Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - iraqiboy90

Pages: [1] 2 3 ... 5
1
Information / Re: CWP changelog
« on: January 15, 2022, 06:37:11 PM »
What does 0.9.8.1118 do now?

That didnt take long.
0.9.8.1119

I would like to see this added to the changelog with info on what's in it

2
CentOS 7 Problems / Re: Problems with Mail Service
« on: January 15, 2022, 05:27:14 PM »
Also, according to your first log, it seems like your server is being used as a relay (a big no no), and also that you are already being blocked by yahoo.... (uff..) Right now they are giving you error code 421 which means temporarily rejected. They will eventually issue a permanent 554 error code.
An IPv4 address is precious. You need to get to the bottom of this spam issue quickly otherwise it will be hard to get your IP's reputation clean again. No hosting provider will allow you to change your IP of the server, specially if they know that you have tainted it by getting it on the blacklist.

You are already on 4 blacklists...
https://www.blacklistmaster.com/check?t=78.142.2.53

My recommendation for saving your IP is to completely shutdown postfix so the server won't send any more mail. You can keep dovecot open so you have access to the mail accounts with roundcube. Then take your time to figure it out.

3
Information / Re: CWP changelog
« on: January 15, 2022, 05:11:11 PM »
What does 0.9.8.1118 do now?

4
CentOS-WebPanel GUI / Re: Mod_Security's Security incidents wrong IP
« on: January 15, 2022, 11:43:18 AM »
This is a ModSecurity issue, and it will not be fixed in 2.x versions.
Check:
https://github.com/SpiderLabs/ModSecurity/issues/811

Regards,
Netino

have you tried installing v3?

5
Apache / Re: Apache vhosts configuration
« on: January 15, 2022, 11:13:26 AM »
The problem is in the latest versions of cwp panel free (CWP version: 0.9.8.1117) under centos 7 after January 1, 2022.
Apache php-frm.
I use my domain templates in the form of
.stpl
.tpl
I choose them according to the instructions for the domain.
When rebuilding vhosts files, I get the following:
file:
.conf is correct from .tpl
.ssl.conf does not match .stpl
How to deal with these??
It is clear that if I rule directly .ssl.conf - then when updating it all breaks.
As a result, the site does not work. And the system makes these rebuilds often- after a few hours of observation.
Please help me.
Yuri

@Netino, there is nothing to understand.

He is using the free version of CWP and is trying to use PHP-FPM related stuff. PHP.FPM is Pro CWP.

@Yuriy Either buy a Pro license, or stick to vhosts/httpd/php-fpm (the NON-FPM version)

Also, most wiki related instructions are based on the assumption that the reader has the Pro version.

6
CentOS 7 Problems / Re: Problems with Mail Service
« on: January 15, 2022, 11:09:32 AM »
Antivirus scan doesn`t find anything but the spam is still sending from server hostname:

Can you elaborate on your question? Are you saying that you know that your server is sending spam and you want the antivirus to block it but it isnt doing it?

7
E-Mail / Re: Email goes to spam , enterprise support no reply
« on: January 15, 2022, 10:58:01 AM »
as well as what @DNA mentioned, I'd like to add different tools for you to check your spam score and with these tools you can also diagnose your path into the perfect setup.

https://www.mail-tester.com/
https://www.checktls.com/index.html
https://emailspooftest.com/
https://mxtoolbox.com/emailhealth
Also, read into the different RFC rules that you may encounter during browsing. These are rules on the standard of email servers. If keep them in mind, you will eventually get a perfect setup.

p.s. Having someone do this for you is a lot of work. So, good luck with enterprise support

8
Apache / Re: WebServers Domain Configuration Reset
« on: January 15, 2022, 10:51:37 AM »
Confirm the content of this file is the same as the configuration you have done through "WebServer Domain Conf"
Code: [Select]
/home/USER/.conf/webservers/DOMAIN.conf.

If they are but getting overwritten back to default after a while, then there is an extreme method you can test which is to stop everything from touching that file;
with SSH
chattr +i /home/USER/.conf/webservers/DOMAIN.conf

At the moment I have this on that file:
{
    "nginx_template-type": "default",
    "nginx_template-name": "laravel-force-https",
    "apache_template-type": "default",
    "apache_template-name": "laravel",
    "nginx": true,
    "php-cgi": true,
    "apache-additional": true
}

And it's working, this is a very strange bug, I saw lots of posts on the forum about the same, and any official solution.

Make sure you rebuild the vhosts, and then lock the file for good measure as I mentioned in my post.
Remember, you need to unlock the file with "chattr -i" before doing changes and then lock it again after confirming the content.

9
E-Mail / Re: how to know the spam source
« on: January 14, 2022, 09:49:53 AM »
simple info:
http://wiki.centos-webpanel.com/tracking-php-script-spam
http://wiki.centos-webpanel.com/track-spam-infected-scripts
there are also other instruction related to mail on the same page


/usr/local/apache/logs/phpmail.log

That is the key man, thank you so much..

So, it was a php script?

Make sure "mail" in php is disabled to avoid such problem in the future.

Check "disable_functions = mail"
PHP-FPM- /opt/alt/php-fpm**/usr/php/php.ini
PHP-CGI- /opt/alt/php**/usr/php/php.ini
PHP-Main- /usr/local/php/php.ini

10
Information / Re: Cannot log into my cPanel
« on: January 12, 2022, 08:15:13 PM »
Just suggestions:

- Open the inspect tool and go to the network tab. Enable persistent logs and try to login while having the inspect tool open. Maybe it can tell you how it redirects so we can get some clue?

- Try removing web browser cache and try again. Chrome has some heavy forced caching. Try Firefox for log in to see if this is a client cache issue.

or if you have access to root;
- restart apache/nginx server and see if this help.

11
E-Mail / Re: Fake users sending spam
« on: January 12, 2022, 06:26:22 PM »
The spam is coming from localhost. It doesn't appear to be an open relay. It looks like some script on the server itself is allowing this sending attempt. The web logs for the same time and/or spam start time should be investigated to try to identify which scripts are allowing this.
The following files/directories must be scanned:
/usr/local/apache/logs/
/usr/local/apache/domlogs/
/usr/local/cwpsrv/var/services/roundcube/logs/

my thought exactly. Since php mail is disabled, you will have to go the route of "process of elimination".
Btw, make sure mail in php is diabled by confirming that it's disabled everywhere:
Check "disable_functions = mail"
PHP-FPM- /opt/alt/php-fpm**/usr/php/php.ini
PHP-CGI- /opt/alt/php**/usr/php/php.ini
PHP-Main- /usr/local/php/php.ini
PHP-CWP- /usr/local/cwp/php71/php.ini <-- [Not sure if webpanel mail will break if disabled here]

Another measure is to put this in main.cf file:
Code: [Select]
smtpd_sender_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain

and to make it more strict, is to change the order of the first two lines, but the server won't be able to send mail without authentication:
Code: [Select]
smtpd_sender_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain

12
CentOS-WebPanel Bugs / Re: WebServers Vhost Template Editor BUG!
« on: January 11, 2022, 10:48:30 PM »
does anybody have the copy/clone bug too? :D
yes

Replicate: On AdminCP, Go to WebServers Conf Editor -> httpd -> Clone default.tpl of vhosts/httpd/php-fpm -> name it anything and save. Open it again by clicking edit on it, go to line 50. “%ba” is missing and is replaced with º

13
E-Mail / Re: Fake users sending spam
« on: January 11, 2022, 03:55:26 PM »
Can you post the lines above and below this single log-line...

14
CentOS-WebPanel GUI / Mod_Security's Security incidents wrong IP
« on: January 11, 2022, 03:34:32 PM »
The Security Incidents tab in Security Center that shows what Mod_Security has blocked is showing server IP as an offender for some specific types of attacks even though the IP is something else.



Here's the audit log showing something else:



I'm running Cloudflare -> Nginx -> Varnish -> Apache (with mod_cloudflare)

15
CentOS-WebPanel Bugs / Re: Domains/subdomains not showing
« on: January 11, 2022, 01:19:27 PM »
By the way, a piece of advice; After a user is creates with AdminCP, do everything with the UserCP, unless the function is not available there.

Pages: [1] 2 3 ... 5