Messages

241

CSF Firewall / Re: DDOS

« on: March 09, 2019, 02:46:29 AM »

You can use CSF, but you must to consider the posted here:
https://www.liquidweb.com/kb/basic-dosddos-mitigation-with-the-csf-firewall/

Specially in following part:
1) There is no way to prevent a DoS/DDoS attack against any server connected to the Internet; once in progress, the only thing that can be done is to try to mitigate its effects.
2) There is no way to make a server respond normally when it is under attack; the most that can be done is to try to keep it online during the attack by reducing the impact of the incoming traffic.
3) In some cases, the best way to deal with a large-volume attack is to null-route the server’s IP address. Effectively, that means temporarily taking it offline until the incoming traffic subsides.
4) Any measures employed within CSF will be effective only against small attacks, and measures should be implemented in CSF only while the server is under attack. The firewall settings always should be restored afterward to minimize disruption of legitimate traffic, as the measures outlined below will slow incoming packets.
5) CSF is not the only way to mitigate small-scale attacks. Services such as those offered by CloudFlare’s network also may help because they are external, buffering traffic to the server. And for maximum protection against large attacks (millions of incoming packets per second), a specialized DoS mitigation service may be necessary. You can read more about such protection at https://www.liquidweb.com/services/network/ddos.html.

Regards,
Netino

242

Backup / Re: Connection Failed

« on: March 09, 2019, 02:40:42 AM »

I would just to copy this page, ipsis literis, but I must respect copyrights:

https://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-login-without-password-using-ssh-keygen-ssh-copy-id

Basicly you must generate the key locally, and after you copy to the server.
Try that, and report us.

243

Backup / Re: Connection Failed

« on: March 05, 2019, 09:04:21 PM »

Start with waht you are trying to do.
Are you trying to get passwordless connection..??

Putting the private key in '/root/.ssh/id_rsa.pub' generated at CLIENT computer, and the public in '/root/.ssh/authorized_keys' would be sufficient to 'root' user use passwordless connections.
Note: it is not placed in a 'backup' subdir.
What is your correct user..?? Is root..??

If so, don't forget to set the permissions:

Code: [Select]

# chmod 700 /root/.ssh/id_rsa.pub
# chmod 640 /root/.ssh/authorized_keys

Regards,
Netino

244

CentOS-WebPanel Bugs / Re: Cron Jobs Do Not Run That Use Dev Null

« on: March 04, 2019, 08:31:44 PM »

I would not recommend to redirect both the standard output and error output.
This is due to cronjob could to warn you about problems, and without them could turn your task to debug applications much more difficult.

You still didn t said where you put that commands.
If was in panel, try to cat the content directly from /etc/crontab here to us, or by show us the result of the command "crontab -l user" here.
The objective is to check if the panel is passing correctly the commands to corntab.

Regards,
Netino

245

E-Mail / Re: Forwarding All Email for a Domain

« on: March 03, 2019, 09:51:33 PM »

Access CWP, menu "Email" >> "Email Aliases/Forwarders" >> "Add New Alias", select the user of your domain, and fill in fields:
Email Address: *
Forward To: [The final E-mail Adress destiny here]

The order of aliases creation seems important.
In my case was important the order of alias creation.
Fisrt I created the "catch-all", after some other specific address. It was sending all mails to catch-all although created a specific other alias.

So, If you have another specific alias to coexist with you catch-all address, you must try to create it before the catch-all address.

Regards,
Netino

246

CSF Firewall / Re: lfd on SERVERName : Suspicious process running under user netdata

« on: March 03, 2019, 09:32:47 PM »

Sorry, still is incomplete.
As per your mail message, you could try to use:

Code: [Select]

exe:/usr/bin/python2.7
user:netdata
cmd:/usr/bin/python /usr/libexec/netdata/plugins.d/python.d.plugin 1

This should properly ignore all python processes executing that specific file.

If your netdata command line is not like above, another thing you could try is the argumento to "pcmd" too:

pcmd:*/usr/libexec/netdata/plugins.d/python.d.plugin 1

This will ignore all commands ending in the path of the file, which includes python processes.
Like in:

Code: [Select]

exe:/usr/bin/python2.7
user:netdata
pcmd:*/usr/libexec/netdata/plugins.d/python.d.plugin 1

So, if it is invoked as "/usr/bin/python2.7" or instead as "/usr/bin/python" (or yet any other), is indifferent, this command could to target them.

And don't forget to restart csf:

Code: [Select]

# csf -x; csf -e


247

Apache / Re: Logrotate domlogs

« on: March 03, 2019, 04:20:05 AM »

Surely you have mistyped some character of that file.
Or you are uploading that file to the server as "binary" mode through you Windows PC.

248

CSF Firewall / Re: lfd on {HOSTNAME}: Suspicious process running under user {USERNAME}

« on: March 03, 2019, 04:14:47 AM »

The most important question is: 'These processes are legitimate..??'
If not, kill them, and investigate how they were activated.
If they are, why would you kill them .. ??

If you don't know if they are legitimate processes, try to learn more about the programs you have installed in your machine, and how they are executed, before to turn it public accessible. Your could have very serious security problems, too easily.

Regards,
Netino

249

High Performance / Re: 403 forbidden in subdomain or secondary domain

« on: March 03, 2019, 03:53:53 AM »

The logs of the webserver you are using.
You are using Apache webserver, but although you are using nginx as just a reverse proxy, per si nginx can return code "403" too.

So, I would recommend all of these logs, in this order:
=================================
1) /usr/local/apache/domlogs/domain.error.log
2) /usr/local/apache/domlogs/domain.log
3) /usr/local/apache/logs/error_log
4) /usr/local/apache/logs/access_log
5) /var/log/nginx/error.log
6) /var/log/nginx/access.log
=================================

250

CSF Firewall / Re: lfd on SERVERName : Suspicious process running under user netdata

« on: March 03, 2019, 03:36:28 AM »

(...)
the second
from cwp >security>csf firwall>firwall configuration
and i search for: PT_USERPROC =

i found it 10 and i change it to 0
and finish
(...)

You disabled that feature, I would not recommend to you to do that.

Too, seems you don't have a 'Netdata' user, but instead a 'netdata' user. The case letter is a important difference.
I would try first that inclusion to file 'csf.pignore' with:

Code: [Select]

exe:/usr/bin/python2.7
user:netdata
cmd:netdata

IMPORTANT: Don't list the paths to "cmd line (as would perl or php) as this will prevent detection of really suspicious web scripts.
Try to find the command line "cmd" by searching the /proc process structure.

Regards,
Netino

251

CSF Firewall / Re: lfd on SERVERName : Suspicious process running under user netdata

« on: February 27, 2019, 03:46:20 AM »

Post the complete content of that mail.

To supress that messages, you must to include something like the following (for example for "amavisd") in the file "/etc/csf/csf.pignore":

Code: [Select]

exe:/usr/bin/perl
user:amavis
cmd:/usr/sbin/amavisd

Regards,
Netino

252

CentOS 7 Problems / Re: CWP Pro: User accounts are locked

« on: February 27, 2019, 03:41:15 AM »

If you are seeking for blocked IP's, you must check with the command:

Code: [Select]

# iptables -L -n | grep <YOUR IP NUMBER>

...or, if you are using "ipset":

Code: [Select]

# ipset list | grep <YOUR IP NUMBER>

If your IP are not in that list, you are not being blocked in your server, is possible to be a block in your ISP.

253

CentOS 7 Problems / Re: not appear domain and users email

« on: February 27, 2019, 03:33:19 AM »

Same issue ie. no domains when checking email routing etc. I checked in the DB and it's blank ie. no records.

The command: mysql --defaults-extra-file=/root/.my.cnf root_cwp -B -N -s -e "SELECT * FROM user"

Outputs the correct data for the 2 accounts I created, so I don't think it's an access issue. Those records were never created when the user account was created:

You can have problem in 'domains' table. Check if the domais are exactly the same in both tables.

254

CentOS 7 Problems / Re: not appear domain and users email

« on: February 27, 2019, 03:18:16 AM »

here is the output.

[root@cwp ~]# mysql --defaults-extra-file=/root/.my.cnf root_cwp -B -N -s -e "SELECT * FROM user"
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)

This worths for you:

Check your MySQL root password are exactly the same in files:
   /usr/local/cwpsrv/htdocs/resources/admin/include/db_conn.php
and
   /root/.my.cnf

If the passwords are exactly the same, so you have problems in your "/root/.my.cnf" file.

you must have something like this in that file:

Code: [Select]

[client]

password=Wr3rT9r4tO8c
user=root
(obviously, the password is ficticious, adapt it to your case)

Anyway, if it still does not work, try to access directly your mysql/mariadb server, with the command:

Code: [Select]

# mysql -p root_cwp -B -N -s -e "SELECT * FROM user"

...and provide that password directly, as it ask it. It must access. If the system complains of "Access denied" then your password is wrong, you will need to reassign it.

255

High Performance / Re: 403 forbidden in subdomain or secondary domain

« on: February 27, 2019, 03:13:46 AM »

You must check you log files before you load your .htaccess file, and see for what files they are pointing.

Regards,
Netino