Messages

646

CentOS-WebPanel Bugs / Re: When registering a new user, The username is limited to 8 characters.

« on: May 29, 2023, 02:12:48 PM »

CWP imposes the 8 character limitation, just as cPanel used to (and cPanel is something of the spiritual father/reference platform for CWP). But the command line useradd utility can do up to 32 characters. I haven't tested to see if you do an end-run around CWP and it would respect the longer user name. But my suspicion is it would truncated it to 8 char because of the need for longer permutations for MySQL user + DB names: username_dbname. Perhaps this will be something they fix when they start offering EL9 support later this year or next year. AlmaLinux 9, here we come!

647

E-Mail / Re: postfix sending email every minute

« on: May 29, 2023, 02:07:15 PM »

Yes, cyberspace mentioned the most common vector for spam sending on servers -- an insecure php script that gets exploited/abused to send bulk UCE (unsolicited commercial e-mail). I'm sorry I neglected to mention the possibility in my response, because that's the most common vector these days. In fact, that's the only mail abuse I've seen on my servers is via a malicous php script implanted via a WordPress vulnerability. You may want to consider closing off the php mailer vector altogether and require ONLY authenticated SMTP on the server for mail sending. It depends on your situation, but really I would say generally that using the php mailer functionality is "lazy coding" and you should only use SMTP AUTH for accounting purposes -- it's clear who is sending what and everything is logged.

648

CentOS-WebPanel GUI / Re: CWP Pro proposing gdb-headless updates when not needed

« on: May 28, 2023, 08:01:41 PM »

CWP is just a frontend for YUM, so it is just presenting whatever suggestions yum is recommending for update. If you don't need gdb-headless, consider removing it. I recommend NOT running any unnecessary services on your server, as it just serves to increase your attack surface. Better to run lean an nimble and only install what you absolutely need.

649

CentOS 6 Problems / Re: GUI for CentOS WHM!!

« on: May 28, 2023, 07:57:26 PM »

What's with these AI bot responses lately? Are they trainers for ChatGPT?

[That was not about Igor; it was about some AI Bot response that is now deleted.]

650

CentOS 6 Problems / Re: GUI for CentOS WHM!!

« on: May 28, 2023, 12:47:41 PM »

What's with these AI bot responses lately? Are they trainers for ChatGPT?

651

E-Mail / Re: postfix sending email every minute

« on: May 27, 2023, 05:26:51 PM »

By your log, it looks to be agendada, UID 1010
Try running:

Code: [Select]

id 1010to find the associated account. Then go into your admin panel and rate limit the amount of mail messages the account can send in an hour, to contain collateral damage while you investigate.

I would seriously consider enacting some Postfix rate limiting restrictions as well in /etc/postfix/main.cf:

Code: [Select]

##//delivery rate controls/restrictions
# Parrallel delivery force (local=2 and dest=20 are aggressive)
local_destination_concurrency_limit = 6
default_destination_concurrency_limit = 30
# Max flow rate (1 sec delay per 50 emails/sec over the number of emails delivered/sec)
in_flow_delay = 1s
# Tarpit those bots/clients/spammers who send errors or scan for accounts
smtpd_error_sleep_time = 10s 
smtpd_soft_error_limit = 5
smtpd_hard_error_limit = 10
# limit max sends per minute
anvil_rate_time_unit = 60s
smtpd_client_event_limit_exceptions = $mynetworks
smtpd_client_recipient_rate_limit = 30
smtpd_client_message_rate_limit = 30


652

E-Mail / Re: zombie attack target email account

« on: May 27, 2023, 05:17:15 PM »

And have you hardened your postfix installation to prevent relaying? Pay particular attention to the $mynetworks and $relay_domains directives. Do you have UCE controls properly implemented in Postfix? Don't trust the defaults -- they are just a starting point. You should be much more restrictive than what CWP provides as an initial basis.

653

CentOS-WebPanel Bugs / Re: Apache rebuild doesn't work (again) and workaround

« on: May 26, 2023, 10:43:28 PM »

What version of Apache are you looking for? 2.4.56?

As a quick test, I can curl their older Apache 2.2.27 script:

Code: [Select]

curl -O https://dl1.centos-webpanel.com/files/c_scripts/apache-2.2.27.sh

654

Apache / Re: /usr/local/apache/conf.d/vhosts/domain.ssl.conf gets overwritten

« on: May 26, 2023, 10:29:29 PM »

Code: [Select]

sudo chattr +i /usr/local/apache/conf.d/vhosts/testdomain.nl.ssl.confto make changes, remove the immutable bit:

Code: [Select]

sudo chattr -i /usr/local/apache/conf.d/vhosts/testdomain.nl.ssl.conf

655

DNS / Re: CWP Can't add “One” domain name

« on: May 26, 2023, 10:16:09 PM »

How is your DNS infrastructure set up? Do you use the default CWP DNS servers, or something different? (I use Cloudflare as my NS.)

656

CentOS 7 Problems / Re: Malware found

« on: May 26, 2023, 02:00:57 PM »

Are you running rkhunter to check for a root kit?

Also look for FritzFrog and Ebury:
https://srvfail.com/check-clean-ebury-ssh-rootkit/

657

E-Mail / Re: zombie attack target email account

« on: May 26, 2023, 01:00:08 AM »

Are your SPF and DMARC DNS records set up properly to restrict sending to your own domain and server IP address?

658

CSF Firewall / Re: I need Suggestion

« on: May 25, 2023, 02:14:25 PM »

If you or your customers only do commerce within your own country, or know for sure you don't need access to some regions (eg southeast Asia), you can use CSF to block entire countries in /etc/csf/csf.conf:

Code: [Select]

CC_DENY = "CN,KP,VN"Do a search and see what are the top 10 hacking countries and include those in the block list.

659

How to / Re: How to manage hard drive space without losing data

« on: May 25, 2023, 02:07:11 PM »

The answer to the original question is "very carefully." I have done this on two different servers, using both fdisk (for hard partitions) and lvs resizing techniques (easier/safer). Obviously you are using LVM, and as an aside, I prefer my disk layout to all be one under / (meaning one LVM managed volume -- /dev/mapper/centos7-root -- I don't need the separate /dev/mapper/centos7-home partition. I only feel that is needed if you need it to reside on different storage or foresee expanding /home ad infinitum, or I suppose your backup requirements were specialized.

At any rate, do a FULL backup before proceeding. Be aware if you mess up, you will crash your server.
https://linuxhandbook.com/resize-lvm-partition/

660

Other / Re: how to disable cwp , cpanel ,pma short

« on: May 25, 2023, 01:56:07 PM »

You would have to edit your existing vhost files and the controlling template, going forward. What web server do you use (apache or nginx)?