Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - sal

Pages: [1]
1
It's the way cwp staff will force you to upgrade.

The problem is that the upgrade is not possible without having serious issues(search the forum and you will see).

To avoid the message and restore the login page, login to your ssh shell and do as it follows:


Code: [Select]
cd /usr/local/cwpsrv/htdocs/
Code: [Select]
rm -rf admin
Code: [Select]
mv admin_disabled admin

now the login page is back, but soon it will be replaced again with the error message and you will be forced to follow the procedure each time you want the login page back, so to keep it alive, you have to issue the following command:


Code: [Select]
cd /usr/local/cwpsrv/htdocs/
Code: [Select]
chattr +a admin
now the admin folder cannot be modified or deleted even by root user and the login page will stay on line.

to unprotect the admin folder, you'll have to issue the following command:

Code: [Select]
chattr -a admin
This is a temporary solution, also if you want to keep using cwp in the future, the only option is to contact support and pay cwp staff for the upgrade.

Also check on line exploit databases like

https://0day.today/search?search_request=centos+web+panel

to be sure that your version is safe.




2
Updates / Re: Error in control panel
« on: March 01, 2018, 04:25:05 PM »
It's the way cwp staff will force you to upgrade.

The problem is that the upgrade is not possible without having serious issues(search the forum and you will see).

To avoid the message and restore the login page, login to your ssh shell and do as it follows:


Code: [Select]
cd /usr/local/cwpsrv/htdocs/
Code: [Select]
rm -rf admin
Code: [Select]
mv admin_disabled admin

now the login page is back, but soon it will be replaced again with the error message and you will be forced to follow the procedure each time you want the login page back, so to keep it alive, you have to issue the following command:


Code: [Select]
cd /usr/local/cwpsrv/htdocs/
Code: [Select]
chattr +a admin
now the admin folder cannot be modified or deleted even by root user and the login page will stay on line.

to unprotect the admin folder, you'll have to issue the following command:

Code: [Select]
chattr -a admin
This is a temporary solution, also if you want to keep using cwp in the future, the only option is to contact support and pay cwp staff for the upgrade.

Also check on line exploit databases like

https://0day.today/search?search_request=centos+web+panel

to be sure that your version is safe.




3
CentOS 6 Problems / Re: CentOS6 Upgrade
« on: February 25, 2018, 06:40:29 PM »
ok thank you,
it's not a problem for me doing the upgrade manually, but i can't find a place with step by step instructions on how to do it.
I can open the .sh script to see what the script will do, but it should be much better if you will put some clear guide(or please point me to it if it already exists).
Main issues are
  • missing ssl configuration(can,t login to cwp with previous ssl settings too)
  • missing apache, php,, nginx and whatever related configuration
i don't see any solution other than switch to another panel and also i'm not suggesting cwp because of this.

you should check the upgrade scripts, this is a big upgrade and this can go wrong as in the new version and all new software is installed and you could have issues with website down if this would be automated, taking all that into consideration the best and securest way is to do update manually when you have a free time to do that and deal with possible issues.

As said before notification about security issues and urgent upgrade requirement is more than a few months "flashing RED" as a critical issue in your cwp admin panel at the top.

As mentioned in the upgrade message of your cwp we are here to help to get to latest upgrade and to have your server more secure.
Security and stability will be our main focus and soon we will be releasing many new upgrades and security tools.

Clients with the latest versions have probably noticed that we are relasing a few new versions per day as we are making many new integration changes.

4
CentOS 6 Problems / Re: CentOS6 Upgrade
« on: February 23, 2018, 04:27:00 PM »
thank you for the information, is it reported elsewhere what are the security issues?
The problems i have encountered after the upgrade are mostly related to messed up server configuration, messed up firewall, messed up apache configuration, messed up mail server, so it requires big time updating on a production server and trying to restore configuration.
Possibly if i'll keep using cwp, i'll install the new version on a fresh server and will import the cwp users and web sites on it, this is at the moment the most safe procedure i can think of.
About the warning message inside the control panel, i have seen it, this is another thing that looked a bit unprofessional, because it is visible by all users and it never stated that the panel will be unavailable soon, sorry but this is not a good behavior in my opinion.
I don't have updated because there is not a working script and the manual procedure doesn't work right.
If the security issues are serious and update doesn't work, then i'll have to switch to a different panel.

you have the notification in cwp.admin in "red alert" box more than a few months now.

You need to do this upgrade as version 0.9.8.15x is very old and has security issues which were fixed a long time ago.
Also, each cwp version has expire date so you can't run it forever as it will be unusable soon and then you will have an error and no notification about upgrade needed.

5
CentOS 6 Problems / Re: CentOS6 Upgrade
« on: February 22, 2018, 01:23:01 PM »
this morning my customers started asking why they can't login to the panel and why they see a message about upgrading, this is not something to be shown to everybody, but server admin.
I have not upgraded yet due to several problems happened after i tried it some months ago and i have had to restore the server from a backup.
I also subscribed for the pro service to avoid problems like this,but it happened anyway without any previous communication.

If you are in the same boat as me and want to re-enable the cwp login, follow these instructions:

1. login to your shell
2. cd /usr/local/cwpsrv/
3. cp -r htdocs htdocs_backup
4. cd htdocs
5. mv admin admin_backup
6. mv admin_disabled admin

now you should be able to login again

if something goes wrong you can restore to the previous state by

1. rm -rf /usr/local/cwpsrv/htdocs

2. mv /usr/local/cwpsrv/htdocs_backup /usr/local/cwpsrv/htdocs

i'm not saying that users must not upgrade to new version, but at the moment it looks very dangerous doing it on a live server without having issues to be solved later.



WHAT the f****


This server needs to be upgraded by using this instruction!
http://forum.centos-webpanel.com/centos-6-problems/centos6-upgrade/

For assistance, you can contact our support at:
http://centos-webpanel.com/contact

I DONT WONT UPDATE

As a workaround you can go to /usr/local/cwpsrv/htdocs/ and swap the 'admin' and 'admin_disabled' folder names.
Do a backup of entire htdocs before doing this

6
CentOS-WebPanel Bugs / Re: root password can be used with any other user
« on: August 15, 2015, 09:31:05 PM »
ok, found this on the wiki

http://wiki.centos-webpanel.com/how-can-root-login-as-a-user

so it's not a bug, it's a feature to allow root user to login as user.

7
CentOS-WebPanel Bugs / root password can be used with any other user
« on: August 15, 2015, 12:18:49 AM »
Just discovered what i wrote in the subject, any user can login with the root password.
Shouldn't be a big issue, possibly it's not a feature, so i posted here.
Sal

Pages: [1]