Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - chrisg

Pages: [1] 2
1
I'm still on CentOS7, and here switching to PHP 8.2.19 fails, while switching to PHP 8.2.18 still works.
The error in the log is:
Code: [Select]
configure: error: *** A compiler with support for C++17 language features is required.So apparently the C compiler on Centos 7 is too old to compile PHP 8.2.19.

I'm currently preparing to switch to Almalinux since Centos 7 will be end of life by June 30, 2024. I hope that this will work without a complete reinstall.

2
PHP / Re: Need to upgrade CWPPHP from 7.2.30 to at least 7.2.31
« on: December 27, 2023, 02:14:30 PM »
Is that really true? According to their web site, their PHP Encoder 13 is working with PHP 4, 5, 7 and 8 up to 8.2:
https://www.ioncube.com/php_encoder.php

Anyway, another option would be putting a HTTP password on the page, so the vulnerable PHP wouldn't be exposed to the entire world. But I cannot find the directory of the panel to do this...

3
PHP / Re: Need to upgrade CWPPHP from 7.2.30 to at least 7.2.31
« on: December 26, 2023, 01:57:00 PM »
It's now 3(!) years later and CWP is still using PHP 7.2.30:
Detected CVEs for PHP 7.2.30 with CVSS above 7.0.

Is there any way to update the php version used by CWP control panel? I can only update the PHP version used by web sites.
Or is there a way to only make CWP control panel accessible via VPN?

4
FTP / Re: ftp fails to list unless ip manually whitelisted in firewall
« on: March 05, 2021, 02:04:46 PM »
FTP doesn't just use a single port (e.g. 2248 in your example), it uses this port only for sending commands to the server. The actual data is sent and received over a range of separate ports. That's what you set via PassivePortRange. However, you cannot use the same port for the data and for the commands. So use something like this instread:
PassivePortRange as 30000 35000

Then you also need to allow this same port range (30000-35000) as incoming TCP ports in your firewall. This is not a security risk, the FTP server will open a port in this range just for the transfer, send or receive the data, and then close the port.

5
According to the log, the program re2c is not installed. Try installing it via cwp terminal:
yum install -y re2c

6
CentOS 7 Problems / Re: Too many system updates
« on: November 25, 2020, 04:43:18 PM »
These system updates are provided by Centos and not by CWP. They are regular Linux security updates, and usually don't cause any problems.

Here is what I do when I get such a notification:
1. Wait at least one day, so updates causing major problems could be revoked/replaced
2. I run a copy of Centos 7 with CWP in Virtualbox in addition to my live server. This way I can install and test updates in there before I have to apply them to my main server. Sadly I can only use CentOS Web Panel free in Virtualbox because it's not reachable from the Internet.
3. After updating, I run the following command from a terminal:
needs-restarting -r
to check whether one of the updates requires a reboot. If necessary, I restart the system via Centos Web Panel.
4. I test all the services I normally use in the virtual machine.
5. Once I'm sure the updates have no negative side effect, I apply them also to my main server.

Btw, I have already tested and applied these new updates.

7
Information / Re: CWP Secure CentOS Kernel
« on: October 21, 2020, 02:36:23 PM »
Is there a way to remove this warning? I'm the only user of this VPS running CWP, but I run multiple domains which I admin via CWP. I don't have any needs for a secure kernel.

8
Updates / Re: Updating Apache to current version?
« on: October 09, 2020, 01:56:52 PM »
Just a small notification that 2.4.46 is available now via:
WebServer Settings- Apache Re-Build.

I have just installed it and it seems to work fine.
Thanks!

9
Updates / Updating Apache to current version?
« on: August 27, 2020, 08:36:28 AM »
Currently CWP is offering Apache 2.4.41 on the page "Apache Re-Build", which has been released more than a year ago on August 14, 2019.

I'm worried about security flaws in such an old Apache version, there have been a lot of security updates since then:
https://www.apachelounge.com/Changelog-2.4.html

Is there a way to install a newer Apache manually without damaging the rest of CWP?

10
E-Mail / postfix fails to start after yesterday's update
« on: February 20, 2020, 09:43:07 AM »
Hi!

After yesterday's update:
postfix.x86_64    2:3.4.7-1.el7    cwp

Postfix fails to start here:
Quote
/bin/systemctl start postfix.service
Job for postfix.service failed because the control process exited with error code. See "systemctl status postfix.service" and "journalctl -xe" for details.

systemctl status postfix.service returns the following two errors:
Quote
Unable to create missing queue directories
Postfix integrity check failed!

After a rollback of the last yum update, it works again. Rollback via:
yum history
then check what the newest ID is, and then
yum history undo <ID>

This returned to postfix-2.10.1-7.el7.x86_64, which is quite a big version jump.
I guess that Postfix 3.4.7 requires a different configuration than Postfix-2.10.1.

Any ideas how to find out what's going wrong? The logs don't tell me what queue directories couldn't be created.

Here are the changes I made to the default postfix configuration to use procmail to filter and deliver mails:

Quote
yum install procmail
chmod g+s /usr/bin/procmail
nano /etc/postfix/main.cf
Change virtual_transport = dovecot to:
virtual_transport = virtualprocmail:dummy
virtualprocmail_destination_recipient_limit = 1

nano /etc/postfix/master.cf
#
# procmail LDA
virtualprocmail unix - n n - - pipe flags=DRXhuq user=redacteduser
  argv=/usr/bin/procmail -m E_SENDER=$sender E_RECIPIENT=$recipient ER_USER=$user ER_DOMAIN=$domain ER_DETAIL=$extension NEXTHOP=$nexthop /etc/procmailrc

nano /etc/procmailrc
SHELL=/bin/bash
LOGFILE=/var/log/procmail.log
DEFAULT=/var/vmail/${ER_DOMAIN}/${ER_USER}
MAILDIR=/var/vmail/${ER_DOMAIN}/${ER_USER}
DELIVER="/usr/lib/dovecot/deliver -d $LOGNAME"
INCLUDERC=/home/redacteduser/.procmailrc
:0 w
| $DELIVER
HOST=end_of_processing

nano /etc/postfix/virtual
support@redacted.com redacteduser

service postfix restart

11
CentOS-WebPanel GUI / Re: Does "CWPpro Terminal" work for you?
« on: July 16, 2019, 09:38:35 AM »
I have a valid Hostname with A record DNS and ssl, and the normal CWPro admin panel shows up just fine. The "CWPpro Terminal" loads without any error messages, but the page is blank with a white square the size of a single character in the upper left.

12
CentOS-WebPanel GUI / Re: Does "CWPpro Terminal" work for you?
« on: July 15, 2019, 10:24:03 AM »
1c) I have now also tried with Internet Explorer 11: The "CWPpro Terminal" doesn't work either. The "SSH Java console" fails to launch due to an invalid signature of the applet jcterm-0.0.10.jar located at
admin/design/3rdparty/sshterm/jcterm-0.0.10.jar.

jarsigner.exe -verify jzlib-1.1.1.jar reports:

Warning:
This jar contains entries whose signer certificate has expired.
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2014-07-18) or after any future revocation date.

13
CentOS-WebPanel GUI / Re: Does "CWPpro Terminal" work for you?
« on: July 15, 2019, 07:54:19 AM »
I wonder what are the requirements for "CWPpro Terminal":

1. Does it require Java? I ask because there is a menu entry in "Service SSH" named "SSH Java Console", and it doesn't work either. To my knowledge, modern browsers no longer support Java. Here is a test page:
https://java.com/en/download/installed.jsp
a) In Firefox, I get "We have detected you are using the 64-bit version of Firefox which will not run the Java plugin."
b) In Chrome I get "The Chrome browser does not support NPAPI plug-ins and therefore will not run all Java content. Switch to a different browser".

2. Does it matter that I changed my SSH port (due to the many hacking attempts to port 22)? The "SSH Java Console" page allows to set the port and correctly shows the one I use, though.

14
CentOS-WebPanel GUI / Re: Does "CWPpro Terminal" work for you?
« on: July 14, 2019, 10:16:59 AM »
Well, I have waited for an hour now after entering user name and password, but nothing happened. I used user "root" for login. I also tried a non-root user, but then I got an error.

15
CentOS-WebPanel GUI / Does "CWPpro Terminal" work for you?
« on: July 12, 2019, 10:26:45 AM »
When I click on the "Terminal" button at the top in CWP Pro (paid version), I get a submenu with two options:
"Simple Terminal"
"CWPpro Terminal"

"Simple Terminal" opens a terminal just fine in a new tab, without asking again for the password. However,
"CWPpro Terminal" doesn't seem to work with Chrome or Firefox:
- it asks again for the user name and password
- once I enter them, I get a black screen with a tiny (about one character) white square in the upper left corner

I have tried disabling Noscript on that tab, but that didn't make any difference.

Maybe I need to install some additional packages via yum to make this work?

Pages: [1] 2