Messages

586

Suggestions / Re: CWP Plugin Store

« on: July 01, 2023, 02:10:17 AM »

And a workable product than some of us use to manage servers & run live sites...

587

Updates / Re: How to upgrade the OS

« on: June 30, 2023, 08:45:52 PM »

My plan (for spring 2024) on my CentOS 7.9 VMs will be to spin up a new AlmaLinux 9 VM and install CWP. According to the devs, they are working on EL9 support and I am hopeful it will be ready to go next spring, before the coming EOL apocalypse. Since the 2 VMs will reside on the same physical machine, it should be comparatively quick to do a CWP migration from VM to VM. Then a final rsync after the fact, pause the CentOS 7 VM, change the IP of the AlmaLinux 9 VM to be the IP of the CentOS 7 VM and spin it up. This will require no DNS reconfiguration. Obviously, I'll be watching the landscape as things progress this winter & next spring and block out a low traffic weekend (perhaps over US holidays) to enact the server switchovers.

588

Postfix / Re: SASL LOGIN authentication failed: UGFzc3dvcmQ6 hk.

« on: June 30, 2023, 01:30:31 PM »

This is done vis CSF, not directly in postfix. In /etc/csf/csf.conf

Code: [Select]

CC_DENY = "CN,KP,RU,NG"To increase the LFD lockout limits on IMAP, POP, and SMTP:

Code: [Select]

# [*]Enable login failure detection of SMTP AUTH connections
LF_SMTPAUTH = "20"
LF_SMTPAUTH_PERM = "1"

# [*]Enable login failure detection of pop3 connections
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
LF_POP3D = "25"
LF_POP3D_PERM = "1"

# [*]Enable login failure detection of imap connections
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
LF_IMAPD = "25"
LF_IMAPD_PERM = "1"
And you were looking for this directive for permanent blocking:

Code: [Select]

###############################################################################
# SECTION:Temp to Perm/Netblock Settings
###############################################################################
# Temporary to Permanent IP blocking. The following enables this feature to
# permanently block IP addresses that have been temporarily blocked more than
# LF_PERMBLOCK_COUNT times in the last LF_PERMBLOCK_INTERVAL seconds. Set
# LF_PERMBLOCK  to "1" to enable this feature
#
# Care needs to be taken when setting LF_PERMBLOCK_INTERVAL as it needs to be
# at least LF_PERMBLOCK_COUNT multiplied by the longest temporary time setting
# (TTL) for blocked IPs, to be effective
#
# Set LF_PERMBLOCK to "0" to disable this feature
LF_PERMBLOCK = "1"
LF_PERMBLOCK_INTERVAL = "86400"
LF_PERMBLOCK_COUNT = "4"
LF_PERMBLOCK_ALERT = "1"
Also consider setting up postscreen for postfix, as it will help "screen" your SMTP connections and stop junk connections right at the gate:
https://www.awsmonster.com/how-to-secure-postfixdovecot-on-cwp

And while you're there, do a little more light reading:
https://www.awsmonster.com/postfix-tuning-guide

589

Postfix / Re: SASL LOGIN authentication failed: UGFzc3dvcmQ6 hk.

« on: June 30, 2023, 04:41:25 AM »

Take a look at country code blocking. I block the 5 biggest spam sending sources -- none of my clients do business with these countries: RU, CN, KP, NG, {Bulgaria, Poland, Brazil have also been big culprits on my servers, but it tends to come in waves}. There is a case to allow for China due to Alibaba allowing direct vendor contact with potential customers -- if that's something your clients engage in.

The IP in your example resolves to GB, so that may be from a botnet or it may be a legit hacking attempt from GB, which I have seen on my servers. I just can't block a huge swath of Europe, due to my clients communicating with people there and potential site visitors from there.

590

Postfix / Re: SASL LOGIN authentication failed: UGFzc3dvcmQ6 hk.

« on: June 29, 2023, 01:56:50 PM »

You will find that banning after 2 attempts will lock out your own customers who enter their password incorrectly and then the client auto-retries periodically. In my CSF config, I have a much higher threshold for POP, IMAP, and SMTP AUTH failures -- 10 or 25. Especially given the default checking frequency (5 mins) for Thunderbird, I have had numerous clients lock themselves out with firewall bans in just the space of an hour or less. Now I have to unblock clients far less frequently with a higher threshold.

591

Information / Re: RH plan to kill RHEL clones

« on: June 29, 2023, 02:46:39 AM »

I'm sorry, but I'm not seeing a looming apocalypse on the horizon. I'm not believing that the sky is falling anytime soon.
Can you share more insight as to what your concerns are?

592

E-Mail / Re: ip rotation

« on: June 27, 2023, 02:03:41 PM »

I have never done this, because I have never had more than 3 IPs assigned to a server and in that case I assign one to the host and 1 to each VM. The only rotation I have done is swapping the VMs around on the static IPs to help with mail delivery after one client shot themselves in the foot with an account compromise and harmed the reputation of the server.

Find out what IPs are assigned to your server:

Code: [Select]

ip a
ifconfig -aI would suspect you only have one IP assigned and active on your server.

593

CentOS-WebPanel Bugs / Re: webpages is halted by the combination of NGINX and PHP-FRM

« on: June 27, 2023, 12:14:58 AM »

You mean you're not seeing the fastcgi_buffer lines in your Nginx vhost conf? It's because I added them in for tuning purposes.

Code: [Select]

fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;

594

CentOS-WebPanel Bugs / Re: export database error in phpmyadmin

« on: June 26, 2023, 06:38:40 PM »

The only problem with not sharing info publicly is that then we don't have a knowledge pool from which to draw and infer solutions. So then you are driving others toward paid support. I have had all of one paid ticket, back several years ago during a cPanel migration. Since then, it's been a learning adventure but I am basically self-supported now. It does help not to stray too far from the defaults and what the kit provides -- then it's easier to diagnose issues as they come up.

595

CentOS-WebPanel GUI / Re: [Feature Request] Use A Full Apache Status

« on: June 26, 2023, 02:10:28 PM »

I implemented this on my CWP apache server after the other thread brought it out; the only change I made was to make the icon an arrow so it matched the others -- a "power button" icon didn't make sense to me:

Code: [Select]

<?php include('/usr/local/cwpsrv/htdocs/resources/admin/include/configserver.php'); ?>
<script type="text/javascript">
        $(document).ready(function() {
                var newButtons = ''
                +' <li>'
                +' <a href="?module=apache_status"><span aria-hidden="true" class="icon16 icomoon-icon-arrow-right-3"></span>Apache Accesses</span></a>'
                +'</li>';
                $("ul#mn-3-sub").prepend(newButtons);
        });
</script>

596

CentOS 7 Problems / Re: The connection is disconnecting

« on: June 26, 2023, 02:04:41 PM »

I replied. A couple of notes here for the benefit of others:

If you don't need active FTP, close down port 20 on the firewall and open up a passive range, something like 49000-50000. Also make sure you are running TLS connections ONLY with pure-ftpd:
https://wiki.centos-webpanel.com/how-to-install-tls-for-ftp
You may want to consider switching to SFTP instead, but that depends on your clients and how much trust is there.

I would suggest switching from port 2030 for admin to SSL ONLY: block port 2030 on the firewall and allow port 2031. CWP has had active security holes that have been exploited, so best to keep everything TLS/SSL and not run anything on plain HTTP. Also consider switching ports because security through obscurity does gain you something, particularly keeping you more stealth from people doing Shodan scans for ports 2030-2031.

Your main CWP test page loads, but none of the other sites that resolve to your server currently load. So that points not to a firewall issue, but a HTTP server vhost configuration issue, or perhaps a php-fpm problem.

597

CentOS 7 Problems / Re: The connection is disconnecting

« on: June 25, 2023, 01:40:31 PM »

If you want to PM me your server IP address or main domain, I can test remotely to see if it is accessible or if it periodically is inaccessible. Otherwise, given the scant details, it's hard to know how to help you troubleshoot from afar.

598

Information / Re: CWP AWSTATS

« on: June 25, 2023, 04:09:45 AM »

I'll give you my recommendation: Webalizer. I switched to it years ago and never looked back. AWStats was klunky by comparison. Webalizer is fast and detailed and strikes a good balance of info (very high, intuitive) vs. performance cost (very low).

599

CentOS-WebPanel Bugs / Re: webpages is halted by the combination of NGINX and PHP-FRM

« on: June 24, 2023, 03:39:14 PM »

I added in the fastcgi tuning specifically for the Drupal installation, but some of the principles apply to WP sites, particularly loaded ones. You need to look for the block in your Nginx vhost conf that includes your php-fpm socket:

Code: [Select]

/opt/alt/php-fpm74/usr/var/sockets/user.sockAnd that's where you put in the fastcgi tuning directives (buffers, timeouts).

600

CentOS 7 Problems / Re: The connection is disconnecting

« on: June 24, 2023, 03:30:57 PM »

MikroTik is a router hardware company... I run one of their hEX gigabit routers. So I am puzzled what you mean, unless you are simply talking about their Winbox software, which shouldn't affect your connection or CentOS server...