81
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« Last post by djprmf on October 08, 2025, 02:48:13 PM »Since this WAS a vulnerability in CWP, there is no point in considered that if a server was affected, there is no backdoor still installed.
The report is here: https://fenrisk.com/rce-centos-webpanel
So, if you are still in a server that have been compromised, there is no way around to know what have been done. Remove the files can be suficient, sure. But you don't know if anything else was compromised.
The information that this is a fault from PHP, WordPress or some script in the user server are not true. If you see the files stated in the first message in your accounts, your server was exploited due to the CWP vulnerability.
Also: we are still waiting for any information related to this by the CWP team.
The report is here: https://fenrisk.com/rce-centos-webpanel
So, if you are still in a server that have been compromised, there is no way around to know what have been done. Remove the files can be suficient, sure. But you don't know if anything else was compromised.
The information that this is a fault from PHP, WordPress or some script in the user server are not true. If you see the files stated in the first message in your accounts, your server was exploited due to the CWP vulnerability.
Also: we are still waiting for any information related to this by the CWP team.
82
Information / Re: Is CWP still maintained?
« Last post by djprmf on October 08, 2025, 02:41:11 PM »Again, the PHP Injection Attack, had nothing to do with CWP.
But happened to older servers that where not updated and their PHP hardened.
PHP Injection Attacks are common by script kiddies. And just don't happen to CWP.
GoDaddy's servers are constantly getting hacked, which are using Amazon AWS. lol
There are several articles out there on has to secure you php.ini config.
That is NOT true.
The issue WAS a vulnerability in CWP. Is NOT fault from the users.
https://fenrisk.com/rce-centos-webpanel
https://gbhackers.com/centos-web-panel-vulnerability/
So not, wasn't the users fault. it WAS a vulnerabilty in CWP.
83
Information / Re: Is CWP still maintained?
« Last post by djprmf on October 08, 2025, 02:36:16 PM »Kinda bittersweet though—since this should’ve already been taken care of by CWP themselves.
And that is the point.
@Starburst
No one is saying that CSF closure was CWP fault... makes no sense...
What i was saying is that CWP is not providing a clear information about anything. And you are proving that.
Again: yes, there was a update recently in CWP. But you know what was updated? I bet you can't provide anything that confirm WHAT has been updated, besides the version number in your panel. That IS the point.
The vulnerability in CWP. No one talks about it? Let it go under the rug in silence?
That is NOT how the development of a control panel should go... I still dont see ANY information about it. Yes, was patched, but was silently patched - that is worrying.
And the plans for CSF... you are proving my point there again.
Yes, the guides can be great, but they are NOT from the CWP team itself, are from a third party. It is concerning when is a third party that must start to provide information about basic things, and not the developers of the control panel itself.
And even more, your guides can help... but do we know you? Who are you exactly?
You are providing guides to make critical changes in our systems, that some people without knowledge follow... and yes, the could work. But your guides provide your own mirrors, with your own code in the mix.
How do we know that we can trust you and your code?
Some people will follow your guides, without knowing what are they doing.
And you can be a great person, don't get me wrong. You appear to be here to help... but we are in the internet....
I look at your guides, and they are ok - but i would be worry to use code that is in a unknown mirrror. Would be better if CWP team provide those instead? Yes, it will, because at least CWP we know...
84
Updates / Re: Yum Updates
« Last post by anandmys on October 08, 2025, 11:01:30 AM »While following the step
rpm --nodeps -ev MariaDB-server
got
error: package MariaDB-server is not installed
But continued. Looks like the issue is resolved
Thank you
rpm --nodeps -ev MariaDB-server
got
error: package MariaDB-server is not installed
But continued. Looks like the issue is resolved
Thank you
85
Installation / Re: Public beta of CWP for AlmaLinux 9 Available
« Last post by overseer on October 08, 2025, 10:46:33 AM »Yes, still a workable beta. (Just beware of one issue with encryption rounds and logging in, and that CWP Migration does not work with EL9 currently.)
Quote
To fix the login issue, edit /etc/login.defs
find:
SHA_CRYPT_MAX_ROUNDS 10000
replace with
#SHA_CRYPT_MAX_ROUNDS 10000
Then set a new password for the affected user.
86
Information / Re: Is CWP still maintained?
« Last post by NIIcK on October 08, 2025, 06:23:49 AM »But if your not happy with CWP, maybe cPanel would suit your needs better.I don’t think going with a black-and-white mindset is the best way forward. Like I said, CWP isn’t “freeware,” no matter what the price tag is. If we keep thinking cheap means bad or that low cost equals poor communication, then we might as well shut things down and move on.
Your posts, @Starburst, basically prove my point about CWP’s communication. It’s been the community doing the talking and dealing with issues—not the CWP team.
Sure, being a sysadmin means reading a lot and keeping up with updates, but if you’re paying for a product, you expect certain things—like being kept in the loop about what’s happening with the platform that’s supposed to protect your business and income.
Big thanks, @Starburst, for the CSF fix here:
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/csf-firewall-error-oops-unable-to-download-no-host-option-provided/
.
Kinda bittersweet though—since this should’ve already been taken care of by CWP themselves.
87
Installation / Re: Public beta of CWP for AlmaLinux 9 Available
« Last post by Vinayak on October 08, 2025, 04:52:14 AM »Is this still in beta?
88
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« Last post by overseer on October 08, 2025, 01:10:18 AM »Additionally, last night I turned off my httpd service, but by the morning it was running again. It was restarted at 4 AM. I am not sure what caused it to turn back on, but this behavior looks weird.Various cron tasks will restart httpd as a matter of course. And CWP's cron tasks run overnight, particularly AutoSSL which runs at 4 am. If you really want to disable it, you could remove those cron tasks, issue systemctl disable httpd and block incoming ports 80 and 443 on the firewall. But then you won't have a web server anymore. But maybe that's what you're after...
89
Information / Re: Is CWP still maintained?
« Last post by Starburst on October 08, 2025, 12:54:55 AM »In 28/08/2025 i sent a ticket to support:
"Since CSF will no longer be updated, is there any alternative for CWP? Since there is no firewall directly in the CWP (only the CSF integration), this can have big downsides for the panel.
Announcement here: https://configserver.com/announcement/"
The response:
"Hello.
Yes, we know about the issue.
Regards,"
Indeed, the lack of comunication is concerning.
And CWP appears even more unmaintained to this point. Nothing really is "new".
And don't forget a preaty bad security issue, that was never explained: https://forum.centos-webpanel.com/centos-webpanel-bugs/critical-multiple-cwp-servers-infected-arbitrary-php-code-execution-via-publ/
This happend, and no, is not a issue with the websites or WordPress in the server. Was a issue with CWP that was never publicly confirmed by the team, and was fixed silently with the updates.
The lack of comunication is concerning, and the lack of new updates is also concerning.
Maybe is better start to look for alternatives, because CWP appears every single day more "dead".
CWP didn't have anything to do with ConfigServer closing down.
And there is nothing else on the market like CSF/LFD.
But v15.00 works fine, and will continue working.
After all the year, CSF pretty much doesn't need any updates. Which is good.
Again, the PHP Injection Attack, had nothing to do with CWP.
But happened to older servers that where not updated and their PHP hardened.
PHP Injection Attacks are common by script kiddies. And just don't happen to CWP.
GoDaddy's servers are constantly getting hacked, which are using Amazon AWS. lol
There are several articles out there on has to secure you php.ini config.
90
CentOS 7 Problems / Re: Clamav database update blocked by CDN
« Last post by Starburst on October 08, 2025, 12:48:14 AM »AL9 shows the same 1.4.3 version as AL8:
And @oversser is correct, there are No, None, Zilch, Zero, Nadda more updates for CentOS 7 since it's past EOL, and has been moved to the archive vault.
You need to update the server to AL8, if you want updates.
Code: [Select]
# clamd --version
ClamAV 1.4.3/27778/Tue Sep 30 08:29:52 2025
And @oversser is correct, there are No, None, Zilch, Zero, Nadda more updates for CentOS 7 since it's past EOL, and has been moved to the archive vault.
You need to update the server to AL8, if you want updates.