Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - overseer

Pages: 1 ... 22 23 [24] 25 26 ... 127
346
That is exactly what crouso discovered and reported privately to me in a personal message. I posted it to the other thread he had on the topic, but not this one. He cleaned out and then watched the /usr/local/src directory during the build process, captured the downloaded files, then ran the scripts from the CLI and was able to successfully install PHP 8.2.

347
E-Mail / Re: Roundcube - Connection Error - Sending a particular email
« on: August 07, 2025, 01:29:31 PM »
Did you check ModSecurity? Look at disabling rule 212880 or others that may be interfering with Roundcube.

Cyberspace, glad to have you back! Always hoping you are staying safe over there!

348
Nginx / Re: [proxy_fcgi:error] AH01071
« on: August 07, 2025, 01:01:18 PM »
What are the sites running? A content management system like WordPress? You may need to put some FastCGI tuning in your relevant php-fpm user.conf file, or in the vhost conf -- increasing various timeout settings.

Per-user tuning available under that version of php-fpm:
/opt/alt/php-fpm83/usr/etc/php-fpm.d/users/username.conf
Code: [Select]
pm = ondemand
pm.max_children = 4
pm.max_requests = 4000
pm.process_idle_timeout = 15s

;listen.backlog = -1
;request_terminate_timeout = 0s
rlimit_files = 131072
rlimit_core = unlimited
catch_workers_output = yes
Additionally/alternately, you could tune the particular vhost conf to include various FastCGI parameters that could help mitigate your issue. Here is what I have on a demanding Drupal site under Nginx (especially the buffers):
Code: [Select]
        fastcgi_pass unix:/opt/alt/php-fpm82/usr/var/sockets/username.sock;
        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
        try_files $fastcgi_script_name =404;
        fastcgi_index    update.php;
        include              fastcgi_params;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;
        # Block httpoxy attacks. See https://httpoxy.org/.
        fastcgi_param HTTP_PROXY "";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_intercept_errors on;

349
PHP / Re: When will PHP 8.4 be released in CWP?
« on: August 07, 2025, 01:17:37 AM »
We'll GoFundYou a case of Cokes...

350
PHP / Re: When will PHP 8.4 be released in CWP?
« on: August 06, 2025, 02:43:25 PM »
Starburst maintains an "anti-changelog" about PHP versions currently available on CWP, and their current status vs. current releases of PHP. You could watch that thread for more details about PHP 8.4:
https://forum.centos-webpanel.com/php/anti-change-log/

351
I would suggest zeroing out your log files to free up disk space, then going forward implement logrotate to keep them at a manageable size:
Code: [Select]
truncate -s0 /path/to/log

352
Nginx / Re: [proxy_fcgi:error] AH01071
« on: August 05, 2025, 08:34:27 PM »
That's a definite possibility; did you sanitize your known infections? Here's a quick-n-dirty way using the locate DB (which may not be current, but should be within 24 hours):
Code: [Select]
rm -if $(locate defauit.php) && rm -if $(locate nbpafebaef.jpg)But another possibility is erroneous permissions on the user account in question. Can you run the User Accounts -> Fix Permissions routine?

353
Yes, the FileManager exploit at issue here was patched 2 weeks ago by the dev team. Make sure you are updating CWP regularly and then do triage/collateral damage clean up if you were infected. My AlmaLinux servers didn't seem to have taken on anything, nor had a hold-out CentOS 7.9 system running nginx as the web server (with the admin panel running on an alternate port).

354
So, it's time to changed it to FirewallD+Fail2ban with a GUI. Also, we were using CXS as antivirus. Because ClamAV does not have better option to cleanup infected file. From admin panel we can only scan for infected file but there have no option to cleanup or remove the files. So, need a solution of it as well.
In addition to CWP, you could look at Cockpit and Webmin to add-on to your servers to have GUI interfaces for firewalls, fail2ban, and ClamAV. I have all 3 installed on my servers. (Belt, suspenders, and helium balloons hold up my pants...)

355
Well, that came outta nowhere. But I do believe that just as nature abhors a vaccuum, so too does open source software. Some project will step in an fill in the gap. Maybe cPanel could donate some of their $$$ in monthly fees to support new infrastructure for an open version.

It's already forked on GitHub:
https://github.com/Aetherinox/csf-firewall?tab=readme-ov-file

356
E-Mail / Re: Addons for anti-spam..
« on: July 30, 2025, 09:02:17 PM »
Spamhaus (free API key) and rspamd (free to start for basic services) are effective. Also, just tuning Postfix for anti-UCE will get you miles down the road.

357
Installation / Re: Error when updating vhosts with an ip change
« on: July 30, 2025, 03:09:59 PM »
Code: [Select]
grep 2083 /usr/local/cwpsrv/logs/access_log | less

358
Installation / Re: Error when updating vhosts with an ip change
« on: July 30, 2025, 12:08:26 PM »
/var/log/cwp_client_login.log especially. Other ones to take note of:
Code: [Select]
/var/log/cwp_client_login.log
/var/log/cwp/account_transfer.log
/var/log/cwp/accounting.log
/var/log/cwp/accounting_debug.log
/var/log/cwp/activity.log
/var/log/cwp/api.log
/var/log/cwp/autossl.log
/var/log/cwp/cwp_allautossl_sslmod.log
/var/log/cwp/cwp_api.log
/var/log/cwp/cwp_backup.log
/var/log/cwp/cwp_cron.log
/var/log/cwp/cwp_renew_autossl_bulk.log
/var/log/cwp/cwp_sslmod.log
/var/log/cwp/migration_cpanel.log
/var/log/cwp/migration_cwptocwp.log
/var/log/cwp/migration_cwptocwp_mig.log
/var/log/cwp/services_action.log
/var/log/cwp/token.log
/var/log/cwp/webservers.log

359
Updates / Re: Roundcube vulnerability
« on: July 30, 2025, 10:54:28 AM »

360
In the server-world, blindly following advice & installing scripts from people with a total of ONE post on this forum is the equivalent of taking candy from strangers.

If you keep your server updated, this was fixed 2 weeks ago by the CWP dev team. And by now if the perpetrators have any sense, the IOC has changed and it won't do any good to look for files named those strings.

Pages: 1 ... 22 23 [24] 25 26 ... 127