Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - overseer

Pages: [1] 2 3 ... 101
1
Maybe Starburst should answer since his production servers are AL9 -- I run my production servers under AL8 currently and only have a couple of test beds for AL9.

2
Funny, this started as an information sharing thread but then devolved from there -- getting into sour personal attacks. I'm sorry I ever touched this tar baby. My point was, I can appreciate your report and will keep it on the radar because I see that you have a history here and contribute in a meaningful way. But when someone brand new comes on the scene trotting out security buzzwords and offering dubious advice about deleting the filemanager (instead of mitigating the attack vector in a non-destructive way)... well, take that for what it is. I'll go back to monitoring my servers now.

(Both security disclosures you linked to claim the CWP devs have patched the flaw, and both indicated it was against CentOS 7 -- so it bears monitoring but not hyperventilating.)

3
What is your end goal? Which mode are you going to use -- PHP switcher, suPHP, or php-fpm? Which versions of PHP would you like to have? Each case is a bit different.

4
Firstly, I didn't say delete, I said rename a single file that inconveniences your users slightly...
But you did say delete, quoted twice in the previous posts on this thread. I call that dubious advice, as with removing the .php extension -- which won't neuter it -- a file containing PHP code can still be run by a php interpreter.

5
You want to delete /usr/local/cwpsrv/var/services/user_files/modules/filemanager.php (or rename it to like filemanager.php.disabled, make sure it no longer has .php extension at the end)
For now, however, I would like to repeat: Make sure no one can access your filemanager by deleting the file /usr/local/cwpsrv/var/services/user_files/modules/filemanager.php (or renaming it to filemanager.php.disabled).

6
Might need some more street cred here than just the 4 posts on this thread before people listen to the advice and go deleting (!) their filemanagers... A Chicken Little response doesn't usually end up well.

But, the file manager always has struck me as a sore thumb, bolted on to CWP -- and it looks to be an implementation of the Vue library, with treeVue and other JS integrated. Probably overdue for some attention & modernization. It hasn't changed much at all over the last 5+ years. Probably plenty of fleas...

7
Installation / Re: I don't receive a single message from root..??
« on: July 08, 2025, 02:50:57 PM »
Code: [Select]
mydestination = $myhostnameis most canonical, then you only have to change it once at the top of the file if the hostname needs to change. But for any of the main directives (mydestination, smtp_helo_hostname, smtpd_sasl_local_domain), you can hardcode the hostname if you want. Just get rid of CWP's buggy double equals on a line (interpreted as setting a string, then a variable).

8
See Starburst's post here to see his prerequisites on AL9 before installing CWP:
https://forum.centos-webpanel.com/csf-firewall/possible-fix-to-why-csflfd-isn-t-installing/msg51087/#msg51087

9
So according to the 2 vulnerability reports you mentioned, it's limited to EOL CentOS 7 systems -- for which support ended over a year ago. Not too surprising, really. The longer those systems are on the internet, the more of sitting ducks they become. Time to migrate to AlmaLinux!

Can you confirm that you both are running CentOS 7 systems?

Caught one probe for this vuln on one of my Alma systems, coming from Hong Kong:
Code: [Select]
[root@alma]# grep "module=filemanager" /usr/local/cwpsrv/logs/access_log
91.124.30.69 - - [08/Jul/2025:04:50:00 -0500] "POST /myuser/index.php?module=filemanager&acc=changePerm HTTP/1.1" 404 147 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14.7; rv:134.0) Gecko/20100101 Firefox/134.0"

10
How did you install perl? Base install of AlmaLinux 9, then CWP installer? Anything custom installed as pre-requisites (as Starburst recommends on an AL9 system)?

11
Try to contact the project owner/lead developer on GitHub. Open an issue there and see if you get a response or some activity on the project. It looked dormant when I looked at it. I will check with a web dev who is using GitHub for a site on one of my servers.

12
Is your server defaulted to perl 5.26 or 5.32?
Code: [Select]
dnf module list perl
If you want to change your perl version, you can do:
Code: [Select]
sudo dnf module reset perl
sudo dnf module enable perl:5.32
But be advised that you will experience conflicts if you change the default perl version from what came with your system. Some perl modules only support 5.24, some 5.26, and some 5.32.

13
Installation / Re: I don't receive a single message from root..??
« on: July 08, 2025, 12:16:57 PM »
Keep backups of your main config files (postfix, dovecot, apache, nginx) and vhost definition files. Assume that rebuilding mail & web servers will nuke your changes -- so have a backup to replace the default or merge back in your changes. But you shouldn't ever have to change those once the server is set up.

14
The error appears to be on the legacy CentOS 7 end; no problems on the AlmaLinux 8 end. The 35 in the SSL connect error was a good clue:
Code: [Select]
[root@srv]# /usr/local/cwpsrv/htdocs/resources/scripts/check_api
User API port 2302 check: OK
Oauth query check: OK
User API folder check: OK
External API port 2304 check: OK
curl: (35) SSL received a record that exceeded the maximum permissible length.
External API files and htaccess : OK
CSF Firewall status check: DISABLED
And testing curl directly:
Code: [Select]
[root@srv]# curl -v https://127.0.0.1:2304/v1/testapi/
* About to connect() to 127.0.0.1 port 2304 (#0)
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 port 2304 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS error -12263 (SSL_ERROR_RX_RECORD_TOO_LONG)
* SSL received a record that exceeded the maximum permissible length.
* Closing connection 0
curl: (35) SSL received a record that exceeded the maximum permissible length.

15
Actually, it looks to be a Thai porno/romance portal -- the PayPal payment script is probably to reel in payments.
https://www.nongwangkudrung.go.th/video/
(not going to make this a clickable link)

Pages: [1] 2 3 ... 101