This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1576
Postfix / Re: error on postfix rebuild
« on: April 08, 2023, 02:05:45 AM »
Yes, it's present on CWP CentOS systems:
Code: [Select]
[overseer@srv]$ ls -al /usr/bin/spfquery
-rwxr-xr-x. 1 root root 4598 Nov 10 2020 /usr/bin/spfquery
[overseer@srv]$ du -sh /usr/bin/spfquery
8.0K /usr/bin/spfquerySo you would have to manually delete it or move it to the side before running the postfix rebuild routine.
1577
CentOS-WebPanel Bugs / Re: User php selector bug
« on: April 07, 2023, 08:16:08 AM »
And you reported the bug to the dev team? Or request support to help you with the issue?
1578
Apache / Re: apache strange behavior
« on: April 07, 2023, 07:59:20 AM »
Yes, it's normal:
and test via lsof:
If you would like to disable IPv6, add these lines to /etc/sysctl.conf
Code: [Select]
ifconfig eth0or Code: [Select]
ifconfig ens33Look for the "inet6" line.and test via lsof:
Code: [Select]
[root@srv]# lsof -i :443
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 15319 nobody 8u IPv6 5287623 0t0 TCP *:https (LISTEN)
httpd 26197 root 8u IPv6 5287623 0t0 TCP *:https (LISTEN)
httpd 26218 nobody 8u IPv6 5287623 0t0 TCP *:https (LISTEN)
httpd 26219 nobody 8u IPv6 5287623 0t0 TCP *:https (LISTEN)
httpd 26220 nobody 8u IPv6 5287623 0t0 TCP *:https (LISTEN)
httpd 26310 nobody 8u IPv6 5287623 0t0 TCP *:https (LISTEN)
httpd 80303 nobody 8u IPv6 5287623 0t0 TCP *:https (LISTEN)
httpd 107496 nobody 8u IPv6 5287623 0t0 TCP *:https (LISTEN)
httpd 112527 nobody 8u IPv6 5287623 0t0 TCP *:https (LISTEN)
httpd 128430 nobody 8u IPv6 5287623 0t0 TCP *:https (LISTEN)
[root@srv]# lsof -i :80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 15319 nobody 4u IPv6 5287612 0t0 TCP *:http (LISTEN)
httpd 26197 root 4u IPv6 5287612 0t0 TCP *:http (LISTEN)
httpd 26218 nobody 4u IPv6 5287612 0t0 TCP *:http (LISTEN)
httpd 26219 nobody 4u IPv6 5287612 0t0 TCP *:http (LISTEN)
httpd 26220 nobody 4u IPv6 5287612 0t0 TCP *:http (LISTEN)
httpd 26310 nobody 4u IPv6 5287612 0t0 TCP *:http (LISTEN)
httpd 80303 nobody 4u IPv6 5287612 0t0 TCP *:http (LISTEN)
httpd 107496 nobody 4u IPv6 5287612 0t0 TCP *:http (LISTEN)
httpd 112527 nobody 4u IPv6 5287612 0t0 TCP *:http (LISTEN)
httpd 128430 nobody 4u IPv6 5287612 0t0 TCP *:http (LISTEN)If you would like to disable IPv6, add these lines to /etc/sysctl.conf
Code: [Select]
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1and runCode: [Select]
sysctl -pThen confirm with:Code: [Select]
ifconfig eth0or Code: [Select]
ifconfig ens33
1579
MySQL / Re: 413 Request Entity Too Large by phpmyadmin
« on: April 06, 2023, 02:48:09 PM »
I haven't actually encountered this myself, probably because I use the CLI for larger DB loading & backup tasks. But thanks for resurfacing this thread! I'll enact it on my servers for the sake of clients who live & die by phpMyAdmin.
1580
E-Mail / Re: Imap Folders
« on: April 03, 2023, 02:03:52 PM »
Did you confirm that they don't actually exist on the server, or just not subscribed in your IMAP client?
Do you want them to be created for all users on the server, or is this a one-off for one user?
Do you want them to be created for all users on the server, or is this a one-off for one user?
1581
MySQL / Re: MariaDB crashes after DC incident
« on: April 02, 2023, 09:47:51 PM »
This is the default example configuration of /etc/my.cnf provided by MySQL. This config file was generated by MySQL running on CentOS 7. I am running the same CentOS version as you are, but I am running MariaDB 10.6 (long term support release).
Code: [Select]
# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/8.0/en/server-configuration-defaults.html
[mysqld]
#
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
#
# Remove the leading "# " to disable binary logging
# Binary logging captures changes between backups and is enabled by
# default. It's default setting is log_bin=binlog
# disable_log_bin
#
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
#
# Remove leading # to revert to previous value for default_authentication_plugin,
# this will increase compatibility with older clients. For background, see:
# https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_default_authentication_plugin
# default-authentication-plugin=mysql_native_password
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
1582
MySQL / Re: MariaDB crashes after DC incident
« on: April 02, 2023, 02:42:06 PM »
Here is a lightly tuned my.cnf for general purpose CMS use (WordPress, Drupal, Joomla)
Code: [Select]
[mysqld]
performance-schema=0
max_connections=100
max_user_connections=75
query_cache_size=32M
skip-external-locking
key_buffer_size=32M
table_open_cache=128
sort_buffer_size=512K
net_buffer_length=8K
read_buffer_size=256K
read_rnd_buffer_size=512K
myisam_sort_buffer_size=16M
tmp_table_size=32M
max_heap_table_size=32M
thread_cache_size=4
open_files_limit=10000
local-infile=0
max_allowed_packet=500M
# InnoDB
innodb_file_per_table=1
innodb_locks_unsafe_for_binlog=1
innodb_fast_shutdown = 1
# Recovery mode options
#innodb_force_recovery = 5
#innodb_purge_threads=0
#
# This group is read both both by the client and the server
# use it for options that affect everything
#
[client-server]
#
# include *.cnf from the config directory
#
!includedir /etc/my.cnf.d
1583
MySQL / Re: MySQL - BAD CONFIGURATION DETECTED
« on: April 02, 2023, 02:39:46 PM »
Is that the default Fedora my.cnf?
Did you run mysql_secure_installation?
Here is a sample my.cnf, lightly tuned for WP and other CMS platforms:
Did you run mysql_secure_installation?
Here is a sample my.cnf, lightly tuned for WP and other CMS platforms:
Code: [Select]
[mysqld]
performance-schema=0
max_connections=100
max_user_connections=75
query_cache_size=32M
skip-external-locking
key_buffer_size=32M
table_open_cache=128
sort_buffer_size=512K
net_buffer_length=8K
read_buffer_size=256K
read_rnd_buffer_size=512K
myisam_sort_buffer_size=16M
innodb_file_per_table=1
tmp_table_size=32M
max_heap_table_size=32M
thread_cache_size=4
open_files_limit=10000
local-infile=0
max_allowed_packet=500M
# InnoDB
innodb_locks_unsafe_for_binlog=1
innodb_fast_shutdown = 1
# Recovery mode options
#innodb_force_recovery = 5
#innodb_purge_threads=0
#
# This group is read both both by the client and the server
# use it for options that affect everything
#
[client-server]
#
# include *.cnf from the config directory
#
!includedir /etc/my.cnf.d
1584
MySQL / Re: MariaDB crashes after DC incident
« on: April 02, 2023, 02:35:08 PM »
You need MariaDB stable in order to use the server -- CWP depends on it, the Postfix mail transport needs it, Roundcube webmail needs it, and WP and other dynamic sites depend on it.
Did the host add or remove something in /etc/my.cnf ?
Did you run mysql_secure_installation ?
Did the host add or remove something in /etc/my.cnf ?
Did you run mysql_secure_installation ?
1585
Information / Re: Cloudflare Tunnel
« on: April 02, 2023, 02:27:33 PM »
I have run servers at 2 locations on business fiber, no problems -- worked great. And not just a static IP, they even gave me reverse DNS, which is critical for running a mail server! I too am about to get fiber in my rural town and will have fiber at my home and business location. I won't be testing the home location for server use, but will definitely employ the symmetric 250Mbit connection at the business location for a disaster recovery backup server (twin to my co-location hosted servers). FINALLY, after 20+ years on DSL (pronounced D-S-HELL)!
1586
CentOS 7 Problems / Re: Disk Quota Exceeded???
« on: April 01, 2023, 09:58:49 PM »
Can you create a Package with higher limits / preferably unlimited and try assigning that package to the user? Or try making the troublesome user a Reseller (less desirable, I'm sure)?
1587
Updates / Re: Upgrade Nginx
« on: April 01, 2023, 09:51:57 PM »
Sandeep has a tutorial here:
https://www.uxlinux.com/update-nginx-to-latest-official-version-in-centos-8-el8-cwp/
Also consider hardening Nginx with the instructions here:
https://www.awsmonster.com/2019/09/how-to-secureharden-cwp-nginx-server.html
https://www.uxlinux.com/update-nginx-to-latest-official-version-in-centos-8-el8-cwp/
Also consider hardening Nginx with the instructions here:
https://www.awsmonster.com/2019/09/how-to-secureharden-cwp-nginx-server.html
1588
iptables / Re: ssh brute force attacks to random ports/users
« on: April 01, 2023, 09:48:43 PM »
I fully agree with all the other advice given above.
i change my default server ssh port and i have one ssh user(root)I would highly recommend NOT using root for SSH, unless you have a specific one-off case where you need it for a migration or rsync or the like. Once you leave a known user name provided for brute force attacks, that's 50% of the information needed for a successful hack. Consider creating a sudo user (with a strong passphrase) specifically for SSH duties and use that exclusively. So in /etc/ssh/sshd_config set:
Code: [Select]
PermitRootLogin noandCode: [Select]
AllowUsers sudouseror create a group of allowed SSH users and set:Code: [Select]
AllowGroups sshusersAnd of course, use keys instead of interactive passphrases...
1589
Information / Re: Cloudflare Tunnel
« on: April 01, 2023, 03:04:00 AM »
It sounds like it should; I use their other services, but not Cloudflare Tunnel. Does your ISP block ports 80, 443 and/or 25? Or does their EULA preclude running a home based server?
1590
CentOS 7 Problems / Re: Disk Quota Exceeded???
« on: April 01, 2023, 03:01:40 AM »
Can you try uploading with a regular system user, created outside of CWP? (I usually keep a sudo user in my back pocket...)
