Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
1
CSF Firewall / Re: Tweaked CSF update instructions for CWP path
« on: September 08, 2025, 04:03:20 AM »
Never mind! I found the other thread explaining how to re-enable auto updates.
2
CSF Firewall / Re: Tweaked CSF update instructions for CWP path
« on: September 08, 2025, 02:54:49 AM »
Is there a plan to have the CSF files available for automatic updates, instead of doing it manually from Github?
3
CentOS-WebPanel Bugs / Re: [FIX] user panel login is not working
« on: August 22, 2024, 10:10:14 PM »
Does this fix address the user control panel login issue, in which it keeps redirecting back to the login screen after successfully logging in? I applied the steps that Sandeep posted, except for the LE SSL, and I still have the same issue. I did not see an option to issue an LE SSL.
Thank you.
Thank you.
4
Information / Re: Will CWP Break from Upgrading to Centos 8?
« on: August 04, 2024, 03:19:03 PM »
Thank you for the information. I've been looking into AlmaLinux and it seems very similar to CentOS.
Is there a recommended program to take the snapshot?
Is there a recommended program to take the snapshot?
5
Information / Will CWP Break from Upgrading to Centos 8?
« on: August 04, 2024, 02:15:46 AM »
I'm still on Centos 7 and, of course, it reached end of life. I found a way to upgrade to Centos 8, without starting over.
https://www.tecmint.com/upgrade-centos-7-to-centos-8/
I tested this on a different server and it works, however CWP was already having issues (500 error) prior to the upgrade. Therefore, I don't know whether CWP would break from the upgrade.
Has anyone upgraded successfully from 7 to 8, and still have CWP working?
Thank you,
Michael
https://www.tecmint.com/upgrade-centos-7-to-centos-8/
I tested this on a different server and it works, however CWP was already having issues (500 error) prior to the upgrade. Therefore, I don't know whether CWP would break from the upgrade.
Has anyone upgraded successfully from 7 to 8, and still have CWP working?
Thank you,
Michael
6
CSF Firewall / Re: Still Get SSH Login Attempts with PW Auth Disabled
« on: March 13, 2024, 02:21:46 AM »
Thank you. I found a few other references. So far, I haven't received any other alerts.
7
CSF Firewall / Re: Still Get SSH Login Attempts with PW Auth Disabled
« on: March 11, 2024, 06:14:13 PM »
I removed the SSH port number from the TCP_IN and TCP_OUT ports list in csf.conf, and confirmed I can still connect. Hopefully, that will stop them.
Thank you,
Michael
Thank you,
Michael
8
CSF Firewall / Re: Still Get SSH Login Attempts with PW Auth Disabled
« on: March 10, 2024, 03:13:03 AM »
I prefer to receive LFD notifications, to know what's going on. I have "PermitRootLogin" set to "no", and the number of attempts set to "1" before blocking the IP.
However, I would like to know how hackers are still able to attempt a login at all, if I have PasswordAuthentication set to "no" and PubkeyAuthentication set to "yes".
Thank you,
Michael
However, I would like to know how hackers are still able to attempt a login at all, if I have PasswordAuthentication set to "no" and PubkeyAuthentication set to "yes".
Thank you,
Michael
9
CSF Firewall / Re: Still Get SSH Login Attempts with PW Auth Disabled
« on: March 09, 2024, 03:58:15 PM »
I changed the port number for SSH long ago, and only recently disabled password authentication. But, even with the port number changed, I don't see how they are reaching a login prompt if they find it.
Thank you,
Michael
Thank you,
Michael
10
CSF Firewall / Still Get SSH Login Attempts with PW Auth Disabled
« on: March 09, 2024, 01:30:06 AM »
Greetings,
I have PasswordAuthentication disabled and PubkeyAuthentication enabled in my sshd_config file. As expected, I can log in with a key file, but not with a password.
However, I continue to receive LFD alert emails of attempted password logins. Fortunately, I have the number of attempts before blocking the IP set to 1:
"Mar 8 11:45:52 server sshd[21937]: Invalid user ubuntu from 113.194.225.168 port 35078"
When I attempt to log in with a password externally to my public IP, it fails as expected:
"No supported authentication methods available (server sent: publickey,gssapi-keyex,gssapi-with-mic)"
How are some hackers still able to reach the login prompt?
Thank you,
Michael
I have PasswordAuthentication disabled and PubkeyAuthentication enabled in my sshd_config file. As expected, I can log in with a key file, but not with a password.
However, I continue to receive LFD alert emails of attempted password logins. Fortunately, I have the number of attempts before blocking the IP set to 1:
"Mar 8 11:45:52 server sshd[21937]: Invalid user ubuntu from 113.194.225.168 port 35078"
When I attempt to log in with a password externally to my public IP, it fails as expected:
"No supported authentication methods available (server sent: publickey,gssapi-keyex,gssapi-with-mic)"
How are some hackers still able to reach the login prompt?
Thank you,
Michael
11
Updates / Re: Automatic YUM Updates?
« on: February 21, 2024, 04:42:41 AM »
Thank you for the clarification.
Michael
Michael
12
Updates / Re: Automatic YUM Updates?
« on: February 19, 2024, 03:45:42 AM »
Thank you for your reply! Did you install "yum-cron", or are you using just YUM? It seems like the latter, where you are simply adding the YUM update to the daily jobs.
Michael
Michael
13
Updates / Automatic YUM Updates?
« on: February 18, 2024, 01:59:07 AM »
Is there a way to configure CWP Pro to automatically perform YUM updates, instead of starting them manually?
I found a way to configure a YUM cron to automatically install updates, but I don't know if this would have a conflict with CWP. The link is below.
https://www.howtoforge.com/tutorial/how-to-setup-automatic-security-updates-on-centos-7/
Michael
I found a way to configure a YUM cron to automatically install updates, but I don't know if this would have a conflict with CWP. The link is below.
https://www.howtoforge.com/tutorial/how-to-setup-automatic-security-updates-on-centos-7/
Michael
14
How to / Re: Preventing Access to wp-login and xmlrpc.php
« on: February 05, 2024, 04:33:30 AM »
Thank you for the feedback. I actually installed WordFence a couple of days ago, and am working on learning about it, and configuring it. Therefore, I did not know that it can already manage these issues. However, I have always liked (Rick) rolling my own solutions, when possible. I learn a lot that way, too. Thanks again.
15
How to / Preventing Access to wp-login and xmlrpc.php
« on: February 05, 2024, 02:43:48 AM »
I was receiving numerous alerts each day regarding attempts to break into my WP sites. At first, I renamed the wp-login.php file to something else, however I would still receive the alerts with 301 or 302 errors, since hackers or bots try to access the usual file. I decided to do something more. I re-created the wp-login.php file, however the file now contains this script:
<?php
$ipaddress = getenv("REMOTE_ADDR") ;
$username = get_current_user() ;
$comment = $username . " wp-login" ;
shell_exec("sudo /usr/sbin/csf -d $ipaddress $comment" );
header("Location: https://www.youtube.com/watch?v=BBJa32lCaaY/");
?>
The script gets the calling IP address, site owner, and file name, and then executes the CSF Deny function. The username and file name are included as a comment, so I can know which site and file were accessed. Then, the page sends them off to be Rick Rolled. This way, they never have a chance to try logging in, and the IP address is immediately blocked, preventing them from trying again. However, for this to work, the site owner username must be in the Wheel group with NOPASSWORD enabled. I still continue getting numerous break-in attempts each day, but the page never needs to load. Instead, it goes straight to Youtube.
In addition, as I understand, the xmlrpc.php file is no longer necessary, but is vulnerable to hacking exploits. Therefore, I put the same script in that file too, and have it set to add that file name in the DENY comments.
So far, this method is working very well, and I no longer need to be concerned with people trying to log in or access that xmlrpc file.
<?php
$ipaddress = getenv("REMOTE_ADDR") ;
$username = get_current_user() ;
$comment = $username . " wp-login" ;
shell_exec("sudo /usr/sbin/csf -d $ipaddress $comment" );
header("Location: https://www.youtube.com/watch?v=BBJa32lCaaY/");
?>
The script gets the calling IP address, site owner, and file name, and then executes the CSF Deny function. The username and file name are included as a comment, so I can know which site and file were accessed. Then, the page sends them off to be Rick Rolled. This way, they never have a chance to try logging in, and the IP address is immediately blocked, preventing them from trying again. However, for this to work, the site owner username must be in the Wheel group with NOPASSWORD enabled. I still continue getting numerous break-in attempts each day, but the page never needs to load. Instead, it goes straight to Youtube.
In addition, as I understand, the xmlrpc.php file is no longer necessary, but is vulnerable to hacking exploits. Therefore, I put the same script in that file too, and have it set to add that file name in the DENY comments.
So far, this method is working very well, and I no longer need to be concerned with people trying to log in or access that xmlrpc file.
Pages: [1] 2
