Recent Posts
91
CentOS 8 Problems / Re: packages update error AlmaLinux 8
« Last post by djprmf on October 10, 2025, 12:58:27 PM »Hi,
Try to do this commands in SSH:
sudo dnf clean all
sudo dnf update
if the error is still there, you can try to update anyway:
sudo dnf update --allowerasing
Try to do this commands in SSH:
sudo dnf clean all
sudo dnf update
if the error is still there, you can try to update anyway:
sudo dnf update --allowerasing
92
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« Last post by pedromidiasf on October 10, 2025, 12:58:06 PM »Cool. Thank you
93
CentOS 8 Problems / packages update error AlmaLinux 8
« Last post by setecabanas on October 10, 2025, 12:53:58 PM »In a fresh VPS with Almalinux8
I have tried to do:
dnf -update
Error:
Problem: package perl-IO-Compress-2.081-1.el8.noarch from @System requires perl(Compress::Raw::Zlib) >= 2.081, but none of the providers can be installed
- cannot install both perl-Compress-Raw-Zlib-1:2.061-4.el7.x86_64 from base and perl-Compress-Raw-Zlib-2.081-1.el8.x86_64 from @System
- cannot install both perl-Compress-Raw-Zlib-2.081-1.el8.x86_64 from baseos and perl-Compress-Raw-Zlib-1:2.061-4.el7.x86_64 from base
- cannot install the best update candidate for package perl-IO-Compress-2.081-1.el8.noarch
- cannot install the best update candidate for package perl-Compress-Raw-Zlib-2.081-1.el8.x86_64
- package perl-Compress-Raw-Zlib-2.093-1.module_el8.3.0+6149+d2c5d96d.x86_64 from appstream is filtered out by modular filtering
- package perl-Compress-Raw-Zlib-2.096-2.module_el8.10.0+3779+d5938d28.x86_64 from appstream is filtered out by modular filtering
(try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)
Any idea?
I have tried to do:
dnf -update
Error:
Problem: package perl-IO-Compress-2.081-1.el8.noarch from @System requires perl(Compress::Raw::Zlib) >= 2.081, but none of the providers can be installed
- cannot install both perl-Compress-Raw-Zlib-1:2.061-4.el7.x86_64 from base and perl-Compress-Raw-Zlib-2.081-1.el8.x86_64 from @System
- cannot install both perl-Compress-Raw-Zlib-2.081-1.el8.x86_64 from baseos and perl-Compress-Raw-Zlib-1:2.061-4.el7.x86_64 from base
- cannot install the best update candidate for package perl-IO-Compress-2.081-1.el8.noarch
- cannot install the best update candidate for package perl-Compress-Raw-Zlib-2.081-1.el8.x86_64
- package perl-Compress-Raw-Zlib-2.093-1.module_el8.3.0+6149+d2c5d96d.x86_64 from appstream is filtered out by modular filtering
- package perl-Compress-Raw-Zlib-2.096-2.module_el8.10.0+3779+d5938d28.x86_64 from appstream is filtered out by modular filtering
(try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)
Any idea?
94
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« Last post by djprmf on October 10, 2025, 11:21:16 AM »After that, anything can be changed realy. I notice some plugins changed, and theme files. Also there is a mu-plugin that is created to the redirect.
Location of those changes? Where can i find them?
The attacker have access to every file in your system. It could change anything...
I cannot provide you a "list" of what was changed in your case. Could be just the theme files, or nothing at all - some servers may still have the backdoor placed due to the exploitation of this vulnerability in CWP, but not "activated" - are there just waiting to a request that activates the malicious payload.
The WAF rules provided here can help, but don't fix the problem if your server is already affected.
The good news is that CWP already "silently patched" this vulnerability, so you should be safe from be attacked again if you use CWP.
I didn't check all the WAF rules provided here, but the request is activated with a specific query in a POST request made to the files placed in your server. If you simply access the files, they do nothing.
It should be a request like "domain.xxxx/defaiult.php?t=XXXXXXXXXX" - where XXXXXXXXXX is a specific query.
I did decode the files, and they install a webshell - thats it. What they do after that is from the attacker point of interest.
Unfortunately, if you have been affected by this, you have two options:
- Try to see the files that have been recently changed in your system. Not just the account that is affected, but ALL the system. After that, see if something was malicious changed.
- Don't consider the server safe. Try to deploy your accounts in a fresh new server - and make sure that every single website is also clean. Use something like WordFence, or more abroad, something like CPGuard to scan the accounts.
95
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« Last post by pedromidiasf on October 10, 2025, 11:00:35 AM »After that, anything can be changed realy. I notice some plugins changed, and theme files. Also there is a mu-plugin that is created to the redirect.
Location of those changes? Where can i find them?
96
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« Last post by djprmf on October 10, 2025, 06:29:00 AM »This is NOT a CWP bug.
PHP Injection Attacks will happen whenever.
You need to have your php.ini secured, and run ModSecurity with the latest OWASP CRS ruleset.
Along with running the latest PHP version you choose, 8.1, 8.2, 8.3 or 8.4
You'll also need to configured the OWASP base rules for services you run on that server.
NOTE: The CWAF ruleset is dead, and the last update was over a year ago.
Which is sad, this was a great ruleset.
For the PHP Injection Attack that has been going around, there has been fixes here how to clean up your PHP-FPM.
Sure, lets focus and talk.
Can you explain this sentence that you are providing in the quote text?
Kindly inform us how do you say that this is NOT a CWP security vulnerability and how do you get to that conclusion. Plese, don't refrain from use "tech mambo jambo", we are all sysadmin here after all
97
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« Last post by Starburst on October 10, 2025, 06:07:58 AM »I have not posted False or Mis-information.
Your post doesn't even make sense.
And all here know that I know what I'm talking about from my posts.
So just insulting me and others here hasn't made you any friends and lost you any support.
Unlike yourself.
I'm guessing your some kid or tween who just wants to come on the forums, post your BS mis-information, and argue with everyone.
So FOCUS...
Your post doesn't even make sense.
And all here know that I know what I'm talking about from my posts.
So just insulting me and others here hasn't made you any friends and lost you any support.
Unlike yourself.
I'm guessing your some kid or tween who just wants to come on the forums, post your BS mis-information, and argue with everyone.
So FOCUS...
98
Information / Re: Is CWP still maintained?
« Last post by djprmf on October 10, 2025, 12:25:58 AM »Your arguments reek of being a straw man. Is Cisco's IOS open source? Do you use any of their products $$$$? Do they offer full transparency into their development process? And do their CVE publications present everything factually without any sort of distortion or positive spin?
I am a paying CWP Pro customer and am generally happy with the product. It is NOT open source -- it is IonCube encoded to protect their development efforts -- and I'm okay with that. This is a capitalistic arrangement through and through.
At this point, I'm ready to say, "Go back under your bridge."
Yes. Every single example that you give have a public change log.
Do you need examples?
99
Information / Re: Is CWP still maintained?
« Last post by Martins-phpbb on October 10, 2025, 12:08:27 AM »Is CWP still maintained ?
No it's not that's why you still get updates although the changlogs would be kinda cool if that got updated.
No it's not that's why you still get updates although the changlogs would be kinda cool if that got updated.
100
Information / Re: Is CWP still maintained?
« Last post by overseer on October 09, 2025, 11:29:52 PM »Your arguments reek of being a straw man. Is Cisco's IOS open source? Do you use any of their products $$$$? Do they offer full transparency into their development process? And do their CVE publications present everything factually without any sort of distortion or positive spin?
I am a paying CWP Pro customer and am generally happy with the product. It is NOT open source -- it is IonCube encoded to protect their development efforts -- and I'm okay with that. This is a capitalistic arrangement through and through.
At this point, I'm ready to say, "Go back under your bridge."
I am a paying CWP Pro customer and am generally happy with the product. It is NOT open source -- it is IonCube encoded to protect their development efforts -- and I'm okay with that. This is a capitalistic arrangement through and through.
At this point, I'm ready to say, "Go back under your bridge."
