Messages

286

Information / Re: problem domain

« on: March 02, 2022, 09:14:09 PM »

still no solution, I created the file and it still has a problem.

You can't just create a file.   If /scripts/ does not contain that script, then you have a misconfigured version of CWP installed.

287

CentOS-WebPanel Bugs / Re: htaccess file protect can access file when file permission is 444

« on: March 02, 2022, 09:12:36 PM »

This is the action of a hacker which practically modifies files in the web folder and is able to set 444 permissions on this files.
All the security provided from MODsec shoud block these hacking behavior or at least CWP admins/devs should provide a patch for blocking these malicious instances.

What is suggested as a fix is practically making the website more vulnerable, rather than increasing the security.

Everyone is paying licenses and we are all suffering from lack of support on this matter.

Please advise.

I'm not sure what you are even talking about.  The OP is setting his permissions. Obviously, if you set a file's permissions that nginx cannot read, it will throw an error.   The issue here isn't the file permissions (Which should be 640), but the fact that nginx does not use the .htaccess file.   Nginx has it's own AUTH method, but it has to be set in the domains server block.  Perhaps you should re-read the thread, as the correct way of handling this was explained to him. 

288

Postfix / Re: SASL LOGIN authentication failed: UGFzc3dvcmQ6

« on: February 28, 2022, 03:50:31 AM »

Welcome to owning a server.   Use CSF firewall to block the two ip's.  Setup automatic blocks on 4-5 failed logins.

289

Updates / Re: Unexpected use of Ram and I/O

« on: February 27, 2022, 06:06:07 AM »

Please post the output from " top " and " iotop "  (May need to be installed via yum)

290

Information / Re: problem domain

« on: February 24, 2022, 10:04:00 PM »

Check if the domain is already pointing to another account here:  /admin/index.php?module=list_domains
or if the account is already created with the domain here:  /admin/index.php?module=list_accounts

291

MySQL / Re: error try check email accounts

« on: February 23, 2022, 05:26:54 AM »

Ajax error typically means there is an issue with the backend API.  Please use the browser debugger tool to show the response your get from the xhr requests.

292

Other / Re: SSL for WildCard

« on: February 19, 2022, 04:28:06 PM »

When it comes to certificates not generated by CWP, you're going to find you'll have a difficult time.  Your website configuration can be overwritten quite a bit, and you will have to recreate what you've done.   I'd recommend creating new templates for that domain only in /usr/local/cwpsrv/htdocs/resources/conf/web_servers/vhosts/nginx/ for that specific domain, so that your settings aren't overwritten.

As to why it's insecure, it's hard to tell unless you give us the actual domain name so we can look at it.

293

CentOS-WebPanel Bugs / Re: htaccess file protect can access file when file permission is 444

« on: February 19, 2022, 04:22:14 PM »

Nginx needs to be the auth then. 

You will want to create a new template in "   nano /usr/local/cwpsrv/htdocs/resources/conf/web_servers/vhosts/nginx/   " (or php-fpm/nginx if you are using php-fpm).

You will need to do both the tpl and stpl file, and name it the user account.  Make the changes in that file.  Then goto WebServer Settings -> Webserver Domain Config, and assign your new template to the account you want.  (This will prevent issues when CWP updates)

Follow this tutorial to edit the template file:  https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/

294

CentOS-WebPanel Bugs / Re: htaccess file protect can access file when file permission is 444

« on: February 19, 2022, 07:05:37 AM »

are you using nginx in front of apache, or apache only.  Could be a misconfiguration of Nginx if the former is true.

295

CentOS 7 Problems / Re: 503 Capacity Error

« on: February 19, 2022, 07:03:20 AM »

What is your configuration?  Nginx -> Varnish -> Apache, Nginx -> Apache, Apache Only.

We need to know more information to be able to move forward with any help

296

Installation / Re: Location of default HHTP Test Page for hostname

« on: February 19, 2022, 07:01:39 AM »

Should be /usr/local/apache/htdocs/

297

Postfix / Re: How to empty the spool email?

« on: February 16, 2022, 08:55:46 PM »

CWP uses PostFix, not Exim.  I would not recommend removing anything from the que.  Eventually, it will give up on non-deliverable, and remove them automatically

298

CentOS-WebPanel Bugs / Re: Problem with new Shoutcast Manager

« on: February 15, 2022, 11:15:07 PM »

Check the log file.

systemctl status liquidsoap@<Port>   I found that all of the mp3's, the m3u, and the config file all need 744 chmod in order for autodj to work.   The Script is setting them 640, and that is causing errors

299

CentOS-WebPanel Bugs / Re: Problem with new Shoutcast Manager

« on: February 15, 2022, 10:25:38 PM »

that repo is already installed.
liquidsoap wasn't installed but now it is.

Remove your information.  You just opened up your server to be hacked by anyone and everyone.  NEVER post passwords

300

CentOS-WebPanel Bugs / Re: Problem with new Shoutcast Manager

« on: February 15, 2022, 04:17:50 PM »

cd /etc/liquidsoap
chmod 744 *.liq