Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - itmonitor

Pages: [1]
1
Informations / CWP "Danger hidden processes" message will not go away
« on: April 23, 2019, 07:28:14 AM »
Hi!

Every time I log into CWP Panel, there is this message "Danger: Hidden Processes - SECURITY ISSUE". I click on the hyperlink "here" and it opens a page where I click the green button "Enable Protection". I do this for every user listed in the drop-down menu in this CWP Panel page. I click on the X to close the warning message "Danger: Hidden Processes - SECURITY ISSUE" will never go away. On testing each user, all have Status Active Permanent Enabled.

However, when I login into the CWP Panel the next day, there it is again the warning message "Danger: Hidden Processes - SECURITY ISSUE". I check the users, all are Permanent Enabled.

Please, any advice to fix this issue is welcome.

rgs.

2
Informations / How to enable CWP Panel packages auto update
« on: April 13, 2019, 09:24:23 AM »
Hi, please how to enable packages autoupdate for CWP Panel?

3
Apache / HSTS in CWP
« on: April 10, 2019, 03:21:43 PM »
Hi! Not sure this is the right forum. Could anybody point me to instructions on how to setup HSTS in CWP?

Any advice is welcome.

Rgs

IM

4
Hello. We are trying to install AutoSSL certificates through CWP. After some trials and with the help of the Let's Encrypt support, seems like CWP is merging the cert.pem and fullchain.pem . This results in duplicate SSL installs for a domain and increases website load time. Please, see the thread here https://community.letsencrypt.org/t/lets-encrypt-outlook-office-365-target-principal-name-is-incorrect/88942/6

also, when installing an AutoSSL certificate through CWP, it will install but will not display in the CWP SSL cert list page.

On my side, I am ready to cooperate with CWP to find/solve any bugs - if any.

Any advice to solve those issues is welcome.

IM

5
Mod_Security / OWASP is triggering on Roundcube login in CWP
« on: March 14, 2019, 08:39:20 PM »
Hi!

OWASP triggers on a xss attack and blocks email sending/forwarding in Roundcube. It will work only when I disable mod_security. Please, any advice to sole this issue is welcome.

Code: [Select]
[Thu Mar 14 21:17:20.802643 2019] [:error] [pid 22926:tid 140178286909184] [client 95.90.228.143:1153] [client 95.90.228.143] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\ballowscriptaccess\\\\b|\\\\brel\\\\b\\\\W*?=" at ARGS:_message. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "304"] [id "973301"] [rev "2"] [msg "XSS Attack Detected"] [data "Matched Data: rel= found within ARGS:_message: <p>test</p>\\x0d\\x0a<div id=\\x22_rc_sig\\x22>&nbsp;</div>\\x0d\\x0a<p>&nbsp;</p>\\x0d\\x0a<p>el 2019-03-14 13:27, ;:</p>\\x0d\\x0a<blockquote><!-- html ignored --><!-- head ignored --><!-- meta ignored -->\\x0d\\x0a<div class=\\x22pre\\x22>gracias, cual es el numero del booking del cami&oacute;n y el numero del contenedor? no los encuentro en el fichero que me enviaste.<br /> <br /> <br /> j. sobota <br /> aksert <br /> t: +49 6132 977197 | f: +4..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.www.www
"] [uri "/webmail/"] [unique_id "xxx"], referer: http://xxx.xxx.xxx/webmail/?_task=mail&_action=compose&_id=15578827575c8ab6cb5ce70

6
Postfix / force postfix email to SSL
« on: March 14, 2019, 07:47:59 PM »
Hi,

is there a way to force SSL for all emails in Postfix? The present config is below, but I can still setup and use a non-SSL email:

# authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

Any help is appreciated.


7
Informations / CWP email send on login
« on: March 13, 2019, 11:59:35 PM »
Hello,

please, how to setup CWP to send an email every time someone login into it?

rgs

IM

8
Installation / Adding CAA record on CWP
« on: March 11, 2019, 09:00:48 PM »
Hello,

How to add a CAA record on CWP? Is it through a CNAME, TXT, PTR or other? Where do I add it in CWP.

Any advice is welcome

rgs

9
Installation / Splitting Email with CWP
« on: March 08, 2019, 09:58:51 AM »
Hello.

We are thinking about moving from WHM into CWP. However, our emails have a particular setting: from the 10 emails we have 9 are processed in the server using Exim and 1 is split and goes through Office 365 as we have a plan there for this one email.

The email split is done at Exim level at WHM. CWP has no Exim, I think. Questions:

1. Does Exim can be installed with CWP?
2. Alternatively, is there a way to split emails using the CWP native email services?

Any advice is welcome.

Rgs

IM

Pages: [1]