Recent Posts
51
CSF Firewall / Re: Firewall off in cwp panel
« Last post by setecabanas on October 15, 2025, 02:47:09 PM »I have tried to install a new server with Almalinux 9
So, in a fresh installation same problem. But it is not important, only affects cwp panel
So, in a fresh installation same problem. But it is not important, only affects cwp panel
Code: [Select]
[root@s3 almalinux]# csf -e
csf and lfd are not disabled!
[root@s3 almalinux]#
[root@s3 almalinux]#
[root@s3 almalinux]# systemctl start csf
[root@s3 almalinux]# systemctl start lfd
[root@s3 almalinux]# systemctl enable csf
[root@s3 almalinux]# systemctl enable lfd52
MySQL / Re: root myql password
« Last post by overseer on October 15, 2025, 01:13:35 PM »You should remove your current MariaDB 10.6 and install 10.11 (LTS version). This will preserve your DB and get you to a current, supported version:
https://www.alphagnu.com/topic/23-upgrade-mariadb-1011-in-cwp-centos-7-centos-8-stream-almalinux-78-rockylinux-78/
https://www.alphagnu.com/topic/23-upgrade-mariadb-1011-in-cwp-centos-7-centos-8-stream-almalinux-78-rockylinux-78/
53
MySQL / Re: root myql password
« Last post by setecabanas on October 15, 2025, 12:26:23 PM »I think the problem is other: I've broken my MySQL installation 
I think I'll have to reinstall everything.
Thanks anyway
Code: [Select]
[root@s3 mysql]# systemctl status mariadb
× mariadb.service - MariaDB 10.6.23 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; disabled; preset: disabled)
Drop-In: /etc/systemd/system/mariadb.service.d
└─migrated-from-my.cnf-settings.conf
Active: failed (Result: exit-code) since Wed 2025-10-15 12:23:52 UTC; 3s ago
Docs: man:mariadbd(8)
https://mariadb.com/kb/en/library/systemd/
Process: 16501 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
Process: 16502 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= || VAR=`/usr/bin/galera_recovery`; [ $? -eq 0 ] && systemctl set-environment _WSREP_START_POSITION=$VAR || exit 1 (code=e>
Process: 16510 ExecStart=/usr/sbin/mariadbd $MYSQLD_OPTS $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION (code=exited, status=1/FAILURE)
Main PID: 16510 (code=exited, status=1/FAILURE)
Status: "MariaDB server is down"
CPU: 140ms
Oct 15 12:23:52 s3 mariadbd[16510]: 2025-10-15 12:23:52 0 [ERROR] InnoDB: Plugin initialization aborted with error Generic error
Oct 15 12:23:52 s3 mariadbd[16510]: 2025-10-15 12:23:52 0 [Note] InnoDB: Starting shutdown...
Oct 15 12:23:52 s3 mariadbd[16510]: 2025-10-15 12:23:52 0 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
Oct 15 12:23:52 s3 mariadbd[16510]: 2025-10-15 12:23:52 0 [Note] Plugin 'FEEDBACK' is disabled.
Oct 15 12:23:52 s3 mariadbd[16510]: 2025-10-15 12:23:52 0 [ERROR] Could not open mysql.plugin table: "Unknown storage engine 'Aria'". Some plugins may be not loaded
Oct 15 12:23:52 s3 mariadbd[16510]: 2025-10-15 12:23:52 0 [ERROR] Failed to initialize plugins.
Oct 15 12:23:52 s3 mariadbd[16510]: 2025-10-15 12:23:52 0 [ERROR] Aborting
Oct 15 12:23:52 s3 systemd[1]: mariadb.service: Main process exited, code=exited, status=1/FAILURE
Oct 15 12:23:52 s3 systemd[1]: mariadb.service: Failed with result 'exit-code'.I think I'll have to reinstall everything.
Thanks anyway
54
MySQL / Re: root myql password
« Last post by overseer on October 15, 2025, 10:42:52 AM »That script seems to be outdated and shouldn't be used. Please use this guide instead:
https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password
https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password
55
CSF Firewall / Re: Firewall off in cwp panel
« Last post by setecabanas on October 15, 2025, 08:29:49 AM »thanks
56
MySQL / root myql password
« Last post by setecabanas on October 15, 2025, 08:20:47 AM »Hello,
I change root mysql password by mistake and now:
My server is with Almalinux 9 and
Mariadb Ver 15.1 Distrib 10.11.14-MariaDB
I try to edit this script to adapt:
However the problem is not solved
Could you help me?
ERROR 1348 (HY000) at line 1: Column 'Password' is not updatable
How can I adapt the code -> /scripts/mysql_pwd_reset so that this error doesn't occur and the password changes correctly?
I change root mysql password by mistake and now:
Code: [Select]
Warning: mysqli_connect(): (HY000/1045): Access denied for user 'root'@'localhost' (using password: YES) in /usr/local/cwpsrv/htdocs/resources/admin/include/functions.php on line 0
Warning: mysqli_connect(): (HY000/1045): Access denied for user 'root'@'localhost' (using password: YES) in /usr/local/cwpsrv/htdocs/admin/admin/index.php on line 0
Trying to start mysql server, please wait!
Try to restart Control Web Panel with command: sh /scripts/restart_cwpsrv
**Check your MySQL root password in: /usr/local/cwpsrv/htdocs/resources/admin/include/db_conn.php and /root/.my.cnf
You can reset the MySQL root password fast with this command: /scripts/mysql_pwd_reset -q
Warning: mysqli_error() expects exactly 1 parameter, 0 given in /usr/local/cwpsrv/htdocs/admin/admin/index.php on line 0
Could not connect:My server is with Almalinux 9 and
Mariadb Ver 15.1 Distrib 10.11.14-MariaDB
I try to edit this script to adapt:
Code: [Select]
/scripts/mysql_pwd_reset Quote
Enter MySQL root password (NO special characters): Yaj0ahLvXm
Shutting down any mysql processes...
Resetting password... hold on
--------------
UPDATE mysql.user SET Password=PASSWORD('Yaj0ahLvXm'),Authentication_string=PASSWORD('Yaj0ahLvXm') WHERE user='root'
--------------
ERROR 1348 (HY000) at line 1: Column 'Password' is not updatable
Cleaning up...
Password reset has been completed
New MySQL root password: Yaj0ahLvXm
However the problem is not solved
Could you help me?
ERROR 1348 (HY000) at line 1: Column 'Password' is not updatable
How can I adapt the code -> /scripts/mysql_pwd_reset so that this error doesn't occur and the password changes correctly?
57
How to / Safe method to reset SQL system related passwords without service disruption
« Last post by pedromidiasf on October 14, 2025, 09:50:11 PM »Is there a safe way to change the passwords for these SQL users without disrupting the system?
mysql
postfix
root
roundcube
I can see that all of them (except roundcube) have their own Linux user accounts, but it seems they don’t have passwords set. So I assume changing (or adding) the system password won’t have much effect.
I could use phpMyAdmin to change their passwords, but that might risk disabling services I rely on.
I see that I'm able to change these passwords by the admin panel, but I'm afraid to do it without knowing how it will end up! Is it safe for these users to change their password?
Is there an internal script available to safely reset these passwords?
mysql
postfix
root
roundcube
I can see that all of them (except roundcube) have their own Linux user accounts, but it seems they don’t have passwords set. So I assume changing (or adding) the system password won’t have much effect.
I could use phpMyAdmin to change their passwords, but that might risk disabling services I rely on.
I see that I'm able to change these passwords by the admin panel, but I'm afraid to do it without knowing how it will end up! Is it safe for these users to change their password?
Is there an internal script available to safely reset these passwords?
58
DKIM / Re: I'm a bit lost
« Last post by pedromidiasf on October 14, 2025, 09:36:32 PM »Thank you 
59
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« Last post by pedromidiasf on October 14, 2025, 08:55:25 PM »robots.txt (revaluation)
Many of my websites contain robots.txt files that appear to be used to expose compromised websites (when you open it, it notifies the attacker). These files include a reference to a “sitemap” that actually points to an exploited file (index.php). If Googlebot or another search-bot fetches that sitemap, it could automatically reveal the infected website to the attacker. The attacker have put search bots in work for him (smart, I must say).
Every index.php file referenced by these robots.txt files appears to be infected at the top. Below the infection lies your original code (but double check it!!!).
Note that simply deleting the robots.txt files is not enough! You also must carefully inspect and clean every affected index.php file. Make sure to thoroughly check each robots.txt file, as the infection may vary between them and you might end up losing the infected index.php file.
An infected index.php file is still useful to the attacker! The robots.txt is just a complement.
SSH command to search all robots.txt files:
Many of my websites contain robots.txt files that appear to be used to expose compromised websites (when you open it, it notifies the attacker). These files include a reference to a “sitemap” that actually points to an exploited file (index.php). If Googlebot or another search-bot fetches that sitemap, it could automatically reveal the infected website to the attacker. The attacker have put search bots in work for him (smart, I must say).
Every index.php file referenced by these robots.txt files appears to be infected at the top. Below the infection lies your original code (but double check it!!!).
Note that simply deleting the robots.txt files is not enough! You also must carefully inspect and clean every affected index.php file. Make sure to thoroughly check each robots.txt file, as the infection may vary between them and you might end up losing the infected index.php file.
An infected index.php file is still useful to the attacker! The robots.txt is just a complement.
SSH command to search all robots.txt files:
Quote
find /home -type f -name "robots.txt"
60
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« Last post by pedromidiasf on October 14, 2025, 08:20:31 PM »Thank you for proving my point. There are also png looking files containing malicious code with random filename but they are rare. Probably result of an interrupted code with an exception.
Haven't found images that were encoded.
But I have a clean backup, I'll compare both and then I post the results here.
I have a few images that didn't match but because they weren't there before. They are not infected. You might have been infected before. Sending an image with php code inside a website is not hard to do. Hard is to make it executable (by changing it's extension for example).
Do you still have a file of those so I can obfuscate it to see what's inside? If so, leave the link so I can download it.
