Messages

166

Updates / Re: CVE-2021-45466

« on: January 26, 2022, 07:55:30 PM »

How can I check if I have been targeted by this?

167

CentOS-WebPanel Bugs / Re: themes_lang2 module is broken

« on: January 26, 2022, 07:33:01 PM »

Hello
This was fixed many versions ago, please check you have the latest version and let me know how it went after upgrading

yeah, that's what I said here
https://forum.centos-webpanel.com/index.php?topic=11677.msg40297;topicseen#msg40297

168

Updates / Re: CVE-2021-45466

« on: January 26, 2022, 07:22:37 PM »

can you post here the permissions and attributes these files has?
Use
ls -all filename
and this:
lsattr filename

I just checked myself. They are locked. You cant delete them even with root and sudo, unless you remove the lock attribute, with root or the owner of the file.

Do I need to delete these files on my server?

Also, can someone tell my why people keep saying that CWP is open source when everything is encrypted with IonCube? How do several sites talking about this CVE show the decrypted content of these files?

169

Updates / Re: CVE-2021-45466

« on: January 26, 2022, 07:16:10 PM »

can you post here the permissions and attributes these files has?
Use
ls -all filename
and this:
lsattr filename

170

Updates / Re: Update 0.9.8.1117 still not fixing themes_lang2 Module

« on: January 26, 2022, 12:31:09 PM »

What exactly error or problem do you have? Have you tried to open a ticket to the developers?

This issue has been resolved in later versions. I reported the same problem here:
https://forum.centos-webpanel.com/index.php?topic=11667.0

171

CentOS-WebPanel Bugs / Re: 500 internal server error rewrite

« on: January 25, 2022, 09:06:26 PM »

Options +SymLinksIfOwnerMatch this code worked for me but gave sql error.
The sql file cannot be dumped with the user added in mysql.
but if we select the user as root, it loads and works.

Ok, then remove it as well:

Code: [Select]

Options +SymLinksIfOwnerMatch
Do you want/need it?

172

CSF Firewall / Make Fail2ban puts its bans on CSF banlist

« on: January 25, 2022, 06:56:42 PM »

Title says it all.

I want to see the banned IPs on CWP's firewall banlist.
If I tell fail2ban to use iptables, it will will work in banning, but won't show it in the list. (I have to list iptables rules to see it)
If I tell fail2ban to use nftables, it will also work in banning, but won't show it in the list. (I have to use "nft list ruleset" to see it)

173

CentOS-WebPanel GUI / Re: Already paid for pro, but its no activated

« on: January 25, 2022, 10:17:44 AM »

You can check here:

https://www.centos-webpanel.com/ip/

Enjoy!

This shows the IP of your local internet, nothing to do with server's ip..

174

Apache / Re: Apache Vhosts getting rebuilt automatically everynight

« on: January 24, 2022, 10:05:23 PM »

Well, I will just add that the only way to get this resolved was by copying the file like I said. By doing exactly what you said is wrong - I made a fix.

The templates at /usr/local/cwpsrv/htdocs/resources/conf/web_servers/vhosts/httpd/  does not contain the parameters for using php-fpm. So, I don't understand why you keep wanting to use it even though you keep saying that you want to use php-fpm?

If you want apache with php-fpm, then you use the templates at:
/usr/local/cwpsrv/htdocs/resources/conf/web_servers/vhosts/httpd/php-fpm
If you want apache with suPHP, then you use the templates at:
/usr/local/cwpsrv/htdocs/resources/conf/web_servers/vhosts/httpd

It's simple. Not sure how you came to a solution with your own way... Confirm your php type with the setup that you have...
Create a php file at the domain that have the setup that you made for yourself, and put this inside:

Code: [Select]

<?php
phpinfo();
?>
Now load the file through the browser and confirm if your PHP is FPM/FastCGI under "Server API"

175

Suggestions / Re: Type Package

« on: January 24, 2022, 10:56:28 AM »

Thank you for your comment, we are working on some changes and they will be available soon

That's a nice idea.

176

E-Mail / Re: How to preserve modifications in /etc/postfix/main.cf

« on: January 24, 2022, 10:44:32 AM »

As I am trying to make the server behave as per my requirements, currently specially mail server, I made some changes to /etc/postfix/main.cf, but on rebuilding mail server the same gets overwritten (it's been mentioned all over this forum.).

So, is there a proper method to preserve the changes made in configuration files?

May be a post rebuild script ?

Why are you rebuilding it?

I did modifications to main.cf and master.cf
They stay like this unless I rebuild the server. That's the point of "rebuild". Rebuilding only happens when you tell it to. Just like Windows factory reset, it doesn't happen by itself. So, again, why are you rebuilding your mail server after configuring it appropriately?

If you insist, move the master and main file to somewhere else and then symlink it into the /etc/postfix directory. Connect the symlink again after each rebuild that you do.

177

CentOS-WebPanel Bugs / Re: 500 internal server error rewrite

« on: January 23, 2022, 11:15:36 PM »

my daily error codes
 Options FollowSymLinks not allowed
I did some research but it's very complicated. What should I do with an example?

It's not complicated at all. Remove this line:

Code: [Select]

Options +FollowSymLinksor change it to:

Code: [Select]

Options +SymLinksIfOwnerMatch
I'm wondering why you are even using this, as it is potentially a security issue. SymLinksIfOwnerMatch is better for security.
The reason for getting this error is because the apache template you are using does not let you control the "Options" variable for "FollowSymLinks" because it's not defined in there that you are allowed to:

Code: [Select]

<Directory "%docroot%">
Options -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>

178

CentOS-WebPanel Bugs / Re: 500 internal server error rewrite

« on: January 23, 2022, 06:53:13 PM »

Do this instead:

Code: [Select]

Options +FollowSymLinks
<IfModule mod_rewrite.c>
   RewriteEngine on
    RewriteCond %{HTTP_HOST} ^www\.EXAMPLE\.TLD[NC]
    RewriteRule ^(.*)$ http://EXAMPLE.TLD/$1 [L,R=301,NC]
    # Send request via index.php
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index.php/$1 [L]
</IfModule>
<FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css|css)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>Change EXAMPLE and TLD to your domain name.

Also check the domlogs to see what's actually wrong. The logs will say which line is giving error 500:

Code: [Select]

tail -f /usr/local/apache/domlogs/YourDomain

179

MySQL / Re: Database Privacy

« on: January 23, 2022, 06:45:25 PM »

I just tried to reproduce this with the newest version of CWP 0.9.8.1120.
I couldn't reproduce it.

On the homepage of PhpMyAdmin, on the right side of the page, below the "Database server". What does "User" say? is it the user account or root?

hi contact us via our support portal and add this topic link to it.

im not the starter of this thread... and I did not say that I have this problem..

180

MySQL / Re: Database Privacy

« on: January 23, 2022, 02:58:55 PM »

I just tried to reproduce this with the newest version of CWP 0.9.8.1120.
I couldn't reproduce it.

On the homepage of PhpMyAdmin, on the right side of the page, below the "Database server". What does "User" say? is it the user account or root?