Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
76
Information / How to access Client panel?
« on: April 20, 2016, 06:57:24 PM »
I can't find this anywhere in the documentation. Maybe I'm not looking in the right place.
I'm looking for some kind of "cPanel" equivalent for the CLIENTS to use.
www.domainname/cpanel
The reseller or web host has "WHM" to manage accounts. That much I have in the form of "CWP admin" at port 2030 on my server.
I'm looking for some kind of "cPanel" equivalent for the CLIENTS to use.
www.domainname/cpanel
The reseller or web host has "WHM" to manage accounts. That much I have in the form of "CWP admin" at port 2030 on my server.
77
CSF Firewall / Auto-block IP always truncates my csf.deny list
« on: April 20, 2016, 06:48:06 PM »
I have about 1000 IP ranges in csf.deny that are being blocked. They look like this:
1.1.0.0/16
2.2.0.0/16
etc.
It works great, and when I "view iptables rules" they all show up in DENYIN, DENYOUT, etc.
HOWEVER... as soon as a Chinese hacker tries 10 times unsuccessfully to FTP in to my server, he gets auto blocked and added to this csf.deny file, at the bottom. So far, so good.
Here is the problem: as soon as this happens, always without fail it removes about 85% of my IP ranges.
csf.deny goes from 16K to about 4K.
Why is this?
Where can I change a setting, etc. so this will stop happening? I'm hoping eventually to get ALL the malicious IP addresses ranges blocked, or at least more and more of them, so this will happen less frequently. But for now, I manually have to go in and restore my original list, while keeping the latest blocked IPs. It's very annoying.
Thanks.
P.S. I'm running the latest CWP and the latest CentOS 6.7. My server is about a week old.
1.1.0.0/16
2.2.0.0/16
etc.
It works great, and when I "view iptables rules" they all show up in DENYIN, DENYOUT, etc.
HOWEVER... as soon as a Chinese hacker tries 10 times unsuccessfully to FTP in to my server, he gets auto blocked and added to this csf.deny file, at the bottom. So far, so good.
Here is the problem: as soon as this happens, always without fail it removes about 85% of my IP ranges.
csf.deny goes from 16K to about 4K.
Why is this?
Where can I change a setting, etc. so this will stop happening? I'm hoping eventually to get ALL the malicious IP addresses ranges blocked, or at least more and more of them, so this will happen less frequently. But for now, I manually have to go in and restore my original list, while keeping the latest blocked IPs. It's very annoying.
Thanks.
P.S. I'm running the latest CWP and the latest CentOS 6.7. My server is about a week old.
78
CentOS 6 Problems / Every time I add site, HTTPD goes down and won't restart
« on: April 20, 2016, 06:42:02 PM »
I get this error message:
(98)Address already in use: make_sock: could not bind to address [::]:80
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
[FAILED]
The only solution is to reboot the server. Then I have to manually start HTTPD, it goes yellow, then after a refresh it goes green and says "httpd started".
So every time I add a new account, I have to take down the entire server for a minute or two! Seems like an unnecessary inconvenience to me. This really should be fixed.
This is a brand-new server running a clean minimal install of the latest CentOS 6.7, as of 1 week ago. I followed all the default, basic directions.
(98)Address already in use: make_sock: could not bind to address [::]:80
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
[FAILED]
The only solution is to reboot the server. Then I have to manually start HTTPD, it goes yellow, then after a refresh it goes green and says "httpd started".
So every time I add a new account, I have to take down the entire server for a minute or two! Seems like an unnecessary inconvenience to me. This really should be fixed.
This is a brand-new server running a clean minimal install of the latest CentOS 6.7, as of 1 week ago. I followed all the default, basic directions.
79
Migration from other control panels / Migration from cPanel - any updates?
« on: April 20, 2016, 06:37:03 PM »
The feature was added in the 4th quarter of 2014 -- that's a good year and a half ago.
When will the feature be expanded to include e-mails and e-mail forwarders?
I have an account right now that I need to transfer in, that has about 50 e-mail forwarders. I'm going to have to create all of those by hand (!)
Thanks,
Matthew
When will the feature be expanded to include e-mails and e-mail forwarders?
I have an account right now that I need to transfer in, that has about 50 e-mail forwarders. I'm going to have to create all of those by hand (!)
Thanks,
Matthew
80
Backup / Re: [SOLVED]Remote Backup not working
« on: April 18, 2016, 05:27:38 PM »
How to we create and configure "remote_backup.conf"? there is no documentation on what should be in this file, how we should configure it. What am I missing?
Thanks!
Matthew
Thanks!
Matthew
81
Mod_Security / Mod_security keeps giving false positives - how to disable content filtering?
« on: April 15, 2016, 07:15:43 AM »
I keep getting messages like this in my error_log.
I assure you that no one is injecting any code into anything. It's a regular website, and it's giving TONS of false positives. I like mod_security for other things (DoS mitigation, ip blocking, etc.) -- how can I turn off this element of it?
[Fri Apr 15 02:12:56 2016] [error] [client 68.235.165.156] ModSecurity: Access denied with code 403 (phase 4). Match of "rx (?:\\\\b(?
?:i(?:nterplay|hdr|d3)|m(?:ovi|thd)|r(?:ar!|iff)|(?:ex|jf)if|f(?:lv|ws)|varg|cws)\\\\b|gif)|B(?:%pdf|\\\\.ra)\\\\b)" against "RESPONSE_BODY" required. [file "/usr/local/apache/modsecurity-crs/base_rules/modsecurity_crs_50_outbound.conf"] [line "39"] [id "970903"] [rev "2"] [msg "ASP/JSP source code leakage"] [data "Matched Data: <% found within RESPONSE_BODY: \\x1f\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\xec}yw\\xdb6\\xb6\\xf8\\xdf\\xf19\\xf9\\x0e\\x08\\xa73\\xb6g\\xa8\\x85\\xda%\\xc7\\x9a\\xe7-\\xad;\\xb1\\x93\\x17\\xbbM\\xfb\\xfaz| \\x12\\x92\\xd8P\\xa4\\xca\\xc5\\xb6\\xa6\\xd3\\x0f\\xfd\\xbe\\xc1\\xef^\\x00$A\\x8a\\xb2d\\xc5\\xccr\\xce/\\x9d\\xb1\\xb8\\x80\\xc0\\xc5\\xc5\\xddq\\x01<\\xdfy\\xf9\\xe2\\xf4\\xcd\\xc9\\xf5\\xcfo\\xcf\\xc84\\x9c9\\xe4\\xed\\x0f\\xc7\\xaf\\xcfO\\x88V\\xa9\\xd5\\xde7Oj\\xb5\\xd3\\xebS\\xf2\\xd3w\\xd7\\x17\\xaf\\x89Q\\xad\\x93k\\x9f\\xba\\x81\\x1d\\xda\\x9eK\\x9dZ\\xed\\xecR#\\xda4\\x0..."] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/LEAKAGE/SOURCE_CODE_ASP_JSP"] [tag "WASCTC/WAS [hostname "www.chantcd.com"] [uri "/index.php/Chant-Compendium-3-MP3-DOWNLOAD-EDITION"] [unique_id "VxCUeH8AAAEAACMCC20AAAAB"]
I assure you that no one is injecting any code into anything. It's a regular website, and it's giving TONS of false positives. I like mod_security for other things (DoS mitigation, ip blocking, etc.) -- how can I turn off this element of it?
[Fri Apr 15 02:12:56 2016] [error] [client 68.235.165.156] ModSecurity: Access denied with code 403 (phase 4). Match of "rx (?:\\\\b(?
?:i(?:nterplay|hdr|d3)|m(?:ovi|thd)|r(?:ar!|iff)|(?:ex|jf)if|f(?:lv|ws)|varg|cws)\\\\b|gif)|B(?:%pdf|\\\\.ra)\\\\b)" against "RESPONSE_BODY" required. [file "/usr/local/apache/modsecurity-crs/base_rules/modsecurity_crs_50_outbound.conf"] [line "39"] [id "970903"] [rev "2"] [msg "ASP/JSP source code leakage"] [data "Matched Data: <% found within RESPONSE_BODY: \\x1f\\x8b\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\xec}yw\\xdb6\\xb6\\xf8\\xdf\\xf19\\xf9\\x0e\\x08\\xa73\\xb6g\\xa8\\x85\\xda%\\xc7\\x9a\\xe7-\\xad;\\xb1\\x93\\x17\\xbbM\\xfb\\xfaz| \\x12\\x92\\xd8P\\xa4\\xca\\xc5\\xb6\\xa6\\xd3\\x0f\\xfd\\xbe\\xc1\\xef^\\x00$A\\x8a\\xb2d\\xc5\\xccr\\xce/\\x9d\\xb1\\xb8\\x80\\xc0\\xc5\\xc5\\xddq\\x01<\\xdfy\\xf9\\xe2\\xf4\\xcd\\xc9\\xf5\\xcfo\\xcf\\xc84\\x9c9\\xe4\\xed\\x0f\\xc7\\xaf\\xcfO\\x88V\\xa9\\xd5\\xde7Oj\\xb5\\xd3\\xebS\\xf2\\xd3w\\xd7\\x17\\xaf\\x89Q\\xad\\x93k\\x9f\\xba\\x81\\x1d\\xda\\x9eK\\x9dZ\\xed\\xecR#\\xda4\\x0..."] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/LEAKAGE/SOURCE_CODE_ASP_JSP"] [tag "WASCTC/WAS [hostname "www.chantcd.com"] [uri "/index.php/Chant-Compendium-3-MP3-DOWNLOAD-EDITION"] [unique_id "VxCUeH8AAAEAACMCC20AAAAB"]
82
Information / Re: NAT-ed version, support for NAT-ed IPs
« on: April 13, 2016, 11:41:19 PM »
What is the Nat-ed version? Is this simply the latest version of CentOS Web Panel?
I installed it today (4/13/16). Did I get the NAT-ed version?
Does this mean I can use local (private 192.168.1.1) ip addresses in many places in my server setup?
Please help -- thanks in advance!
Matthew
I installed it today (4/13/16). Did I get the NAT-ed version?
Does this mean I can use local (private 192.168.1.1) ip addresses in many places in my server setup?
Please help -- thanks in advance!
Matthew
83
Installation / Why is CentOS Web Panel for CentOS 7 out of the question?
« on: April 11, 2016, 04:05:45 AM »
I would think a lot of people would want the latest CentOS (version 7) on their webserver.
Is there something bad with version 7?
If not, is there any plan at all to modify CentOS Web Panel to work with version 7?
Thanks,
Matthew
Is there something bad with version 7?
If not, is there any plan at all to modify CentOS Web Panel to work with version 7?
Thanks,
Matthew
