Messages

1

Backup / Re: Can't locate diagnostics.pm in @INC (you may need to install th....

« on: Today at 03:06:01 PM »

Maybe Starburst should answer since his production servers are AL9 -- I run my production servers under AL8 currently and only have a couple of test beds for AL9.

2

CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ

« on: Today at 12:29:06 PM »

Funny, this started as an information sharing thread but then devolved from there -- getting into sour personal attacks. I'm sorry I ever touched this tar baby. My point was, I can appreciate your report and will keep it on the radar because I see that you have a history here and contribute in a meaningful way. But when someone brand new comes on the scene trotting out security buzzwords and offering dubious advice about deleting the filemanager (instead of mitigating the attack vector in a non-destructive way)... well, take that for what it is. I'll go back to monitoring my servers now.

(Both security disclosures you linked to claim the CWP devs have patched the flaw, and both indicated it was against CentOS 7 -- so it bears monitoring but not hyperventilating.)

3

CentOS 8 Problems / Re: PHP compiling fails, strange ld / ldconfig behaviour?

« on: Today at 12:20:11 PM »

What is your end goal? Which mode are you going to use -- PHP switcher, suPHP, or php-fpm? Which versions of PHP would you like to have? Each case is a bit different.

4

CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ

« on: Today at 01:28:21 AM »

Firstly, I didn't say delete, I said rename a single file that inconveniences your users slightly...

But you did say delete, quoted twice in the previous posts on this thread. I call that dubious advice, as with removing the .php extension -- which won't neuter it -- a file containing PHP code can still be run by a php interpreter.

5

CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ

« on: July 08, 2025, 11:55:16 PM »

You want to delete /usr/local/cwpsrv/var/services/user_files/modules/filemanager.php (or rename it to like filemanager.php.disabled, make sure it no longer has .php extension at the end)

For now, however, I would like to repeat: Make sure no one can access your filemanager by deleting the file /usr/local/cwpsrv/var/services/user_files/modules/filemanager.php (or renaming it to filemanager.php.disabled).

6

CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ

« on: July 08, 2025, 06:10:10 PM »

Might need some more street cred here than just the 4 posts on this thread before people listen to the advice and go deleting (!) their filemanagers... A Chicken Little response doesn't usually end up well.

But, the file manager always has struck me as a sore thumb, bolted on to CWP -- and it looks to be an implementation of the Vue library, with treeVue and other JS integrated. Probably overdue for some attention & modernization. It hasn't changed much at all over the last 5+ years. Probably plenty of fleas...

7

Installation / Re: I don't receive a single message from root..??

« on: July 08, 2025, 02:50:57 PM »

Code: [Select]

mydestination = $myhostnameis most canonical, then you only have to change it once at the top of the file if the hostname needs to change. But for any of the main directives (mydestination, smtp_helo_hostname, smtpd_sasl_local_domain), you can hardcode the hostname if you want. Just get rid of CWP's buggy double equals on a line (interpreted as setting a string, then a variable).

8

Backup / Re: Can't locate diagnostics.pm in @INC (you may need to install th....

« on: July 08, 2025, 02:45:42 PM »

See Starburst's post here to see his prerequisites on AL9 before installing CWP:
https://forum.centos-webpanel.com/csf-firewall/possible-fix-to-why-csflfd-isn-t-installing/msg51087/#msg51087

9

CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ

« on: July 08, 2025, 02:25:06 PM »

So according to the 2 vulnerability reports you mentioned, it's limited to EOL CentOS 7 systems -- for which support ended over a year ago. Not too surprising, really. The longer those systems are on the internet, the more of sitting ducks they become. Time to migrate to AlmaLinux!

Can you confirm that you both are running CentOS 7 systems?

Caught one probe for this vuln on one of my Alma systems, coming from Hong Kong:

Code: [Select]

[root@alma]# grep "module=filemanager" /usr/local/cwpsrv/logs/access_log
91.124.30.69 - - [08/Jul/2025:04:50:00 -0500] "POST /myuser/index.php?module=filemanager&acc=changePerm HTTP/1.1" 404 147 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14.7; rv:134.0) Gecko/20100101 Firefox/134.0"

10

Backup / Re: Can't locate diagnostics.pm in @INC (you may need to install th....

« on: July 08, 2025, 02:01:02 PM »

How did you install perl? Base install of AlmaLinux 9, then CWP installer? Anything custom installed as pre-requisites (as Starburst recommends on an AL9 system)?

11

CentOS 8 Problems / Re: how to connect Github repository by domain user

« on: July 08, 2025, 12:24:47 PM »

Try to contact the project owner/lead developer on GitHub. Open an issue there and see if you get a response or some activity on the project. It looked dormant when I looked at it. I will check with a web dev who is using GitHub for a site on one of my servers.

12

Backup / Re: Can't locate diagnostics.pm in @INC (you may need to install th....

« on: July 08, 2025, 12:21:43 PM »

Is your server defaulted to perl 5.26 or 5.32?

Code: [Select]

dnf module list perl
If you want to change your perl version, you can do:

Code: [Select]

sudo dnf module reset perl
sudo dnf module enable perl:5.32But be advised that you will experience conflicts if you change the default perl version from what came with your system. Some perl modules only support 5.24, some 5.26, and some 5.32.

13

Installation / Re: I don't receive a single message from root..??

« on: July 08, 2025, 12:16:57 PM »

Keep backups of your main config files (postfix, dovecot, apache, nginx) and vhost definition files. Assume that rebuilding mail & web servers will nuke your changes -- so have a backup to replace the default or merge back in your changes. But you shouldn't ever have to change those once the server is set up.

14

Migration from other control panels / Re: CWP to CWP migration error in transfer file

« on: July 07, 2025, 08:07:25 PM »

The error appears to be on the legacy CentOS 7 end; no problems on the AlmaLinux 8 end. The 35 in the SSL connect error was a good clue:

Code: [Select]

[root@srv]# /usr/local/cwpsrv/htdocs/resources/scripts/check_api
User API port 2302 check: OK
Oauth query check: OK
User API folder check: OK
External API port 2304 check: OK
curl: (35) SSL received a record that exceeded the maximum permissible length.
External API files and htaccess : OK
CSF Firewall status check: DISABLEDAnd testing curl directly:

Code: [Select]

[root@srv]# curl -v https://127.0.0.1:2304/v1/testapi/
* About to connect() to 127.0.0.1 port 2304 (#0)
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 port 2304 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS error -12263 (SSL_ERROR_RX_RECORD_TOO_LONG)
* SSL received a record that exceeded the maximum permissible length.
* Closing connection 0
curl: (35) SSL received a record that exceeded the maximum permissible length.

15

CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ

« on: July 07, 2025, 06:50:55 PM »

Actually, it looks to be a Thai porno/romance portal -- the PayPal payment script is probably to reel in payments.
https://www.nongwangkudrung.go.th/video/
(not going to make this a clickable link)