This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
31
Mod_Security / Re: WordPress or WooCommerce, have a conflict with the OWASP CRS v4.16.0
« on: July 23, 2025, 11:04:19 PM »
You can also remove mod sec rules by domain rather than server wide too. I also think it's a WP theme related issue as some older WP sites I host were experiencing mod sec blocks & others did not.
IN CWP UI (might require CWP Pro)
- Mod Security
- Click Domains tab
- Click Edit rules on required domain
- Click Edit config file (create file & pathway if necessary).
I’ve added some custom rule removals this way for some WP sites that were causing the blocks as I wasn’t comfortable removing server wide.
IN CWP UI (might require CWP Pro)
- Mod Security
- Click Domains tab
- Click Edit rules on required domain
- Click Edit config file (create file & pathway if necessary).
I’ve added some custom rule removals this way for some WP sites that were causing the blocks as I wasn’t comfortable removing server wide.
32
Other / Re: Anyone else using Blesta with CWP?
« on: July 23, 2025, 03:40:31 AM »
I built my own billing/maintenance platform into my site. Does exactly what I want & I can only blame myself for any issues
33
Mod_Security / Re: WordPress or WooCommerce, have a conflict with the OWASP CRS v4.16.0
« on: July 15, 2025, 04:03:51 AM »
I have Wordpress sites running fine with WooCommerce using OWASP v4.16.0
I haven't done anything special but do have the rules disabled that @Starburst linked above + a couple of extras so I'd check that first.
## Wordpress ##
SecRuleRemoveById 981172
SecRuleRemoveById 981242
SecRuleRemoveById 981246
SecRuleRemoveById 981243
SecRuleRemoveById 981319
SecRuleRemoveById 959073
SecRuleRemoveById 958030
I haven't done anything special but do have the rules disabled that @Starburst linked above + a couple of extras so I'd check that first.
## Wordpress ##
SecRuleRemoveById 981172
SecRuleRemoveById 981242
SecRuleRemoveById 981246
SecRuleRemoveById 981243
SecRuleRemoveById 981319
SecRuleRemoveById 959073
SecRuleRemoveById 958030
34
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« on: July 09, 2025, 06:43:12 AM »
I can find attempts to use the exploit too but thus far they are having no luck & I can find no introduced files in home or tmp directories. I run Alma 8.
[06/Jul/2025:01:21:48 +1000] "POST /user/index.php?module=filemanager&acc=findFiles HTTP/1.0" 403 199 - Was from a ColoCrossing IP (no surprises there).
Have renamed file manager for security and shall actively watch.
[06/Jul/2025:01:21:48 +1000] "POST /user/index.php?module=filemanager&acc=findFiles HTTP/1.0" 403 199 - Was from a ColoCrossing IP (no surprises there).
Have renamed file manager for security and shall actively watch.
35
How to / Re: Installing ARC on ALMA 8/9
« on: June 30, 2025, 11:43:54 PM »
Thanks mate, you're a gem! @Starburst
I now have ARC headers & hopefully never again have to explain to clients why their forwarded emails are bouncing
I now have ARC headers & hopefully never again have to explain to clients why their forwarded emails are bouncing
36
How to / Re: Installing ARC on ALMA 8/9
« on: June 30, 2025, 11:59:27 AM »
@Starburst
OK, I assumed that was some advanced modification you had done to enable ARC
What are the 4 lines & where do I add?
OK, I assumed that was some advanced modification you had done to enable ARC
What are the 4 lines & where do I add?
37
How to / Re: Installing ARC on ALMA 8/9
« on: June 30, 2025, 12:23:50 AM »
Thanks all.
I think I'll have to research it further when I get some time (the WHM servers I manage all have ARC without any set up required). Was hoping for an easy fix & although Netino's guide looks great I wanted to retain SpamAssassin & CWP defaults.
I think I'll have to research it further when I get some time (the WHM servers I manage all have ARC without any set up required). Was hoping for an easy fix & although Netino's guide looks great I wanted to retain SpamAssassin & CWP defaults.
38
How to / Installing ARC on ALMA 8/9
« on: June 27, 2025, 03:37:50 AM »
Hi everyone,
Just wondering if anyone is brave enough to post a how to set up the new ARC authentication for email on ALMA 8/9 CWP servers. I'd love to get it sorted early on.
Smiles @Starburst
Just wondering if anyone is brave enough to post a how to set up the new ARC authentication for email on ALMA 8/9 CWP servers. I'd love to get it sorted early on.
Smiles @Starburst
39
E-Mail / Re: New wave of AI generated spam
« on: June 05, 2025, 04:26:04 AM »
Wow, that's next level. I haven't been the target of that yet /crossfingers
How is it travelling to you? Are they using VPS's, email sending services or Gmail/Outlook? VPS's can be fenced but the later is difficult to block without affecting legitimate traffic.
How is it travelling to you? Are they using VPS's, email sending services or Gmail/Outlook? VPS's can be fenced but the later is difficult to block without affecting legitimate traffic.
40
E-Mail / Re: sendmail
« on: March 12, 2025, 03:33:37 AM »
Is your e-commerce site using WordPress? If so there are plenty of SMTP plugins available online for you (eg: SMTP Mailer is simple & works well). Forminator is a good Wordpress plugin for contact forms and has inbuilt reCaptcha options, you may wish to couple this with your SMTP mail plugin.
Is your destination email address internal or external (ie: email@yourdomain.com or email@gmail.com). The domain email is much more forgiving as the mail is internal but the latter will require you to tick all of the SSL, DKIM, SPF and RDNS boxes.
mxtoolbox.com is your friend for checking mail settings.
If you want to send mail using PHP, PHPMailer extends the mail function and allows for SMPT Auth but you'll need to know how to code for it (eg: construct a plugin if it's Wordpress).
Is your destination email address internal or external (ie: email@yourdomain.com or email@gmail.com). The domain email is much more forgiving as the mail is internal but the latter will require you to tick all of the SSL, DKIM, SPF and RDNS boxes.
mxtoolbox.com is your friend for checking mail settings.
If you want to send mail using PHP, PHPMailer extends the mail function and allows for SMPT Auth but you'll need to know how to code for it (eg: construct a plugin if it's Wordpress).
41
Information / Re: Roundcube big security issue.
« on: February 27, 2025, 03:45:38 AM »
Thanks 
It now presents '403 Forbidden'.

It now presents '403 Forbidden'.
42
Installation / Re: DNS records for pop, cpanel....
« on: February 11, 2025, 04:56:17 AM »
CNAME * domain.com
Is a catch all solution
Is a catch all solution
43
DNS / Re: New IP (Rebuild Does Not Update)
« on: November 28, 2024, 01:30:30 AM »
Has your new DNS settings successfully propagated? They can take up to 48hours, you can check them here http://leafdns.com/
Is the Shared IP correct on your new VPS in CWP Settings > Edit Settings. If it is ensure to tick the Rebuild All WebServers vHosts with the new IP changes box and click save changes.
Is the Shared IP correct on your new VPS in CWP Settings > Edit Settings. If it is ensure to tick the Rebuild All WebServers vHosts with the new IP changes box and click save changes.
44
SSL / Re: Auto SSL certificate for mail only
« on: November 26, 2024, 11:45:41 PM »
Here's an example case for you
https://community.letsencrypt.org/t/certify-mail-server-with-lets-encrypt-certificate/64678
https://community.letsencrypt.org/t/certify-mail-server-with-lets-encrypt-certificate/64678
45
SSL / Re: Auto SSL certificate for mail only
« on: November 26, 2024, 10:35:43 PM »
Ya but I'm thinking you can generate a new account using the subdomain (mail.yourdomain.com) as the account domain on your mail server. It will need an A record pointed correctly to it and Lets Encrypt should issue a new SSL for it when you click create (just ensure AutoSSL is ticked under additional options). Lets Encrypt certs can't do what you want at the moment but it might work for a subdomain.
I haven't tested but am assuming this might work for you.
I haven't tested but am assuming this might work for you.
