This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
16
FTP / Re: unable to connect via ftp
« on: March 15, 2022, 11:44:05 PM »
What's in your logs (just the last lines) when you issue the following command?:
Regards,
Netino
Code: [Select]
# grep 'pure-ftpd' /var/log/messages
Regards,
Netino
17
CentOS 7 Problems / Re: PureFTP TLS problem
« on: March 15, 2022, 11:39:10 PM »
What is your configuration for the following parameters?:
TLS
TLSCipherSuite
CertFile
Regards,
Netino
TLS
TLSCipherSuite
CertFile
Regards,
Netino
18
PHP / PHP SECURITY VULNERABILITY => Urgent update to version 7.4.28, 8.0.16 and 8.1.3
« on: February 19, 2022, 08:52:13 PM »
Irony alert! PHP fixes security flaw in input validation code
https://nakedsecurity.sophos.com/2022/02/18/irony-alert-php-fixes-security-flaw-in-input-validation-code/
What to do?
If you’re a PHP user, update to 8.1.3. If you haven’t yet shifted to the 8.1 flavour of PHP, two other earlier branches are still supported: 8.0 needs upgrading to 8.0.16, and 7.4 needs upgrading to 7.4.28.
The problem here is these updates are not available to make these updates in CWP.
Regards,
Netino
https://nakedsecurity.sophos.com/2022/02/18/irony-alert-php-fixes-security-flaw-in-input-validation-code/
What to do?
If you’re a PHP user, update to 8.1.3. If you haven’t yet shifted to the 8.1 flavour of PHP, two other earlier branches are still supported: 8.0 needs upgrading to 8.0.16, and 7.4 needs upgrading to 7.4.28.
The problem here is these updates are not available to make these updates in CWP.
Regards,
Netino
19
CentOS-WebPanel Bugs / Re: Problem with VARNISH config files .... and CWP update to new version
« on: January 28, 2022, 02:51:00 AM »
I just right now installed a new CWP server, and had this problem too. (503 backend error)
For some reason, the CWP install script didn't install the correct file '/etc/varnish/default.vcl'.
The content of the installed file is the original file from the varnish distribution, without any modification, and is proxying to 127.0.0.1 on port 8080, which does not exist.
So, to fix the problem, just change the '/etc/varnish/default.vcl' file, removing its content and replacing it with the following content:
Regards,
Netino
For some reason, the CWP install script didn't install the correct file '/etc/varnish/default.vcl'.
The content of the installed file is the original file from the varnish distribution, without any modification, and is proxying to 127.0.0.1 on port 8080, which does not exist.
So, to fix the problem, just change the '/etc/varnish/default.vcl' file, removing its content and replacing it with the following content:
Code: [Select]
vcl 4.0;
backend default { .host = "107.191.125.119"; .port = "8181";}
include "/etc/varnish/conf.d/vhosts.conf";
Regards,
Netino
20
Apache / Re: WebServers Domain Configuration Reset
« on: January 15, 2022, 10:57:55 PM »(...)
At the moment I have this on that file:
{
"nginx_template-type": "default",
"nginx_template-name": "laravel-force-https",
"apache_template-type": "default",
"apache_template-name": "laravel",
"nginx": true,
"php-cgi": true,
"apache-additional": true
}
And it's working, this is a very strange bug, I saw lots of posts on the forum about the same, and any official solution.
Did you try to check if you reall have .tpl and .stpl files.?
Use the command:
Code: [Select]
find /usr/local/cwpsrv/htdocs/resources/conf/web_servers | grep laravel
21
CentOS-WebPanel GUI / Re: Mod_Security's Security incidents wrong IP
« on: January 15, 2022, 10:43:38 PM »(...)
have you tried installing v3?
No. I'm using Comodo rules, and don't know if they are compatible.
https://github.com/SpiderLabs/ModSecurity/issues/1962
22
CentOS 7 Problems / Re: Problems with Mail Service
« on: January 15, 2022, 10:37:51 PM »
Isn't an open relay, as mxtoolbox.com is not reporting this.
(Check here: https://mxtoolbox.com/diagnostic.aspx)
You don't clarify the volume of E-mail messages being sent from your server, but it seems several messages are being sent.
If you don't recognize these messages being sent, then most likely some user has had their password compromised, and neither Antispam nor Antivirus will stop this. You need to find out who the user is, and change the password to a stronger password, and more than that, find out how it was compromised, and prevent it from being compromised again.
That's an art.
The art of managing an internet server.
So, you need to verify who the authenticating user is to make this submission. You can start by trying to identify on the server who has authenticated to perform this sending, with the following command:
Try to discover a line just right before the first sending attempt.
(Check here: https://mxtoolbox.com/diagnostic.aspx)
You don't clarify the volume of E-mail messages being sent from your server, but it seems several messages are being sent.
If you don't recognize these messages being sent, then most likely some user has had their password compromised, and neither Antispam nor Antivirus will stop this. You need to find out who the user is, and change the password to a stronger password, and more than that, find out how it was compromised, and prevent it from being compromised again.
That's an art.
The art of managing an internet server.
So, you need to verify who the authenticating user is to make this submission. You can start by trying to identify on the server who has authenticated to perform this sending, with the following command:
Code: [Select]
# grep 'auth=1' /var/log/maillog
Try to discover a line just right before the first sending attempt.
23
Apache / Re: WebServers Domain Configuration Reset
« on: January 14, 2022, 10:10:33 PM »
I don't know if is really the same problem as yours, but I had this type of problem when forgetting to check the mark "Rebuild WebServers conf for domain on save".
Did you already checked the content of the configuration file?:
Did you already checked the content of the configuration file?:
Code: [Select]
# cat /home/user/.conf/webservers/DOMAIN.conf
24
Apache / Re: Apache vhosts configuration
« on: January 14, 2022, 09:53:39 PM »
To begin to know what happens, is needed to know the diretory listing of the templates (ls -alF /path).
25
PHP Selector / Re: Fresh install on CentOS 7 PHP version switcher erroring out.
« on: January 14, 2022, 09:27:12 PM »
Perhaps are you trying to compile PHP version "7.3.0"..?!
This is a very old version, PHP 7.3 current branch is in version 7.3.33...!!
This is a very old version, PHP 7.3 current branch is in version 7.3.33...!!
26
E-Mail / Re: X-Envelope-From and From different
« on: January 14, 2022, 09:14:58 PM »
It may be that you have a specific E-mail where the sender is trying to confuse the recipient, but this cannot be concluded from E-mail senders. Me, for example, use it this way, X-Envelope-From is different from Mime-From, for the same domain, for historical and convenience reasons, and they are absolutely legitimate E-mails.
=>Envelope From (RFC5321)
Used by the SMTP server to generate NDR (Non-Delivery Report)
Used by SPF filter to determine if it came from the designated IP address.
=>Mime Header From (RFC5322)
Used by the email client to display information in the From field.
Used by DMARC filter to confirm if the message is authentic
Also, there are many legitimate reasons for the envelope sender and the From header not to match.
Rejecting mails based on that is not a good idea.
Anyway, if you need, you must implement through DKIM and DMARC policies.
Check this page to do it, and know the notices:
https://support.google.com/a/answer/10032169?hl=en
=>Envelope From (RFC5321)
Used by the SMTP server to generate NDR (Non-Delivery Report)
Used by SPF filter to determine if it came from the designated IP address.
=>Mime Header From (RFC5322)
Used by the email client to display information in the From field.
Used by DMARC filter to confirm if the message is authentic
Also, there are many legitimate reasons for the envelope sender and the From header not to match.
Rejecting mails based on that is not a good idea.
Anyway, if you need, you must implement through DKIM and DMARC policies.
Check this page to do it, and know the notices:
https://support.google.com/a/answer/10032169?hl=en
27
Dovecot / Re: Error: autoexpunge: Couldn't create dovecot.autoexpunge.lock lock: file_create_l
« on: January 13, 2022, 08:41:55 PM »
Sorry, but nothing is possible to solve with a "Disk Quota Exceeded" error message.
Solve that problem, and try again.
Solve that problem, and try again.
28
Apache / Re: Performance
« on: January 13, 2022, 08:38:40 PM »
This is too much specific to your platform (memory available, speed machine, etc.) and profile of your users (heavy acessed? heavy memory use? etc).
It's literally impossible to suggest values to these parameters.
But you can start by the suggestion of this file:
/usr/local/apache/conf/extra/httpd-mpm.conf
After trying the above values, you should fine-tune your configuration to the desired performance profile.
It's literally impossible to suggest values to these parameters.
But you can start by the suggestion of this file:
/usr/local/apache/conf/extra/httpd-mpm.conf
Code: [Select]
# event MPM
# StartServers: initial number of server processes to start
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestWorkers: maximum number of worker threads
# MaxConnectionsPerChild: maximum number of connections a server process serves
# before terminating
<IfModule mpm_event_module>
StartServers 3
MinSpareThreads 75
MaxSpareThreads 250
ThreadsPerChild 25
MaxRequestWorkers 400
MaxConnectionsPerChild 0
</IfModule>
After trying the above values, you should fine-tune your configuration to the desired performance profile.
29
Information / Re: Cannot log into my cPanel
« on: January 13, 2022, 08:26:37 PM »
Try logging in, and then immediately issue the following command:
Post the results here.
Code: [Select]
tail -20 /usr/local/cwpsrv/logs/error_log
Post the results here.
30
Apache / Re: Performance
« on: January 12, 2022, 09:17:21 PM »(...)
Since MPM is turned off by default in httpd.conf
No. It's enabled the module "mpm_event".
Check with:
Code: [Select]
# /usr/local/apache/bin/apachectl -M | grep -i mpm
Quote
(...)
Current setup is Nginx -> Apache -> PHP-FPM 7.xx
Besides Apache settings should i change any other settings to better utilize the resources?
Thanks in advance
The MPM Event is needed to run PHP-FPM.
You can choose another MPM just with PHP-CGI.
It is a Apache module/PHP limitation.
Surely, PHP-FPM have a superior performance, included with Nginx<->Varnish<->Apache, but you can have different problems with greedy caching with Varnish.
Your choice.