This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Information / Re: Ebury trojan on all of my CWP servers
« on: May 28, 2024, 08:09:53 PM »uf..great...
was that ever addresed by CWP team, or?
This most likely won't be something addressed by CWP, at least, the removal of trojan itself. I do hope CWP team has identified and fixed the exploit which allowed this trojan to be installed. Most likely Ebury was injected into CWP hosts via a CWP vulnerability over the years. Come to find out my system has Ebury installed, and most likely has been like that for years undetected.
Malicious DLLs were found in the following locations,
- /usr/lib64/libkeyutils.so.1.5
- /usr/lib64/libkeystats.so
With a (duplicated) running process of,
- /usr/lib/systemd/systemd-udevd
With an open UNIX socket at,
- UDEV-4kAmkRW3
2
Apache / Re: Apache Compiler
« on: August 16, 2022, 08:02:57 PM »
When can we expect to see 2.4.54 available for compilation? 2.4.54 was released 2 months ago on 2022-06-08
3
Apache / Re: Vulnerability apache 2.4.49 || (NVD)CVE-2021-41773
« on: December 28, 2021, 11:37:02 PM »Is there an update on this? There is now a newer version of Apache (2.4.52) which fixes the flaw that can lead to remote code execution. Can we manually update apache without breaking CWP Panel?
An update seems to have been pushed today - CWPpro version: 0.9.8.1109 (up from 0.9.8.1108)
This has added 2.4.51 and 2.4.52 to the apache re-rebuild section.
Thank you to the team for resolving this. Hopefully we see updates pushed more quickly as they're released
4
Apache / Re: Vulnerability apache 2.4.49 || (NVD)CVE-2021-41773
« on: December 21, 2021, 05:57:39 PM »2.4.51 is part of rpm...so you need to check if you rpm's are updated
CWP interface is updated via RPM (cwp-httpd); Webservers are built from source. 2.4.51 is not available in the list to build from source.
5
Apache / Re: Vulnerability apache 2.4.49 || (NVD)CVE-2021-41773
« on: December 20, 2021, 10:08:27 PM »
Any update on bringing back 2.4.51? I was previously able to compile 2.4.51 from the interface, but it has now been removed and yet to be brought back
6
CentOS-WebPanel GUI / Unable to view Custom SSL (User)
« on: July 28, 2021, 07:26:07 PM »
When users attempt to access the user panel "Domains -> Custom SSL" page it just infinitely loads in the browser. We are experiencing this on two independently installed systems. The following are the only messages that could be found regarding the issue,
CWPpro version: 0.9.8.1078
CloudLinux 8.4
CWPpro version: 0.9.8.1078
CentOS Linux 7
Code: [Select]
/usr/local/cwp/php71/var/log
CWPpro version: 0.9.8.1078
CloudLinux 8.4
Code: [Select]
[28-Jul-2021 11:54:28] WARNING: [pool ec2] child 2965173 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: sslwizard in /usr/local/cwpsrv/var/services/user_files/modules/cwp_framework/traits/DashboardExtraVarsTrait.php on line 0"
CWPpro version: 0.9.8.1078
CentOS Linux 7
Code: [Select]
[28-Jul-2021 18:59:31] WARNING: [pool ec2] child 761 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: sslwizard in /usr/local/cwpsrv/var/services/user_files/modules/cwp_framework/traits/DashboardExtraVarsTrait.php on line 0"
Pages: [1]