Recent Posts
61
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« Last post by zeejdeej on September 05, 2025, 08:32:37 AM »🛑 What I Found
On my server, inside /home/username/public_html/public/ and /home/username/public_html/, I found two suspicious files:
• nbpafebaef.jpg – Contains PHP code despite the .jpg extension:
<?php echo md5("gewafwaef1");die;?>
• defauit.php – A PHP script with a misleading name (looks like “default.php”).
i also found these two files in my public_html folder, what should i do with them should i deleted them both? how to make sure there is no other similar exploit?
62
MySQL / Re: Danger: MySQL root password - BIG SECURITY ISSUE
« Last post by dario68 on September 05, 2025, 06:32:03 AM »thank you guys for reply
@Starburst - the installation procedure was:
1. Installed AlmaLinux-8.10-x86_64-minimal
2. Installed CWP based on "Quick guide CentOS 8/ Almalinux 8" https://control-webpanel.com/installation-instructions#step4
3. upgraded MariaDB to 10.11 based on this tutorial: https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/upgrade-mariadb-10-x-to-10-11-in-cwp-on-almalinux-8 (BTW thanks for great knowledge base)
@overseer - I will try to reset the root password and let you know tomorrow
@Starburst - the installation procedure was:
1. Installed AlmaLinux-8.10-x86_64-minimal
2. Installed CWP based on "Quick guide CentOS 8/ Almalinux 8" https://control-webpanel.com/installation-instructions#step4
3. upgraded MariaDB to 10.11 based on this tutorial: https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/upgrade-mariadb-10-x-to-10-11-in-cwp-on-almalinux-8 (BTW thanks for great knowledge base)
@overseer - I will try to reset the root password and let you know tomorrow
63
PHP Selector / Re: Unable to compile ANY version with PHP Switcher and Selector / FPM selector
« Last post by SubZero5 on September 04, 2025, 10:08:42 PM »Unable to update from PHP 7.4 to PHP 8.0, PHP 8.1, PHP 8.2, PHP 8.3
Quote from: Server cfg
Apache version: Apache/2.4.65
PHP version: 7.4.33
MySQL version: 10.5.27-MariaDB
FTP version: 1.0.52
SSH Port: 22
MySql Port: 3306
Web Servers: apache-only
CPU Model: Intel Core Processor (Broadwell, no TSX, IBRS)
CPU Details: 4 Core (2200 MHz)
Distro Name: AlmaLinux release 9.6 (Sage Margay)
Kernel Version: 5.14.0-570.21.1.el9_6.x86_64
Platform: x86_64 kvm
Quote from: tail /var/log/php-rebuild.log
php-autoupdate.log php-dependencies.log php-rebuild.log php-selector-rebuild.log
[root@vmi2415107 src]# tail /var/log/php-rebuild.log
acme.sh build-dir/ libavif-0.11.1.zip mcrypt-1.0.4.tgz php_switch_pre.conf
apache-rebuild.sh cwp-el9-latest libsodium-2.0.23/ package.xml uploadprogress-2.0.2/
apcu-5.1.19/ imagick/ libsodium.tgz pcre2-10.39/ uploadprogress.tgz
apcu-5.1.19.tgz libavif-0.11.1/ mcrypt-1.0.4/ pcre2.zip
[root@vmi2415107 src]# tail /var/log/php-rebuild.log
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(manual pages.
----------------------------------------------------------------------
Build complete.
Don't forget to run 'make test'.
Installing shared extensions: /usr/local/lib/php/extensions/no-debug-non-zts-20190902/
[root@vmi2415107 src]# tail /var/log/php-rebuild.log -n 50
checking if cc supports -c -o file.o... yes
checking whether the cc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no
creating libtool
appending configuration tag "CXX" to libtool
configure: patching config.h.in
configure: creating ./config.status
config.status: creating config.h
/bin/sh /usr/local/src/libsodium-2.0.23/libtool --mode=compile cc -I. -I/usr/local/src/libsodium-2.0.23 -DPHP_ATOM_INC -I/usr/local/src/libsodium-2.0.23/include -I/usr/local/src/libsodium-2.0.23/main -I/usr/local/src/libsodium-2.0.23 -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /usr/local/src/libsodium-2.0.23/libsodium.c -o libsodium.lo
mkdir .libs
cc -I. -I/usr/local/src/libsodium-2.0.23 -DPHP_ATOM_INC -I/usr/local/src/libsodium-2.0.23/include -I/usr/local/src/libsodium-2.0.23/main -I/usr/local/src/libsodium-2.0.23 -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /usr/local/src/libsodium-2.0.23/libsodium.c -fPIC -DPIC -o .libs/libsodium.o
/bin/sh /usr/local/src/libsodium-2.0.23/libtool --mode=link cc -DPHP_ATOM_INC -I/usr/local/src/libsodium-2.0.23/include -I/usr/local/src/libsodium-2.0.23/main -I/usr/local/src/libsodium-2.0.23 -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -o sodium.la -export-dynamic -avoid-version -prefer-pic -module -rpath /usr/local/src/libsodium-2.0.23/modules libsodium.lo -lsodium
cc -shared .libs/libsodium.o -lsodium -Wl,-soname -Wl,sodium.so -o .libs/sodium.so
creating sodium.la
(cd .libs && rm -f sodium.la && ln -s ../sodium.la sodium.la)
/bin/sh /usr/local/src/libsodium-2.0.23/libtool --mode=install cp ./sodium.la /usr/local/src/libsodium-2.0.23/modules
cp ./.libs/sodium.so /usr/local/src/libsodium-2.0.23/modules/sodium.so
cp ./.libs/sodium.lai /usr/local/src/libsodium-2.0.23/modules/sodium.la
PATH="$PATH:/sbin" ldconfig -n /usr/local/src/libsodium-2.0.23/modules
----------------------------------------------------------------------
Libraries have been installed in:
/usr/local/src/libsodium-2.0.23/modules
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH' environment variable
during linking
- use the `-Wl,--rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to `/etc/ld.so.conf'
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(
----------------------------------------------------------------------
Build complete.
Don't forget to run 'make test'.
Installing shared extensions: /usr/local/lib/php/extensions/no-debug-non-zts-20190902/
64
Mod_Security / Re: OWASP CRS v4.15.0 Just Release
« Last post by Starburst on September 04, 2025, 08:31:39 PM »QuoteMod_Security should not overwrite anything, it only does that when you change a setting like ModSec Rules Profile or Rules ENgine.
It is not mod_security
I mentioned before, it is the CWP Security Daemon that is checking the integrity of the files and overwrites known system files that have unknown edits.
My host (InMotion Hosting) confirmed that to me. Maybe it's their custom security module. I don't know.
The only thing I know is that on a regular basis, my mod_security.conf file would get overwritten with the default "Include:" path creating a chaos on my websites.
I hope this helps.
Yea, CWP doesn't do that... It doesn't even have a 'security daemon'. Only thing CWP does automatically is SSL generation/renewals, and update to the control panel itself.
So the info from InMotion is inaccurate, or is their security module, that I would disable, if it causing problems.
Otherwise we would be having problem with all of our servers. And we are not, and others are not reporting that problem either.
65
CSF Firewall / Re: CSF Auto Update Re-Enabled v14.24 and v15.00
« Last post by Starburst on September 04, 2025, 06:06:34 PM »I'm not sure what CWP plans are, CSF still lives as open source.
We had an international mirror network already setup for ELRepo, so it was semi-easy for us to add ConfigServer to offer auto updates.
v15.00 is the first release under open source, and removes the closed companies 2 download servers.
This article will advise you how to re-enable auto updates:
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/csf-firewall-error-oops-unable-to-download-no-host-option-provided/
You can choose 2 download servers from our mirror list at:
https://starburstservices.com/downloads/mirrors-list/
We had an international mirror network already setup for ELRepo, so it was semi-easy for us to add ConfigServer to offer auto updates.
v15.00 is the first release under open source, and removes the closed companies 2 download servers.
This article will advise you how to re-enable auto updates:
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/csf-firewall-error-oops-unable-to-download-no-host-option-provided/
You can choose 2 download servers from our mirror list at:
https://starburstservices.com/downloads/mirrors-list/
66
CSF Firewall / Re: Configserver down?
« Last post by Starburst on September 04, 2025, 06:02:27 PM »67
CSF Firewall / Re: Configserver down?
« Last post by Starburst on September 04, 2025, 06:00:03 PM »CSF is gone for good as of Aug 31st, now what??? Why didn't CWP address this in the fresh installs instead of leaving everyone not working. That is VERY unprofessional!!!
https://configserver.com/announcement/
This is/was not CWP's fault...
They Do Not control 3rd party companies, ConfigServer shocked everyone when they posted their 30 day notice.
I made a post when that first was posted here.
dl.starburst.help has a mirror of their archive, as well as their new open source.
We also have copies of all their FAQ's in our public knowledge base.
68
CSF Firewall / Re: Configserver down?
« Last post by Starburst on September 04, 2025, 05:56:40 PM »As @overser mentioned, since ConfigServer closed there business & went open source, auto updates no longer work.
We setup this on our mirror network so auto updates can work again, please see:
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/csf-firewall-error-oops-unable-to-download-no-host-option-provided/
A list of servers you can use, CSF allows 2, can be found at:
https://starburstservices.com/downloads/mirrors-list/
Under Repository ConfigServer, the Mirror URL is what you would use in the config article above.
This is open to all, including other control panel users, so it will work with cPanel, CyberPanel, stand-alone, etc.
We setup this on our mirror network so auto updates can work again, please see:
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/csf-firewall-error-oops-unable-to-download-no-host-option-provided/
A list of servers you can use, CSF allows 2, can be found at:
https://starburstservices.com/downloads/mirrors-list/
Under Repository ConfigServer, the Mirror URL is what you would use in the config article above.
This is open to all, including other control panel users, so it will work with cPanel, CyberPanel, stand-alone, etc.
69
Information / Re: disable pages cache (updated page showen immediately )
« Last post by masrnet on September 04, 2025, 03:53:46 PM »I found answer is to set opcache.enable=0 in php.ini file
