Recent Posts
1
PHP Selector / Unable to compile ANY version with PHP Switcher and Selector / FPM selector
« Last post by crouso on Today at 12:43:52 PM »Hello,
just upgraded my CWP version to Pro to be able to switch easy between php versions.
On first installation - some time ago - i decided for php version 7.4.33 for compatibily reasons.
Now i wanted to install new sub-domain for a service which requires php >8.2.
After upgrading to pro, i tried to compile with the php selector version 8.2.28 - not working , also i can not compile a fpm version.
Then i tried to change the main version from 7.4.33 to 8.2 - it compiles (like the selectors did) with the end message
Also some errors in the log:
I am running CWP Pro on AlmaLinux8 - everything updated all the time.
I contacted the support why i can not compile ANY other version - someone tried to solve it, but it did not work.
Now they want me to pay for support - for getting what i am paying for the pro version...
just upgraded my CWP version to Pro to be able to switch easy between php versions.
On first installation - some time ago - i decided for php version 7.4.33 for compatibily reasons.
Now i wanted to install new sub-domain for a service which requires php >8.2.
After upgrading to pro, i tried to compile with the php selector version 8.2.28 - not working , also i can not compile a fpm version.
Then i tried to change the main version from 7.4.33 to 8.2 - it compiles (like the selectors did) with the end message
Code: [Select]
Build Completed
###################
Error:Can't add notification!Also some errors in the log:
Code: [Select]
Package openldap-devel-2.4.46-21.el8_10.x86_64 is already installed.
Error: Unable to find a match: compat-openldap openldap-servers-sql
ln: failed to create symbolic link '/usr/lib/libldap.so': File exists
ln: failed to create symbolic link '/usr/lib/libldap_r.s': File exists
checking for BZ2_bzerror in -lbz2... no
configure: error: bz2 module requires libbz2 >= 1.0.0
make: *** No targets specified and no makefile found. Stop.
make: *** No rule to make target 'install'. Stop.
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
checking target system type... x86_64-pc-linux-gnu
configure: error: Cannot find php-config. Please use --with-php-config=PATH
make: *** No targets specified and no makefile found. Stop.
make: *** No rule to make target 'install'. Stop.
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
Package ImageMagick-perl-6.9.13.25-1.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
chdir: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
Cloning into 'imagick'...
/usr/local/cwpsrv/htdocs/resources/conf/el8/php_selector/external_modules/8.2/imagick.sh: line 8: /opt/alt/php82/usr/bin/phpize: No such file or directory
ln: failed to create symbolic link '/usr/local/include/ImageMagick': File exists
/usr/local/cwpsrv/htdocs/resources/conf/el8/php_selector/external_modules/8.2/imagick.sh: line 10: ./configure: No such file or directory
cat clean.sh >clean
chmod a+x clean
make: *** No targets specified and no makefile found. Stop.
make: *** No rule to make target 'install'. Stop.
I am running CWP Pro on AlmaLinux8 - everything updated all the time.
I contacted the support why i can not compile ANY other version - someone tried to solve it, but it did not work.
Now they want me to pay for support - for getting what i am paying for the pro version...
2
CentOS 8 Problems / Re: how to connect Github repository by domain user
« Last post by overseer on Today at 12:24:47 PM »Try to contact the project owner/lead developer on GitHub. Open an issue there and see if you get a response or some activity on the project. It looked dormant when I looked at it. I will check with a web dev who is using GitHub for a site on one of my servers.
3
Backup / Re: Can't locate diagnostics.pm in @INC (you may need to install th....
« Last post by overseer on Today at 12:21:43 PM »Is your server defaulted to perl 5.26 or 5.32?
If you want to change your perl version, you can do:
Code: [Select]
dnf module list perlIf you want to change your perl version, you can do:
Code: [Select]
sudo dnf module reset perl
sudo dnf module enable perl:5.32But be advised that you will experience conflicts if you change the default perl version from what came with your system. Some perl modules only support 5.24, some 5.26, and some 5.32.4
Installation / Re: I don't receive a single message from root..??
« Last post by overseer on Today at 12:16:57 PM »Keep backups of your main config files (postfix, dovecot, apache, nginx) and vhost definition files. Assume that rebuilding mail & web servers will nuke your changes -- so have a backup to replace the default or merge back in your changes. But you shouldn't ever have to change those once the server is set up.
5
New Modules / Re: [MODULE] NEW GIT DEPLOY MODULE FOR CWP
« Last post by uma on Today at 11:38:34 AM »Yes, not appearing in domain user panel even after follow steps which also confirmed two to three times.
Any update on this script?
Any update on this script?
6
CentOS 8 Problems / Re: how to connect Github repository by domain user
« Last post by uma on Today at 11:37:12 AM »@overseer
Tried https://github.com/pro-cms/cwp-git-deployer
but it is not working as posted by other users too at https://forum.centos-webpanel.com/new-modules/module-new-git-deploy-module-for-cwp/
Any guideline highly appreciated and requested.
Tried https://github.com/pro-cms/cwp-git-deployer
but it is not working as posted by other users too at https://forum.centos-webpanel.com/new-modules/module-new-git-deploy-module-for-cwp/
Any guideline highly appreciated and requested.
7
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« Last post by kandalf on Today at 10:47:30 AM »You’re absolutely right to be concerned — and I believe we may be dealing with two distinct but related security issues.
Issue 1: File Manager Vulnerability (Confirmed)
As already pointed out, the filemanager.php module in CWP seems to allow arbitrary file upload to any user account, as long as the attacker can guess the username. This is a critical flaw in access control and should be treated as a top-priority zero-day vulnerability.
This alone explains how attackers managed to inject malicious files like defauit.php or nbpafebaef.jpg across multiple accounts.
➡️ Temporary mitigation: Disable or rename the file:
/usr/local/cwpsrv/var/services/user_files/modules/filemanager.php
I’ve renamed it to filemanager.php.disabled to block access while waiting for an official fix.
Issue 2: Lateral File Injection via /tmp (Needs confirmation)
What’s particularly concerning is that on my server, all user accounts had identical malicious files — including accounts with no websites or activity.
I found two suspicious scripts in /tmp/:
• /tmp/.auto_monitor: Contains code to iterate over all user accounts and drop malicious files
• /tmp/.tmp_baf: A payload later renamed per user as defauit.php
The auto_monitor script appears to loop through /home/*/public_html/ and replicate the payload across accounts.
Now, here’s the key problem:
Even if filemanager.php was used to inject a file into one account, it doesn’t explain how the malware was then able to write to other accounts — unless:
1. The injected script gained elevated privileges or exploited a weak configuration
2. Some CWP service or cron is running PHP scripts from /tmp under a shared or root context
3. There’s a misconfigured global process that allows cross-account write access from within user space
This part needs deeper analysis. But the implications are very serious:
Even a single compromised account could lead to full lateral infection.
Issue 1: File Manager Vulnerability (Confirmed)
As already pointed out, the filemanager.php module in CWP seems to allow arbitrary file upload to any user account, as long as the attacker can guess the username. This is a critical flaw in access control and should be treated as a top-priority zero-day vulnerability.
This alone explains how attackers managed to inject malicious files like defauit.php or nbpafebaef.jpg across multiple accounts.
➡️ Temporary mitigation: Disable or rename the file:
/usr/local/cwpsrv/var/services/user_files/modules/filemanager.php
I’ve renamed it to filemanager.php.disabled to block access while waiting for an official fix.
Issue 2: Lateral File Injection via /tmp (Needs confirmation)
What’s particularly concerning is that on my server, all user accounts had identical malicious files — including accounts with no websites or activity.
I found two suspicious scripts in /tmp/:
• /tmp/.auto_monitor: Contains code to iterate over all user accounts and drop malicious files
• /tmp/.tmp_baf: A payload later renamed per user as defauit.php
The auto_monitor script appears to loop through /home/*/public_html/ and replicate the payload across accounts.
Now, here’s the key problem:
Even if filemanager.php was used to inject a file into one account, it doesn’t explain how the malware was then able to write to other accounts — unless:
1. The injected script gained elevated privileges or exploited a weak configuration
2. Some CWP service or cron is running PHP scripts from /tmp under a shared or root context
3. There’s a misconfigured global process that allows cross-account write access from within user space
This part needs deeper analysis. But the implications are very serious:
Even a single compromised account could lead to full lateral infection.
8
Mod_Security / Re: OWASP CRS v4.15.0 Just Release
« Last post by mind5t0rm on Today at 10:43:02 AM »That's very helpful because I plan to update the OWASP rules to the latest version and we are hosting various websites.
Thanks.
Thanks.
9
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« Last post by mind5t0rm on Today at 10:40:15 AM »Thanks for that.
I'm wondering (maybe it sounds stupid) but if a malware can elevate their permissions to "root" level, then file uploads would be the least of my concern?
Else how can the malware read, write, or execute anything on this file if it is under 644 root ownership?
Again it might sound stupid. Newbie here.
I'm wondering (maybe it sounds stupid) but if a malware can elevate their permissions to "root" level, then file uploads would be the least of my concern?
Else how can the malware read, write, or execute anything on this file if it is under 644 root ownership?
Again it might sound stupid. Newbie here.
10
PHP / Re: FYI - ionCube Release new loaders 13.3.0
« Last post by venty on Today at 06:52:48 AM »Hi,
Many thanks to Starburst for this post...
His last post on the subject:
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/ioncube-error-after-building-php-8-3-with-cwp-on-almalinux-8-9/
but should I do it on the condition that I will not be using PHP 8.3 for now?
BR
Venty
Many thanks to Starburst for this post...
His last post on the subject:
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/ioncube-error-after-building-php-8-3-with-cwp-on-almalinux-8-9/
but should I do it on the condition that I will not be using PHP 8.3 for now?
BR
Venty
