Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - iraqiboy90

Pages: [1] 2 3 ... 18
1
Currently the cwp team is working many hours to make everything work on el9, everything will be completed soon

I'm not familiar with the acronym of "EL9". Does this refer to RHEL 9? Meaning support for CentOS Stream 9 also?

I'm currently running CentOS stream 8.

2
E-Mail / Re: Client host rejected: Access denied
« on: April 13, 2023, 02:50:19 PM »
You seem to have a problem with this line:
Code: [Select]
smtpd_client_restrictions = reject_unknown_clientUncomment this.

Here's my resctrictions on my main.cf file:
Code: [Select]
# rules restrictions
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        check_sender_access hash:/etc/postfix/sender_access
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031,
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain,
        check_policy_service unix:private/policyd-spf
        #reject_rhsbl_helo dbl.spamhaus.org,
        #reject_rhsbl_reverse_client dbl.spamhaus.org,
        #reject_rhsbl_sender dbl.spamhaus.org,
        #reject_rbl_client zen.spamhaus.org
# uncomment for realtime black list checks
# ,reject_rbl_client zen.spamhaus.org
# ,reject_rbl_client bl.spamcop.net
# ,reject_rbl_client dnsbl.sorbs.net

3
E-Mail / Re: Client host rejected: Access denied
« on: April 10, 2023, 09:45:51 PM »
Please post the content of /etc/postfix/main.cf

4
PHP / Re: None PHP7+ installation was found!
« on: April 09, 2023, 07:50:47 PM »
i have Pro version of CWP but I dont't have Managed CWP

If you can't install PHP-FPM with CWP Pro, then you have something wrong with your system.
If you want to manually install PHP Defender then look at this only if you have PHP-FPM already installed, but I still wouldn't recommend a manual install. I would recommend reinstalling the entire system and reinstall CWP Pro.
https://forum.centos-webpanel.com/index.php?topic=11590.msg39998#msg39998

by the way, you need PHP-FPM version 7+ if you want PHP Defender.

5
Information / Re: Cloudflare Tunnel
« on: April 09, 2023, 07:46:06 PM »
Technically, any privately provided internet service from an ISP is for private use only. Most ISPs don't monitor you, but lets say you have fiber and a static IP. If you start getting DDOS-ed and/or a lot of activity, then they will start looking into you.

Take a look into these articles:
https://developers.cloudflare.com/fundamentals/get-started/setup/allow-cloudflare-ip-addresses/#allowlist-cloudflare-ip-addresses
https://gist.github.com/Manouchehri/cdd4e56db6596e7c3c5a

6
Information / Re: Ebury trojan on all of my CWP servers
« on: April 09, 2023, 07:30:39 PM »
Ok, there seems to be a possible false positive story going on here...

Step by step:
First:
Code: [Select]
ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected"This code's only purpose is to find out whether or not the command "ssh -G" returns the message "illegal option" in the first line. If it doesnt return this line, then it somehow means that the system is infected.

Second:
Searching for those files:
Code: [Select]
[root@pmail ~] ls -all /lib64/libkeyutils.so*
lrwxrwxrwx  1 root root    27 Jun 19  2021 /lib64/libkeyutils.so -> /usr/lib64/libkeyutils.so.1
lrwxrwxrwx. 1 root root    18 Jun 19  2021 /lib64/libkeyutils.so.1 -> libkeyutils.so.1.6
-rwxr-xr-x. 1 root root 16192 Jun 19  2021 /lib64/libkeyutils.so.1.6
Take a look at the date.

Next step is to check if those files are installed from a repo:
Code: [Select]
[root@pmail ~]# rpm -q --whatprovides /lib64/libkeyutils.so*
keyutils-libs-devel-1.5.10-9.el8.x86_64
keyutils-libs-1.5.10-9.el8.x86_64
keyutils-libs-1.5.10-9.el8.x86_64

Next step is to check when was this installed:
Code: [Select]
[root@pmail ~]# dnf history list keyutils-libs
ID     | Command line                                                                                                                                                                           | Date and time    | Action(s)      | Altered
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
     1 |                                                                                                                                                                                        | 2021-12-26 14:06 | Install        |  362 EE
Take a look at the date and what line number is this. It says line number 1. Which means these files are installed on the first ever install
Code: [Select]
[root@pmail ~]# dnf history info 1 | grep 'keyutils-libs'
    Install keyutils-libs-1.5.10-9.el8.x86_64                         @baseos
This install was BEFORE CWP was installed. So, this seems like some mass hysteria going on with these files. It's a false positive.

Third:
Code: [Select]
netstat -plan | grep atdIt returns a result, but nothing is using it.

Probably because I have all ports closed except those needed?
Now, does a result from this last command indicate that my system is infected?

Here is an example of another article saying that a result like this means you're infected:
Quote
unix 2 [ ACC ] STREAM LISTENING 103713 8119/atd @/tmp/dbus-ZP7tFO4xsL
The red part is what indicates infection. I don't have the red part on my output.

7
PHP / Re: None PHP7+ installation was found!
« on: March 23, 2023, 05:58:27 PM »
Snuffleupagus (aka PHP Defender) only works with PHP-FPM.
PHP-FPM is only available with the Pro version of CWP.

8
Information / Re: Ebury trojan on all of my CWP servers
« on: March 23, 2023, 05:52:48 PM »
just did a complete scan. Took 108 minutes scanning almost half a million files. I dont have it

9
Installation / Re: mail server only
« on: March 14, 2023, 04:18:59 PM »
oh wait, I havnt though about the part of SSL renewal. I think this CWP process needs those http ports open? and even possibly requiring correct DNS configuration to the same server.

On my server, I have not installed individual email SSL certificates for each domain. What I have done is to let all email account use the same smtp/imap hostname which is the same address as the server hostname/URL. This way I only need to renew the SSL for the hostname instead of all of them. This way, you may also create a script that will manually renew the certificate without using http-verification method

10
Installation / Re: mail server only
« on: March 10, 2023, 04:06:46 PM »
I get nightly forensic reports from google on my spf and dkim records.  They are always positive.  Google pays close attention to both of these records.

But I still have the question of how do I set up individual emails on the mail server without domains on the same server:

info@domain1.com
info@domain2.com
info@domain3.com

etc etc.

You will have to create a domain in order to create emails for those domains. After that, just don't point any DNS A-record to this server.
Block http/https ports with firewall as well if you like to completely block them.

11
New Modules / Re: [module] PhpMyAdmin auto login
« on: December 22, 2022, 05:30:42 PM »
Please does anyone know how to make this work for CWP in 2022?

Have you even tried the phpmyadmin button in the menu of admincp and usercp instead of reviving a 7 years old thread?
It's already there!

In my opinion, this should actually be reversed. I don't like auto-logins to security-sensitive areas.

12
CentOS-WebPanel Bugs / Re: BUG: CWP Reseller [POSITIVE]
« on: December 22, 2022, 05:25:29 PM »
You can ask about it directly in email to the devs. They usually answer that one pretty fast (I hope so still). I don't want to post the email address here so it doesn't get abused. If you search for it enough, you will find it.

13
E-Mail / Re: NewBackup backup vmail problem
« on: December 22, 2022, 05:22:34 PM »
This is an interesting problem. Thanks for sharing this with us. I will keep this in mind if I ever need to manually import backed up mail

14
CentOS-WebPanel Bugs / Re: BUG: CWP Reseller [POSITIVE]
« on: December 21, 2022, 02:55:04 PM »
hey, if you haven't done so yet,

bug reports go here: https://bugs.control-webpanel.com/view_all_bug_page.php

Gets noticed faster

edit: Nevermind, I see you posted about it there.

15
Like Starburst says, the first ever thing you do after you login to your SSH for the first time is change SSH port and secure it.
Then, my second step (for my scenario) is to secure the entire server immediately by blocking every INPUT port except my IP.

Then I install CWP.

After CWP is installed. CWP will have wiped everything I did with the server's firewall, so now I have to go into CWP and apply my blocking rules there.


BTW, since you have access to iftables, you can enable it to show which port is being used which will help you get one step closer to this.
and based on that first graph you have included, it seems like a script is getting executed and then the outgoing traffic starts

Pages: [1] 2 3 ... 18