Messages

91

CentOS-WebPanel GUI / Re: *Security token failed* message at login

« on: December 16, 2021, 11:49:17 PM »

Seems your server was configured to login with a security token.
You must check /var/log/messages file, or dmesg command to search for details.

Regards,
Netino

92

E-Mail / Re: How to Rebuild Postfix Mail Server

« on: December 16, 2021, 11:45:49 PM »

Seems you have a problem in yum or RPM database.

Try:
https://www.tecmint.com/rebuild-corrupted-rpm-database-in-centos/

Regards,
Netino

93

Problems on other RedHat linux servers / Re: PHP Defender nowhere to be found

« on: December 16, 2021, 11:33:46 PM »

Yes, it is installed in panel, "Security" >> "Security Center".
It is simply installed choosing "Basic", "Intermediate" or "Advanced" levels.
Simply by clicking on "install" and that's it.

You must have login on the panel to see that.

(While reading your post, I installed in two servers, it is just very simple)

Regards,
Netino

94

CSF Firewall / Re: Spamhaus in CSF Firewall

« on: December 16, 2021, 09:41:08 PM »

Thanks
One thing, yesterday I try block specific countries on CSF Firewall, but after that my websites are very slow
I have one website with A score on Gtmetrix, and now have F score
Any idea?

To block countries, you must use the "Country Code Lists and Settings" section of '/etc/csf/csf.conf'.
There you must choose the database that will be used to find the countries for each IP address, MaxMind or db-ip, ipdeny, iptoasn.

Keep in mind that searching for the country of each IP address has a cost on the overall performance of the system too.
Each connection to your server must be searched by the country code.
Read that section to get informed.

95

E-Mail / Re: smtpauth not working for me.

« on: December 16, 2021, 12:53:03 AM »

The same logic is too valid for dovecot.
Check if you have the following, at the end of the file '/etc/dovecot/dovecot.conf':

Code: [Select]

!include_try /etc/dovecot/sni.conf
...and check the content of the file '/etc/dovecot/sni.conf' for your ssl domains.

96

CentOS 7 Problems / Re: log4j security issue

« on: December 15, 2021, 10:38:53 PM »

The best article I could find about it was this:
https://www.infoworld.com/article/3644492/how-to-detect-the-log4j-vulnerability-in-your-applications.html

You can check your server with 'syft':
https://github.com/anchore/syft

If there is any java jar class on your server, it should be checked with 'grype':
https://github.com/anchore/grype

Regards,
Netino

97

E-Mail / Re: smtpauth not working for me.

« on: December 15, 2021, 10:28:39 PM »

So you have problem with SNI configuration in postfix.
Check you have the following configuration enabled in /etc/postfix/main.cf :

Code: [Select]

tls_server_sni_maps = hash:/etc/postfix/vmail_ssl.map
...and make sure all domains you have (included 'mail.grannydriver.com') in the file '/etc/postfix/vmail_ssl.map'.

98

CSF Firewall / Re: Spamhaus in CSF Firewall

« on: December 15, 2021, 10:14:14 PM »

Yes.
Check the file '/etc/csf/csf.blocklists'. You can enable three lists:
SPAMDROP
SPAMEDROP
SPAMDROPV6


Regards,
Netino

99

CSF Firewall / Re: Firewall Disabled (CSF cannot be started suddenly)

« on: December 10, 2021, 11:18:39 PM »

(...)
However, I have installed a whole new server and the CSF there is running well, but it is not banning anything. The file /var/lib/csf/csf.tempban is empty

The file csf.tempban is just for temp bans.
Did you try to temp block any address, or permanent block?

100

CentOS 7 Problems / Re: Clients cannot login - uerror

« on: December 09, 2021, 11:35:33 PM »

(...)
How to check if /home/USER/tmp/ is locked?
(...)

To just check if you have your files locked, issue the following command:

Code: [Select]

# lsattr /home/USER/tmp/
Regards,
Netino

101

E-Mail / Re: smtpauth not working for me.

« on: December 09, 2021, 11:28:12 PM »

Your server is responding with domain "www.grannydriver.com", not "mail.grannydriver.com":

Code: [Select]

# openssl s_client -crlf -servername mail.grannydriver.com -connect mail.grannydriver.com:465
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = www.grannydriver.com
verify return:1
---
Certificate chain
 0 s:/CN=www.grannydriver.com
   i:/C=US/O=Let's Encrypt/CN=R3
 1 s:/C=US/O=Let's Encrypt/CN=R3
   i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
 2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAy1c+T30Hq0QxG1AgMrf/eb2MA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTEyMDYxMzI2NDVaFw0yMjAzMDYxMzI2NDRaMB8xHTAbBgNVBAMT
FHd3dy5ncmFubnlkcml2ZXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA5LJVpmxdDxioBXUQs3CHZEHvrHK1iHgyZ3NDj2XMdNBkae1TroZgEiJH
nb4wo2XRfCYlZu4iLCmd86sjnwO8xjI4VLQylvoKAYBllWgXUy9sc7nRYNo5pWiP
fKshcAjyeHtIkfX9KFYnpBQqqGdgk+QPnZG89OPAZdhmasl0airdvZ3BR1KFpEDH
9oEzOIN9lZxCuOTxAdUzbhDzI9svMwi6/NVHKEeNS/+5pO05tvCRZ7D41miDx62g
Fu5ayg+i3JtrucpLIMp6Vxd3koh6sN9Roq3QoZuCUU07Bs9UE7aYFpUcxeRclcu1
B/ZATL6D4UK3YrkxaAS+BAmVXOt1BQIDAQABo4ICdjCCAnIwDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
MB0GA1UdDgQWBBS1wiCY1ZdYvJu2oG9RJPJVtEP0CjAfBgNVHSMEGDAWgBQULrMX
t1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0
dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVu
Y3Iub3JnLzBIBgNVHREEQTA/ghBncmFubnlkcml2ZXIuY29tghVtYWlsLmdyYW5u
eWRyaXZlci5jb22CFHd3dy5ncmFubnlkcml2ZXIuY29tMEwGA1UdIARFMEMwCAYG
Z4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMu
bGV0c2VuY3J5cHQub3JnMIIBAgYKKwYBBAHWeQIEAgSB8wSB8ADuAHUAQcjKsd8i
RkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAF9kCPPlQAABAMARjBEAiBkbDdF
4bK2bsm5rbZR4gBM7R5piXWC3RC3FVMXhBsGzgIgaOgWnvdAOKUWgzZvSgt9gtE/
3WrpA8ujgFvx69acX8oAdQApeb7wnjk5IfBWc59jpXflvld9nGAK+PlNXSZcJV3H
hAAAAX2QI8+IAAAEAwBGMEQCIB+R6SC4K8ZnaLx2bfXgUR7cSF7tuSv/OlEGiO25
hXi1AiBZz/CWruKNuk1t1wzFRAFwimFwxMa15syTkLg2RKawQzANBgkqhkiG9w0B
AQsFAAOCAQEAgEtCO6DqfOVGCXueRtj3+6qfsL7xqPcsFn/yXDV1pronetiHpHMr
hzew5C81guGslzHtLaMHbh6DGGE4hkdYgfGn7NF9EQ4DHO1muuvoJGeFef8SJOln
DRq2CY+qlgPct0uhuJAwGP6tpssr6KGD3Lnkd2qFcOa7dDVmzTelLQeJ1wBIZwYo
HCJv+VhIEzBxNBuNf+UJjtGWbJGYhz/bcAUf4w+Kc1/1ED5na2w2jeTW6wnAAq/O
QSulyYBEtVakt4D0jGkATrFf0C3yFMuBQkm37PGxVPFiF59wh4gqjinRwM88zNub
u6A9Nlxi6yyqpGLVUUqO93bmmDb7yCRIpw==
-----END CERTIFICATE-----
subject=/CN=www.grannydriver.com
issuer=/C=US/O=Let's Encrypt/CN=R3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4751 bytes and written 445 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 521A1C63857F51F18148ECE661E290716C20E600C947D8FDA9F4FAA12FEB89CD
    Session-ID-ctx:
    Master-Key: 8F4BA1D0A7D47069BB9A1E006D4C5BDE7A2EFEF24022042038EDFD49DF272B53A4676C66407D018E3C2D76D593E2ED21
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - b7 51 6e e1 c0 5b 8e 4a-92 3d 84 6d ec be f2 fb   .Qn..[.J.=.m....
    0010 - be 9f 39 4e 6c 15 70 93-a5 e3 59 32 cb f9 fa bc   ..9Nl.p...Y2....
    0020 - 51 d6 8c 21 88 64 da d8-1d bc f3 02 d9 6d f5 bc   Q..!.d.......m..
    0030 - 90 62 d0 a6 f9 03 52 c5-c3 b1 b5 30 37 68 e2 f3   .b....R....07h..
    0040 - 6d 39 97 f8 b2 51 ab 20-4e c0 99 2d b2 61 32 7b   m9...Q. N..-.a2{
    0050 - 0e a1 2a ad 66 8e 83 1b-08 5c d2 e3 99 69 0b 03   ..*.f....\...i..
    0060 - 66 fc d1 fb d0 a2 33 c9-47 27 d1 da 2f 4a a6 11   f.....3.G'../J..
    0070 - fa a0 59 4c 0e 5f 41 dd-80 cc f5 a8 c0 bc e3 74   ..YL._A........t
    0080 - 7a 31 44 96 94 4b b5 29-cf e4 0c 4b ad 58 af f7   z1D..K.)...K.X..
    0090 - a3 68 4d 2a 40 2a d4 d2-57 99 38 e0 8c d1 c1 d7   .hM*@*..W.8.....
    00a0 - 72 28 20 67 8c ca ff 68-68 ab 01 be 48 80 9c 44   r( g...hh...H..D
    00b0 - c1 b6 49 12 bb 99 9a 81-8e b5 85 de 9e 57 e2 b1   ..I..........W..

    Start Time: 1639091792
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
220 server.companiondriver.com ESMTP Postfix
quit
221 2.0.0 Bye
closed

This suggests that you need to configure a additional certificate, for "mail.grannydriver.com", in addition to other domains you use.

Regards,
Netino

102

SSL / Re: how to enable nginx QUIC HTTP/3?

« on: December 09, 2021, 11:08:30 PM »

Would you like to know how to enable http2 + quic in nginx?
(...)
is someone already using it?

Cool!

This may be a site configuration problem.

Check you site is using correct templates, in CWP panel at "WebServer Settings -> WebServers Main Conf" for config all sites in your server, or "WebServer Settings -> WebServers Domain Conf" for a specific site config. These two menus rebuild configuration to use the correct certificate locations in your server.

Regards,
Netino

103

SSL / Re: Broken Chain intermediate certs

« on: December 09, 2021, 10:49:38 PM »

Try to manually upgrade openssl with the following excellent tutorial (by enabling TLS 1.3):
https://www.mysterydata.com/how-to-enable-tls-1-3-in-apache-on-cwp-control-web-panel-centos-7-centos-8-el7-el8/

Regards,
Netino

104

CSF Firewall / Re: Firewall Disabled (CSF cannot be started suddenly)

« on: December 09, 2021, 10:46:16 PM »

I had problems with upgraded csf yesterday, in temp bans.

What output you have for the following command?:

Code: [Select]

csf -r
If you have problems too with temp bans, check your file: /var/lib/csf/csf.tempban

The format of this file must be:
$time|$ip|$port|$inout|$timeout|$message

If you see something strange there, correct it, and restart your firewall.

Code: [Select]

csf -r
Regards,
Netino

105

Updates / Re: yum nginx update failed

« on: November 20, 2021, 07:39:27 PM »

The problem probably you have two repositories for nginx binaries (possibly CentOS and nginx repositories).

I had the exact same problem, and was needed to remove and downgrade the nginx version to a working version:

Code: [Select]

# yum remove nginx
# yum install nginx-1.20.1-1.el7.ngxMay be needed remove other nginx packages too.

A *serious* problem:
Be careful and make sure you have the configuration file backed up ('/etc/nginx/nginx.conf'), because it will erase that file.
You will need to restore this file from backup, to keep the new downgraded binary nginx working.

Regards,
Netino