid (old?) table or database
« on: June 24, 2026, 02:53:03 PM »
Which version of MariaDB are you running?
Can you look in /var/lib/mysql/ and see if there is an errant .ssh directory there (which shouldn't be there!)
If it's there, delete it (or move it elsewhere to examine it) -- it could be an IOC from the recent wave of hacks.

29
Edit your chrony configuration to set the timeservers:
Code: [Select]
nano /etc/chrony.conf

30
Are you running stock CSF/LFD provided by CWP or the Aetherinox fork (I run the latter).
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/aetherinox-csf-firewall-update-to-v15-10-on-almalinux-8-9/

Can you make sure your system time is right? I usually use 0.pool.ntp.org and 1.pool.ntp.org for time servers.
Quote
The 0.pool.ntp.org address is part of the global NTP Pool project. It directs your system to a large, dynamic cluster of volunteer time servers, automatically assigning you the geographically closest available server to ensure high precision and minimum network delay
You may need to temporarily disable Amavis if it is the cause of your error. Try commenting out the relevant section in
Code: [Select]
/etc/postfix/master.cf and restart postfix.

Pages: 1 [2] 3 4 ... 127