Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
211
CentOS 7 Problems / Re: Hostname ssl issue
« on: April 08, 2022, 01:20:01 AM »
Make sure to restart cwpsrv, nginx, and/or apache for new certs to take affect. If after restart, it doesn't work, please respond.
212
SSL / Re: How to secure my shoutcast server/streams with https
« on: April 08, 2022, 01:17:13 AM »
Example Config:
server {
listen {radio ip or any ip}:{Port for sll} ssl;
server_name {radio.whateverdomain.you.want, or comment out}
ssl_certificate {full chain certificate};
ssl_certificate_key {certificat key};
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://{radio ip}:{radio port};
}
server {
listen {radio ip or any ip}:{Port for sll} ssl;
server_name {radio.whateverdomain.you.want, or comment out}
ssl_certificate {full chain certificate};
ssl_certificate_key {certificat key};
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://{radio ip}:{radio port};
}
213
Backup / Re: Enabling remote backup will keep the files in the current server?
« on: April 07, 2022, 01:23:59 AM »
Log in via ssh, and try to manually upload the file via the command line "ftp" program.
ftp backup.host
cd /ZEUS-BACKUP/full/daily/Tuesday/accounts/
put /home/tmp_bak/.backup_temp/zupomeg/zupomeg.tar.gz
Also check the other sides logs for clues. It could be that /ZEUS-BACKUP/full/daily/Tuesday/accounts/ doesn't exist, and ftp doesn't automatically mkdir's
ftp backup.host
cd /ZEUS-BACKUP/full/daily/Tuesday/accounts/
put /home/tmp_bak/.backup_temp/zupomeg/zupomeg.tar.gz
Also check the other sides logs for clues. It could be that /ZEUS-BACKUP/full/daily/Tuesday/accounts/ doesn't exist, and ftp doesn't automatically mkdir's
214
Backup / Re: Enabling remote backup will keep the files in the current server?
« on: April 05, 2022, 11:22:08 PM »
check the log file /var/log/cwp/cron_backup.log for clues as to why it's not uploading
215
CentOS Configuration / Re: server time : timezone not applied
« on: April 05, 2022, 05:38:59 AM »
Try restarting the crond service ( systemctl restart crond ). It could be that it's still using UTC because the system has not been restarted since setting the timezone
216
CentOS Configuration / Re: server time : timezone not applied
« on: April 05, 2022, 04:55:04 AM »
According to what your showing, the Cron Job is running as UTC time instead of your local time. By chance is your system a VSP running OpenVZ? From Shell run "date" command to get the system time (which is normally used for cron).
217
iptables / Re: ssh brute force attacks to random ports/users
« on: April 01, 2022, 03:18:23 PM »
Your firewall is working as intended. Bots/Hackers are going to attempt to access your server 24/7. We all deal with it. But if you don't throttle them by temp banning, you are giving them every opportunity to compromise your system with a dictionary attack.
Best option is to use certificate based access through SSH, shut off password access, and just ignore the log unless something happens.
Best option is to use certificate based access through SSH, shut off password access, and just ignore the log unless something happens.
218
Information / Re: Bandwidth limit and site suspension
« on: April 01, 2022, 03:10:31 PM »
log into ssh
mysql
update root_cwp.user set bandwidth="0" where username="{username}";
Then unsuspend the account
mysql
update root_cwp.user set bandwidth="0" where username="{username}";
Then unsuspend the account
219
Information / Re: Bandwidth limit and site suspension
« on: April 01, 2022, 12:53:33 PM »
/admin/index.php?module=packages
Create a new package with an increased bandwidth to assign to the account that keeps getting suspended.
Create a new package with an increased bandwidth to assign to the account that keeps getting suspended.
220
iptables / Re: ssh brute force attacks to random ports/users
« on: April 01, 2022, 12:50:36 PM »
Using a firewall is required, but so long as the port is open, you are subject to brute force attacks. Hence why I say using a iptables firewall manager such as CSF/LFD.
The software does the same thing you are doing manually, except it can monitor the log files and set bans on IP's that are trying to brute force.
IF you want to exclusively use cloudflare, you could open those ports to ONLY cloudflare's IP Range, and shut it off to everything else.
CWP supports the software it bundles, not every underlying software that comes with it. You can try the paid support, but I'm afraid you'll receive the same response.
I'm sorry, but the only two solutions I can give are either use CSF/LFD with automated banning, or close the firewall to everything but cloudflare and select IP's. Any other solution is out of the scope of this forum. Thank you for understanding.
The software does the same thing you are doing manually, except it can monitor the log files and set bans on IP's that are trying to brute force.
IF you want to exclusively use cloudflare, you could open those ports to ONLY cloudflare's IP Range, and shut it off to everything else.
CWP supports the software it bundles, not every underlying software that comes with it. You can try the paid support, but I'm afraid you'll receive the same response.
I'm sorry, but the only two solutions I can give are either use CSF/LFD with automated banning, or close the firewall to everything but cloudflare and select IP's. Any other solution is out of the scope of this forum. Thank you for understanding.
221
CentOS Configuration / Re: server time : timezone not applied
« on: April 01, 2022, 12:40:16 PM »222
CentOS 7 Problems / Re: Cannot managed dababase MySQL from CWP7
« on: April 01, 2022, 12:29:12 PM »
Doing a search, that is the only place where the password is set. Have you tried restarting cwpsrv and cwpphp?
/scripts/restart_cwpsrv
Other than that, It would have to be a permission issue with mariadb's access
/scripts/restart_cwpsrv
Other than that, It would have to be a permission issue with mariadb's access
223
CentOS 7 Problems / Re: Cannot managed dababase MySQL from CWP7
« on: March 31, 2022, 12:08:10 PM »
Can you verify that the passwords are the same between
/root/.my.cnf and /usr/local/cwpsrv/htdocs/resources/admin/include/db_conn.php
/root/.my.cnf and /usr/local/cwpsrv/htdocs/resources/admin/include/db_conn.php
224
CentOS Configuration / Re: server time : timezone not applied
« on: March 31, 2022, 10:28:36 AM »
Not sure what you mean by modified log file, could you please elaborate?
225
How to / Re: [Tutorial] How to install SSL on hostname?
« on: March 31, 2022, 10:26:25 AM »I will add more pictures.
<a href="https://ibb.co/Z6QWv5M"><img src="https://i.ibb.co/VWF2bRq/01.png" alt="01" border="0"></a>
<a href="https://ibb.co/tM2FRLj"><img src="https://i.ibb.co/rGpN9d8/02.png" alt="02" border="0"></a>
<a href="https://ibb.co/8Xfgvrq"><img src="https://i.ibb.co/SJMwYtb/03.png" alt="03" border="0"></a>
2087 and 2083 are handled by the cwp version of nginx itself (/usr/local/cwpsrv/)
Whereas your third picture is run by apache/nginx (Whichever you use).
Do the following:
grep cert /usr/local/cwpsrv/conf/cwpsrv.conf Copy the 2 lines
FOr Apache:
nano /usr/local/apache/conf.d/hostname-ssl.conf
Find all instances of SSLCertificateFile and SSLCertificateKeyFile and point them to the cert above:
For Nignx:
nano /etc/nginx/conf.d/hostname-ssl.conf
Find all Instances of ssl_certificate and ssl_certificate_key and point them to the cert above
After making the changes, systemctl restart httpd and nginx -s reload
