Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - JeroenL

Pages: [1]
1
CSF Firewall / lfd: (WPLOGIN) WP Login Attack (false positives)
« on: May 11, 2022, 09:03:58 AM »
Hi, since a couple of months i have been getting this issue, probably since centos webpanel added new features or made excisting features more strict.

I use CWP pro on different servers variating from CentOS 7-8.

Whenever a user or admin for a wordpress website reauthenticate it's login or resets it's password the users ip address gets blocked with the following rule.

lfd: (WPLOGIN) WP Login Attack 123.123.123.123 (XX/Country/-): 5 in the last 3600 secs - ##Timestamp##

I tried raising the max allowed failed logins but all settings that used "5" in the config file don't affect the setting.
Changing the period of time to check from 3600 to 60 gives same result, changing it to 1 sec seems to solve the false positives but also makes the solution worthless..

So how can i raise the max failed login's for wordpress sites in CSF/LFD so these false positives will stop blocking real customers.....

If this isn't an option i allrdy have a superb block/allow list which basicly makes this whole wordpress LFD solution obsolete since the only thing it blocks now is real customers.

I rather keep this part of CSF/LFD runnning correctly as intended with let's say a higher number then "5" instead of turning it off completely.

Thanks in advance for your replies!

2
CentOS-WebPanel Bugs / cron uses different php version
« on: May 24, 2021, 12:09:24 PM »
I use CWP Pro (CWPpro version: 0.9.8.1064)

I have edited php.ini version for PHP-FPM 7.3.28

User account's use the correct version.

But now it seems that cwp and also cron uses the old version from PHP Version Switcher which was used before the upgrade to cwppro.

Is it intended that after upgrade and activating PHP-FPM 2 different php versions are used?

The problem i run into is.

When a user is using cron then cron is being run with different php.ini settings.

When using USE_PHP=/usr/local/bin/php inside the file that is executed by cron then the settings are being used from the cwp php.ini configuration.
When i try to set it as;
/opt/alt/php-fpm73/usr/php/php.ini then i get file permission errors.

Since i rather don't change those file permissions i would like to ask what would be the best way togo?

I could maintain 2 versions but that seems a little odd

extra info:

I need cron to be able to use the opcache module that comes with fpm....

PHP Version switcher doesn't seem to have those options

3
allowing 37.187.72.216 does activate the pro license again but the errors in the console stay.

Any idea on how to solve the remaining errors?

P.S.
It looks a bit weird that the hoster of these ip's is a reseller from cpanel  ;D :o

4
Information / Extra error info
« on: December 30, 2020, 11:54:09 AM »
As shown below it won't connect even allowing ip 37.187.72.216 and putting that ip in the ignore list won't let it register. there is a block for the subnet 37.187.xxx.xxx in my csf.deny file.

sending a ping to 37.187.72.216 also has many drops over 50% (both from server ip as from residential ip)
Allowing 37.187.72.216 removed the below error

Code: [Select]
PHP Warning:  file_get_contents(http://centos-webpanel.com/webpanel/versions/el7.txt): failed to open stream: Connection refused in /usr/local/cwpsrv/htdocs/resources/admin/include/cron.php on line 0
PHP Notice:  Undefined offset: 1 in /usr/local/cwpsrv/htdocs/resources/admin/include/cron.php on line 0
Redirecting to /bin/systemctl restart cwpsrv.service

But the register errors stay alive

Code: [Select]
sh /scripts/update_cwp


====================================================
============= CentOS Web Panel Cron ================
====================================================


###########################
Firewall Flush Daily Blocks
###########################


######################
Update Server Packages
######################
PHP Warning:  file_get_contents(http://centos-webpanel.com/webpanel/versions/el7.txt): failed to open stream: Connection refused in /usr/local/cwpsrv/htdocs/resources/admin/include/cron.php on line 0
PHP Notice:  Undefined offset: 1 in /usr/local/cwpsrv/htdocs/resources/admin/include/cron.php on line 0
Redirecting to /bin/systemctl restart cwpsrv.service

** (pkttyagent:27707): WARNING **: 12:43:04.348: Unable to register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject
Error registering authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject (polkit-error-quark, 0)
Redirecting to /bin/systemctl restart httpd.service

** (pkttyagent:27777): WARNING **: 12:43:04.594: Unable to register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject
Error registering authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject (polkit-error-quark, 0)
Redirecting to /bin/systemctl reload httpd.service

** (pkttyagent:27939): WARNING **: 12:43:09.118: Unable to register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject
Error registering authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject (polkit-error-quark, 0)

** (pkttyagent:28065): WARNING **: 12:43:11.029: Unable to register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject
Error registering authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject (polkit-error-quark, 0)
Redirecting to /bin/systemctl reload nginx.service

** (pkttyagent:28095): WARNING **: 12:43:11.134: Unable to register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject
Error registering authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject (polkit-error-quark, 0)

** (pkttyagent:28113): WARNING **: 12:43:11.212: Unable to register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject
Error registering authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject (polkit-error-quark, 0)
Redirecting to /bin/systemctl reload httpd.service

** (pkttyagent:28142): WARNING **: 12:43:11.332: Unable to register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject
Error registering authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject (polkit-error-quark, 0)

5
Another server also lost the license!

So please let me know what ip addres(ses) to allow for Centos webpanel.

ty very much


Hello,

I have been using CWP Pro for several years now for myself and some clients.
This is working as expected, very good job there for the team.

I'm busy making a whitelist for services that should be able to connect to specific servers for specific tasks.
The CWP Pro license on one of the machines that is participating suddenly got expired :o.

Since the firewall on that machine has been setup very strict i'm guessing it needs to be allowed certain connections to maybe certain ports.

Is there anyone who can telle me what ip(s) to exclude from the deny list?

Kind regards

6
Hello,

I have been using CWP Pro for several years now for myself and some clients.
This is working as expected, very good job there for the team.

I'm busy making a whitelist for services that should be able to connect to specific servers for specific tasks.
The CWP Pro license on one of the machines that is participating suddenly got expired :o.

Since the firewall on that machine has been setup very strict i'm guessing it needs to be allowed certain connections to maybe certain ports.

Is there anyone who can telle me what ip(s) to exclude from the deny list?

Kind regards

7
Information / Re: Outgoing api call blocked
« on: September 23, 2019, 02:32:43 PM »
When serving the files from http it seems to work and when let's encrypt certificate gets installed and it's served over https then it won't work anymore....

Any ideas anyone?

8
Information / Outgoing api call blocked
« on: September 22, 2019, 09:23:44 PM »
Hosting a front-end https://github.com/dvandal/cryptonote-nodejs-pool pool site. Used code is inside the website_example folder. The outgoing api call to the pool server on a different host is being blocked somewhere. Test with same files on a different host works straight out of the box.

The api call is being made to port 8117.

Server info
Distro Name: CentOS Linux release 7.7.1908 (Core)
Kernel Version: 3.10.0-1062.1.1.el7.x86_64
Platform: x86_64 kvm
Apache version: Apache/2.4.39
PHP version: 7.2.12 PHP-FPM is forced
MySQL version: 10.1.41-MariaDB
FTP version: 1.0.47
Web Servers: nginx-varnish-apache

I tried disabling the firewall and mod security but that doesnt make a difference.
Any other ideas where to look?

Thanks in advance.

Pages: [1]