This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
31
FTP / Re: Enabling FTPs or FPTes
« on: June 17, 2021, 05:00:58 AM »Set this inCode: [Select]vsftpd.conf
Code: [Select]ssl_enable=YES
# do not allow anonymous users to access ftp
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
# enable tlsv1 encryption
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
# disallow ssl reuse
require_ssl_reuse=NO
ssl_ciphers=HIGH
rsa_cert_file=/etc/vsftpd.pem
rsa_private_key_file=/etc/vsftpd.pem
# port range for passive mode
pasv_max_port=65535
pasv_min_port=64000
Dear Joseph,
CWP uses pure-ftpd with the file location
Code: [Select]
/etc/pure-ftpd/pure-ftpd.conf
Is it same with vsftpd? and where is the config file of vsftp location?
Thanks.
32
FTP / Re: Enabling FTPs or FPTes
« on: June 16, 2021, 04:19:33 AM »You need to create SSL certificate for TLS - something likeCode: [Select]/etc/certs/pure-ftpd.pem
or whatever you have defined as the existence of your cert inCode: [Select]/etc/pure-ftpd/pureftpd.conf
something likeCode: [Select]CertFile /etc/certs/pure-ftpd.pem
In the /etc/pure-ftpd/pure-ftpd.conf, the Cert file is CertFile /etc/pki/tls/private/hostname.pem
And that file is exist.
But what I should do next? I want to force my customer just login to FTPs or FTPes only, and disable plain FTP.
Which part of my pure-ftpd.conf that I have to modify?
Thanks.
33
FTP / Re: Error when enable jailkit to a user
« on: June 15, 2021, 08:28:33 AM »
I saw when selecting Jailkit In shell access at CWP Admin, there is a file careated name:
/run/systemd/generator/home-jail-[user_cwp]-home-[user_cwp].mount
It looks like mount the hard disk, so I checked at /etc/fstab, and I found this line
/home/[user_cwp] /home/jail/[user_cwp]/home/[user_cwp] none bind,nobootwait 0 0
It causes the /home/[user_cwp] has symlink to /home/jail/
So, how can I unmount this since I have disabled jailkit, because it was error when trying to use it.
Thanks.
/run/systemd/generator/home-jail-[user_cwp]-home-[user_cwp].mount
It looks like mount the hard disk, so I checked at /etc/fstab, and I found this line
/home/[user_cwp] /home/jail/[user_cwp]/home/[user_cwp] none bind,nobootwait 0 0
It causes the /home/[user_cwp] has symlink to /home/jail/
So, how can I unmount this since I have disabled jailkit, because it was error when trying to use it.
Thanks.
34
FTP / Error when enable jailkit to a user
« on: June 15, 2021, 06:20:07 AM »
I tried to use jailkit for a user in CWP.
It create directory /home/jail/[user]/home/[user]
But after waiting for minutes, the page at CWP admin said: Error enabling jailkit.
I then switch to SFTP, and no problem.
But the problem is that I cant remove /home/jail/[user]
If I removed it, it automatically remove /home/[user] too. It looks like /home/[user] is symlinked to /home/jail[user]
If I remooved file inside /home/jail/[user], it removed the file inside /home/[user] too.
I tried to remove that symlink. But I cant find it.
Even, I have uninstall jailkit, but still unable to remove /home/jail/ and the symlink still run.
How to fix it? where is the symlink configuration store?
Thanks.
It create directory /home/jail/[user]/home/[user]
But after waiting for minutes, the page at CWP admin said: Error enabling jailkit.
I then switch to SFTP, and no problem.
But the problem is that I cant remove /home/jail/[user]
If I removed it, it automatically remove /home/[user] too. It looks like /home/[user] is symlinked to /home/jail[user]
If I remooved file inside /home/jail/[user], it removed the file inside /home/[user] too.
I tried to remove that symlink. But I cant find it.
Even, I have uninstall jailkit, but still unable to remove /home/jail/ and the symlink still run.
How to fix it? where is the symlink configuration store?
Thanks.
35
FTP / Enabling FTPs or FPTes
« on: June 15, 2021, 02:51:05 AM »
I dont know which one is better. FTPs or FTPes. But as I know, it need TLS for the FTP.
I tried to follow the instruction at http://wiki.centos-webpanel.com/how-to-install-tls-for-ftp
It said it can use sh /scripts/install_pure-ftpd_tls if using Centos 7 and CWP version 0.9.8.757+. I used Centos 7 and latest CWP Pro version.
I run that sh command, it said it was installed successfully. But then what need to do? how can I know the FTPs and FTPes can be used?
I read the instruction above, it said to check:
/etc/pki/tls/private/hostname.key
/etc/pki/tls/certs/hostname.crt
I have /etc/pki/tls/certs/hostname.key at my vps, but I didnt see /etc/pki/tls/certs/hostname.crt.
So, how exactly enabling FTPs and FTPes?
Thanks.
I tried to follow the instruction at http://wiki.centos-webpanel.com/how-to-install-tls-for-ftp
It said it can use sh /scripts/install_pure-ftpd_tls if using Centos 7 and CWP version 0.9.8.757+. I used Centos 7 and latest CWP Pro version.
I run that sh command, it said it was installed successfully. But then what need to do? how can I know the FTPs and FTPes can be used?
I read the instruction above, it said to check:
/etc/pki/tls/private/hostname.key
/etc/pki/tls/certs/hostname.crt
I have /etc/pki/tls/certs/hostname.key at my vps, but I didnt see /etc/pki/tls/certs/hostname.crt.
So, how exactly enabling FTPs and FTPes?
Thanks.
36
FTP / Re: How to disable port 21 for plain FTP?
« on: June 14, 2021, 02:13:36 AM »
is that mean that whiteliisted IP can access all ports in server although the ports have been remove from CSF/LFD? I'm not sure about that.
I have whiteisted an IP at my CWP server.Then I try to login to ssh via port 22, and it was refused, since port 22 has removed from CSF/LFD.
But it does not impact with PORT 21.
What's the difference?
Thanks.
I have whiteisted an IP at my CWP server.Then I try to login to ssh via port 22, and it was refused, since port 22 has removed from CSF/LFD.
But it does not impact with PORT 21.
What's the difference?
Thanks.
37
FTP / How to disable port 21 for plain FTP?
« on: June 13, 2021, 08:26:56 AM »
I have removed PORT 21 from CSF at TCP_IN, TCP_OUT, TCP6_IN, and TCP6_OUT.
I have restarted CSF and LFD.
I have restarted pure ftpd service.
but when I tried to login to FTP with port 21, I can login successfully.
So, how can I totally disable PORT 21? I just want to use SFTP for security reason.
Thanks.
I have restarted CSF and LFD.
I have restarted pure ftpd service.
but when I tried to login to FTP with port 21, I can login successfully.
So, how can I totally disable PORT 21? I just want to use SFTP for security reason.
Thanks.
38
Suggestions / Providing ImunifyAV Free and or Imunify360
« on: May 04, 2021, 03:04:30 AM »
It is better is CWP provide ImunifyAV free and or Imunify360 to replace maldet scan. I have tried to install imunifyAV free but it said the panel is not compatbile.
it is good for malware detection.
By improving great feature, CWP may be able to increase the price of CWPPro
Thanks.
it is good for malware detection.
By improving great feature, CWP may be able to increase the price of CWPPro
Thanks.
39
Suggestions / Providing Better full backup
« on: May 04, 2021, 02:54:39 AM »
I think it will be great if CWP has feature to full backup for all home user, mysql, and everything just like cpanel does. Then it can be restored to another CWP easily.
at this time CWP provide separate backup. Even when user try to backup from user panel, it does not show any progress or finishing file.
Customer must dump sql one by one including mail data, then create again mysql user password at the new server. It takes too long if we have many customers.
And it is better if customer's mail is moved to /home/[user], not being separated at /var/vmail/
Thanks.
at this time CWP provide separate backup. Even when user try to backup from user panel, it does not show any progress or finishing file.
Customer must dump sql one by one including mail data, then create again mysql user password at the new server. It takes too long if we have many customers.
And it is better if customer's mail is moved to /home/[user], not being separated at /var/vmail/
Thanks.
40
CentOS 7 Problems / Re: PHP Defender/snuffleupagus fecks up PHP
« on: May 04, 2021, 02:38:23 AM »
I faced another problem with PHPDefender. It can be installed well. But I cant change the rule at all.
The path for the rule is: /usr/local/cwp/.conf/phpdefender/rules/
When installed I choose intermediate.
One of my site got blocked with the reason: fatal error because of usage ini_set("display_errors").
Then I open the cwp_php_defender_interm.rules
I change the line:
sp.disable_function.function("ini_set").param("varname").value_r("display_errors").drop()
to
#sp.disable_function.function("ini_set").param("varname").value_r("display_errors").drop() --> add comment sign, so it is ignored.
Restarting apache, but still get the same error. Then change that line to:
sp.disable_function.function("ini_set").param("varname").value_r("display_errors").allow()
But still gave the same error.
So, where is actually PHPdefender store the log data and is there any file contains the locked domain, so it kept giving the same error, even when I have removed PHPdefender, the same error still show up.
And which the rules file that PHPdefender execute for real?
It is really confusing, and there is no complete documentation at CWP. Opening the site snuffleupagus.readthedocs.io does not give any useful information.
Has CWP developer tested it before launching this feature?
Thanks.
The path for the rule is: /usr/local/cwp/.conf/phpdefender/rules/
When installed I choose intermediate.
One of my site got blocked with the reason: fatal error because of usage ini_set("display_errors").
Then I open the cwp_php_defender_interm.rules
I change the line:
sp.disable_function.function("ini_set").param("varname").value_r("display_errors").drop()
to
#sp.disable_function.function("ini_set").param("varname").value_r("display_errors").drop() --> add comment sign, so it is ignored.
Restarting apache, but still get the same error. Then change that line to:
sp.disable_function.function("ini_set").param("varname").value_r("display_errors").allow()
But still gave the same error.
So, where is actually PHPdefender store the log data and is there any file contains the locked domain, so it kept giving the same error, even when I have removed PHPdefender, the same error still show up.
And which the rules file that PHPdefender execute for real?
It is really confusing, and there is no complete documentation at CWP. Opening the site snuffleupagus.readthedocs.io does not give any useful information.
Has CWP developer tested it before launching this feature?
Thanks.
41
CentOS 7 Problems / Re: PHPDefender permission denied
« on: May 03, 2021, 06:13:36 AM »
I have opened the ticket with number: 140213
Thanks.
Thanks.
42
CentOS 7 Problems / Re: PHPDefender permission denied
« on: May 03, 2021, 06:00:57 AM »don't worry create the support ticket again if possible and add this thread link there.Ok, Sandeep, thanks for your information. I will try to open the new ticket.
Thanks.
43
CentOS 7 Problems / Re: PHPDefender permission denied
« on: May 03, 2021, 05:32:47 AM »notified to devs they will look into it.
I have notified the developer, but he said I have to pay for extra cost to buy CWP Support, and he will fix it for me.
Even, when I asked about the log path of PHP defender, he said I just bought CWP Pro which is not included any support. I have no idea, if just asking for the log path I have to pay for additional support. Then, he gave me the link to snuffleupagus website which CWP uses for PHP defender. But nothing can be used from the page of snuffleupagus. no log data information too, and no information about permission denied.
CWP said, I have to pay for extra support to fix it, because there is no problem at his server.
I'm so confuse. I dont ask him to modify my server or make other configuration. I just ask about CWP feature that I installed from the admn page. And it should be a bug he must fix, right? So, should I pay for extra cost for a CWP bug?
Thanks.
44
CentOS 7 Problems / PHPDefender permission denied
« on: May 03, 2021, 03:56:26 AM »
CWPPro has new feature at Security Center section, namely PHP Defender.
I have enabled it to prevent hacking attempt through PHP script.
But I got the error message: Could not open configuration file /usr/local/cwp/.conf/phpdefender/rules/cwp_php_defender_interm.rules : Permission denied
the file exist with chmod 640. Trying to change to chmod 644, but give the same error.
I use PHP selector PHP 7.3, PHP 7.4 and PHP 8.0. All of them are PHP-CGI, not PHP-FPM.
How to fix it?
Thanks.
I have enabled it to prevent hacking attempt through PHP script.
But I got the error message: Could not open configuration file /usr/local/cwp/.conf/phpdefender/rules/cwp_php_defender_interm.rules : Permission denied
the file exist with chmod 640. Trying to change to chmod 644, but give the same error.
I use PHP selector PHP 7.3, PHP 7.4 and PHP 8.0. All of them are PHP-CGI, not PHP-FPM.
How to fix it?
Thanks.
45
E-Mail / Sending email information from root server failed "mail transport unavailable"
« on: May 02, 2021, 09:37:00 AM »
I have setup CWPPro from the begining. no modified at all.
At CWP Setting -> Edit Setting, I have checked "Forward server system email"
I can receive email from outside to my email address: info@domain.com
But, all emails from server such as Anacron, RKHunter, CSF informations etc are queue in. It tries to send to info@domain.com, but fail, and bounce back as mailer-daemon with error "mail transport unavailable".
When I click on detail button next to my email address, it said "network unreachable". My email uses google apps and has no problem.
How to fix it?
Thanks.
At CWP Setting -> Edit Setting, I have checked "Forward server system email"
I can receive email from outside to my email address: info@domain.com
But, all emails from server such as Anacron, RKHunter, CSF informations etc are queue in. It tries to send to info@domain.com, but fail, and bounce back as mailer-daemon with error "mail transport unavailable".
When I click on detail button next to my email address, it said "network unreachable". My email uses google apps and has no problem.
How to fix it?
Thanks.