Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
631
Problems on other RedHat linux servers / Re: Port 2030 does not open
« on: January 08, 2023, 07:52:45 PM »
And best practice is to run everything under HTTPS -- so you can skip 2030 and go for 2031 instead. I prefer that, as well as 2096 for webmail, instead of HTTP on 2095. (I prefer not to follow cPanel's port conventions, though -- I don't like using 2087 for the admin panel.)
632
Problems on other RedHat linux servers / Re: CWP working on RHEL 7.4
« on: January 08, 2023, 07:49:24 PM »
Good to know! With Red Hat giving out 16 free licenses to RHEL, it is a viable option for smaller scale operations. I could do use it in my setting with only 4 servers, but will probably go with AlmaLinux or Rocky Linux due to the open source licenses that are unencumbered.
633
Problems on other RedHat linux servers / Re: A User is Running an Unknown Command
« on: January 08, 2023, 07:33:38 PM »
you can try running whowatch to help you determine whodunnit.
634
CentOS 7 Problems / Re: What do you think about this " ?
« on: January 08, 2023, 08:07:10 AM »
I have to agree with Jose.
Shilling for "BulletProof Security Pro" in this forum seems to be the wrong topic in the wrong forum.
Shilling for "BulletProof Security Pro" in this forum seems to be the wrong topic in the wrong forum.
636
CentOS 7 Problems / Re: LDF many blocked
« on: January 08, 2023, 07:11:22 AM »
Send LDF messages to a dedicated e-mail address, not your own or admin e-mail. Mine is simply fw@mydomain.net. Have it set to check silently in your mail program (mark as read, do not notify). Skim it occasionally (daily/weekly) or have rules set up to inform you of more unusual activity. But all those basic attacks, you can generally ignore.
But one piece of advice that has given me a lot of peace: don't run SSH on port 22 or 2222. Both of those ports are constantly scanned and brute force attacked, esp. by FritzFrog and others. So if you run on an alternate port, you will indeed a measure of "security through obscurity."
But one piece of advice that has given me a lot of peace: don't run SSH on port 22 or 2222. Both of those ports are constantly scanned and brute force attacked, esp. by FritzFrog and others. So if you run on an alternate port, you will indeed a measure of "security through obscurity."
637
CentOS 7 Problems / Re: Cleaned usr/local/cwpsvr/logs/access_log and get Access Denied on website
« on: January 08, 2023, 07:02:08 AM »
Rather than manually cleaning logs, I suggest truncating them to zero bytes. Safer than recreating things or messing with permissions:
Code: [Select]
[overseer@srv2 ~]$ du -sh /usr/local/cwpsrv/logs/error_log
403M /usr/local/cwpsrv/logs/error_log
[overseer@srv2 ~]$ sudo truncate -s0 /usr/local/cwpsrv/logs/error_log
[overseer@srv2 ~]$ du -sh /usr/local/cwpsrv/logs/error_log
0 /usr/local/cwpsrv/logs/error_log
638
CentOS 7 Problems / Re: Warning: mail(): Multiple or malformed newlines found in additional_header in
« on: January 08, 2023, 06:58:47 AM »
Did you manually try to edit the mail_queue file? It is IonCube obfuscated (encoded), and CWP explicitly warns agains decoding or tinkering with it:
Code: [Select]
<?php //0042b
// Copyright CentOS WebPanel, Decoding is FORBIDDEN
// All Rights Reserved. www.centos-webpanel.com
if(!extension_loaded('ionCube Loader'...
639
CentOS 7 Problems / Re: How to change Owner and Group on a Directory
« on: January 08, 2023, 06:55:09 AM »
Here's a fun little one-liner you can execute from a root terminal that will reset ownership on all your user directories in /home:
Code: [Select]
for i in $(ls /home); do chown $i:$i /home/$i; done
640
CentOS 7 Problems / Re: Cannot access CWP via public IP / domain in LAN
« on: January 08, 2023, 06:47:13 AM »
Does your router support loopback / NAT hairpin?
641
CentOS 7 Problems / Re: NGINX php-fpm 502 and no sockets created
« on: January 08, 2023, 06:44:17 AM »
This doesn't sound nginx related -- I've encountered this with php-fpm and enabling new versions of PHP. The users directory is not created automatically for that new version after building it and will create an error of the .sock file missing. So you have to copy over your older users directory. For example, after enabling php 8.1, I had to create:
/opt/alt/php-fpm81/usr/etc/php-fpm.d/users
this way:
/opt/alt/php-fpm81/usr/etc/php-fpm.d/users
this way:
Code: [Select]
sudo cp -r /opt/alt/php-fpm74/usr/etc/php-fpm.d/users /opt/alt/php-fpm81/usr/etc/php-fpm.d/usersand then edit the new conf files to reflect the new version:Code: [Select]
sudo perl -pi.back -e 's/php-fpm74/php-fpm81/g;' /opt/alt/php-fpm81/usr/etc/php-fpm.d/users/*.confThen restart the php-fpm process:Code: [Select]
sudo service php-fpm81 restart
642
Information / Re: How to enable and configure ipv6 to work with apache / cwp / centos 7 & 8
« on: January 08, 2023, 02:47:54 AM »
This tutorial seems to be a rather comprehensive explainer. On my end, I haven't enabled IPv6 because it isn't yet needed in our environment. Maybe as things become more parallel it will be worth enabling.
643
Information / Re: FUNDING CWP DEVELOPMENT TEAM
« on: January 07, 2023, 11:32:09 PM »
I think the current pricing is fair -- esp. when compared to cPanel's pricing tiers (and the overall quality assurance difference) -- but it depends on the # of sites on your server -- to make an economical comparison. My experience over the last 3+ years has been generally good and worth the 3x Pro licenses I carry, along with the 2x paid support tickets (worth it during a cPanel server migration). But there have been headaches and road blocks along the way that cause me to hesitate thinking it is worth more $$ per year, across the board. As suggested, if you are having a fabulous experience with CWP and think it worth it, feel free to donate. For me, I am donating my time and sending back bug reports and contributing to this forum. I also hope to contribute to the wiki & documentation, as there is a lot of updating and spit-n-polish that needs to be done to fill in some of the gaps there.
644
Information / Re: Future of CWP?
« on: January 07, 2023, 11:18:56 PM »
Let me chime in and say, I'm totally on board the CWP train for any of my servers that need LAMP/LEMP functionality (i.e. general purpose web server). It has enabled me to ditch the monthly cPanel tax, as its cPanel -> CWP migration feature, while not flawless was functional. So over the last several years I have become more and more familiar with its internal plumbing, after being on cPanel/WHM for the last decade before that. So while there are some bugs and issues, it is totally workable and affordable.
Even with Red Hat pulling the rug out from under us with CentOS support ending, we have viable alternatives with RockyLinux and AlmaLinux. (I don't really count CentOS 8 Stream being a viable alternative to the stability and long term support offered by CentOS 6 and now CentOS 7.) So I look forward to migrating to either Rocky or Alma before June 2024 when CentOS 7 is EOL.
So welcome to CWP -- enjoy the ride!
Even with Red Hat pulling the rug out from under us with CentOS support ending, we have viable alternatives with RockyLinux and AlmaLinux. (I don't really count CentOS 8 Stream being a viable alternative to the stability and long term support offered by CentOS 6 and now CentOS 7.) So I look forward to migrating to either Rocky or Alma before June 2024 when CentOS 7 is EOL.
So welcome to CWP -- enjoy the ride!
645
Information / Re: Gateway timeout 504 on nginx + apache
« on: January 07, 2023, 11:06:56 PM »
Anecdotally, nginx seems more like that canary that is prone to producing 504 gateway errors. I have had few errors with apache-based servers. My server which uses nginx produces them far more frequently -- enough to be noticeable, for sure.
