Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - overseer

Pages: 1 ... 15 16 [17] 18 19 ... 127
241
That's certainly the nuclear option, but as Starburst pointed out, other panels have recently been vulnerable to PHP injection attacks -- even big daddy cPanel. It's up to the sysadmin to be aware of new vulnerabilities and mitigate them. Also, server hardening is essential as you're deploying it live on the Internet -- expect it to be attacked immediately, so make sure all software is up to date and patched, firewall up, keep Mod Security up to date, and best security practices are in place for hardening PHP, MariaDB, filesystem, etc.

There's no need to use external software or an online service to disinfect a server -- use the built-in clamav to scan for malware:
Code: [Select]
freshclam
clamscan --infected --log=/root/virus-scan-report-`date +\%Y-\%m-\%d`.txt --recursive /home
grep -i HEX.Topline /root/virus-scan-report-`date +\%Y-\%m-\%d`.txt
grep -i level.php.sigs /root/virus-scan-report-`date +\%Y-\%m-\%d`.txt
If you find PHP injection malware on the topline (the usual php shebang line), it will likely start with the standard PHP opening, then trail far off the right with a long base64 encoded string. So to disinfect the PHP file, replace it with the default shebang :
Code: [Select]
<?phpIf you find a malicious PHP file that looks like this, it can be deleted after taking note of the encoded include line:
Code: [Select]
<?php

/*d16bc*/

@include "\057home\057username/\160ubli\143_htm\154/the\155es/e\156gine\163/php\164empl\141te/.\146ad4b\067e0.i\143o";

/*d16bc*/
You can use UnPHP or another service to decode the encode file path, then delete that malicious file (which could be disguised as an .ico file but is in reality a standard PHP file, usually a webshell).

242
Installation / Re: Cannot login into the admin panel anymore
« on: October 10, 2025, 03:06:24 PM »
When changing the root password outside of CWP, make sure to update these two files so they agree with the current PW:
/usr/local/cwpsrv/htdocs/resources/admin/include/db_conn.php
/root/.my.cnf

243
Information / Re: Is CWP still maintained?
« on: October 09, 2025, 11:29:52 PM »
Your arguments reek of being a straw man. Is Cisco's IOS open source? Do you use any of their products $$$$? Do they offer full transparency into their development process? And do their CVE publications present everything factually without any sort of distortion or positive spin?

I am a paying CWP Pro customer and am generally happy with the product. It is NOT open source -- it is IonCube encoded to protect their development efforts -- and I'm okay with that. This is a capitalistic arrangement through and through.

At this point, I'm ready to say, "Go back under your bridge."

244
Are you just trying to inflate your post count? It seems that any meaningful contribution to this thread and forum community has ceased a while ago. You're beating a war drum with no soldiers rallying behind you, so it rings more than hollow.

245
PostgreSQL / Re: Error starting postgres
« on: October 09, 2025, 01:43:28 PM »
Code: [Select]
systemctl is-masked postgresql.service
systemctl unmask postgresql.service
systemctl start postgresql.service
systemctl enable postgresql.service

246
Installation / Re: Can't get CWPpro to activate
« on: October 09, 2025, 10:47:16 AM »
Is your server properly addressed and resolving on the net? IPv4 and IPv6?
Code: [Select]
ip aCan you ping other hosts from the server? Do you have essential service ports open on the CSF firewall?

247
CentOS 7 Problems / Re: Clamav database update blocked by CDN
« on: October 08, 2025, 06:44:01 PM »
ELevate is not a recommended upgrade path; you will likely introduce issues into the new system (Sandeep [a CWP dev] advises against it). Better to bring up a new AlmaLinux 8 system and use the CWP Migration module to transfer accounts. That's the route I chose and so I have a fresh system with very little cruft moved over from the old system. Fresh 'n shiny!
https://www.alphagnu.com/topic/578-does-it-possible-to-migrating-from-centos7-to-almalinux9-same-server-without-installing-to-new-server/

248
Installation / Re: Public beta of CWP for AlmaLinux 9 Available
« on: October 08, 2025, 10:46:33 AM »
Yes, still a workable beta. (Just beware of one issue with encryption rounds and logging in, and that CWP Migration does not work with EL9 currently.)
Quote
To fix the login issue, edit /etc/login.defs
find:
SHA_CRYPT_MAX_ROUNDS 10000
replace with
#SHA_CRYPT_MAX_ROUNDS 10000
Then set a new password for the affected user.

249
Additionally, last night I turned off my httpd service, but by the morning it was running again. It was restarted at 4 AM. I am not sure what caused it to turn back on, but this behavior looks weird.
Various cron tasks will restart httpd as a matter of course. And CWP's cron tasks run overnight, particularly AutoSSL which runs at 4 am. If you really want to disable it, you could remove those cron tasks, issue systemctl disable httpd and block incoming ports 80 and 443 on the firewall. But then you won't have a web server anymore. But maybe that's what you're after...

250
CentOS 7 Problems / Re: Clamav database update blocked by CDN
« on: October 07, 2025, 08:02:42 PM »
Having an EOL operating system (over the one year mark), you can expect to see any updates fizzle out and support for it dry up. Have you at least switched your repositories to the "vault" URLs so you can at least scrape out the last updates? Have you considered a CWP Migration? It works fairly well and offers a fairly painless migration path to AlmaLinux 8 so you can get to a more supported OS.

https://www.alphagnu.com/topic/562-fix-centos-8-repo-due-to-eol-could-not-retrieve-mirrorlist/

251
CentOS 7 Problems / Re: Clamav database update blocked by CDN
« on: October 07, 2025, 03:10:45 PM »
What OS are you running? Under AlmaLinux 8 with CWP, I have:
Code: [Select]
root@srv1]# clamd --version
ClamAV 1.4.3/27785/Tue Oct  7 02:40:12 2025

252
Information / Re: Is CWP still maintained?
« on: October 07, 2025, 03:07:10 PM »
CWP is not dead, was just updated 2 days ago. The security issue was fixed within days and is a non-issue now (but each admin should inspect their servers to ensure there was not a compromise). The ConfigServer team surprised the world by only giving 30 days notice before closing up shop. It is now GPLv3 licensed, so development can continue or it could be forked. There are guides on updating CWP to use the open source version, but probably the best course is to hold tight and wait to see which direction CWP pursues and keep your kit mainline without deviating too far.

The dev team could certainly increase in communication, but it is still a solid product -- I run multiple servers under it. Far better value proposition than cPanel, for sure!

253
Updates / Re: Yum Updates
« on: October 07, 2025, 01:43:58 PM »

254
PHP / Re: When will PHP 8.4 be released in CWP?
« on: October 07, 2025, 01:41:19 PM »
Not officially supported -- best to just wait for official CWP support for php-fpm 8.4. (There may be some hacky ways to get it going in the CLI, but you wouldn't have GUI control of it.)

255
Information / Re: 2FA for admin panel
« on: October 07, 2025, 10:50:03 AM »
Not yet for either free or pro...

Pages: 1 ... 15 16 [17] 18 19 ... 127