Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
CentOS 8 Problems / New CWP Installation Error: The encoded file has expired
« on: June 16, 2024, 04:10:42 AM »
I am unable to use CWP at all on new servers. This is a fresh install of AlmaLinux 8.10 and a fresh install of CWP.
https://SERVER-IP:2087 displays a blank page only
The issue is with PHP and ionCube:
tail -n4 /usr/local/cwpsrv/logs/error_log
I have already tried to execute /scripts/update_ioncube. This script completes successfully.
sh /scripts/update_cwp
php -v
php -i
https://SERVER-IP:2087 displays a blank page only
The issue is with PHP and ionCube:
tail -n4 /usr/local/cwpsrv/logs/error_log
Code: [Select]
2024/06/15 23:54:02 [error] 820#0: *1 FastCGI sent in stderr: "PHP message: PHP Fatal error: <br>The encoded file <b>/usr/local/cwpsrv/htdocs/admin/index.php</b> has expired. in Unknown on line 0" while reading response header from upstream, client: REMOVED, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/usr/local/cwp/php71/var/sockets/cwpsrv.sock:", host: "SERVER-IP:2087"
2024/06/15 23:54:18 [error] 820#0: *4 FastCGI sent in stderr: "PHP message: PHP Fatal error: <br>The encoded file <b>/usr/local/cwpsrv/htdocs/admin/index.php</b> has expired. in Unknown on line 0" while reading response header from upstream, client: REMOVED, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/usr/local/cwp/php71/var/sockets/cwpsrv.sock:", host: "SERVER-IP:2087"
2024/06/15 23:54:50 [error] 820#0: *9 open() "/usr/local/cwpsrv/htdocs/admin/favicon.ico" failed (2: No such file or directory), client: REMOVED, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "SERVER-IP:2087"I have already tried to execute /scripts/update_ioncube. This script completes successfully.
Code: [Select]
[root@server htdocs]# sh /scripts/update_ioncube restart
[root@server htdocs]# sh /scripts/update_cwp
Code: [Select]
PHP Fatal error:
The encoded file /usr/local/cwpsrv/htdocs/resources/admin/include/cron.php has expired.
in Unknown on line 0php -v
Code: [Select]
PHP 5.6.37 (cli) (built: Jul 20 2018 06:10:33)
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
with the ionCube PHP Loader + ionCube24 v13.0.2, Copyright (c) 2002-2023, by ionCube Ltd.
php -i
Code: [Select]
Configure Command => './configure' '--with-zlib' '--enable-soap' '--enable-exif' '--with-config-file-path=/usr/local/php' '--with-config-file-scan-dir=/usr/local/php/php.d' '--enable-phar' '--enable-bcmath' '--enable-calendar' '--with-curl' '--with-iconv' '--with-mysql' '--with-mysqli' '--with-mysql=mysqlnd' '--with-mysqli=mysqlnd' '--with-mcrypt' '--with-imap' '--with-imap-ssl' '--with-gettext' '--with-xmlrpc' '--with-pdo-mysql=mysqlnd' '--enable-posix' '--enable-ftp' '--with-openssl' '--enable-mbstring' '--with-jpeg-dir=/usr' '--with-freetype-dir=/usr' '--with-kerberos' '--with-xsl' '--with-bz2' '--enable-zip' '--with-gd' '--with-libdir=lib64' '--enable-sockets' '--with-pcre-regex' '--with-mysql-sock=/var/lib/mysql/mysql.sock'
Server API => Command Line Interface
Virtual Directory Support => disabled
Configuration File (php.ini) Path => /usr/local/php
Loaded Configuration File => /usr/local/php/php.ini
Scan this dir for additional .ini files => /usr/local/php/php.d
Additional .ini files parsed => /usr/local/php/php.d/ioncube.ini
PHP API => 20131106
PHP Extension => 20131226
Zend Extension => 220131226
Zend Extension Build => API220131226,NTS
PHP Extension Build => API20131226,NTS
Debug Build => no
Thread Safety => disabled
Zend Signal Handling => disabled
Zend Memory Manager => enabled
Zend Multibyte Support => provided by mbstring
IPv6 Support => enabled
DTrace Support => disabled
Registered PHP Streams => https, ftps, compress.zlib, compress.bzip2, php, file, glob, data, http, ftp, phar, zip
Registered Stream Socket Transports => tcp, udp, unix, udg, ssl, sslv3, sslv2, tls, tlsv1.0, tlsv1.1, tlsv1.2
Registered Stream Filters => zlib.*, bzip2.*, convert.iconv.*, mcrypt.*, mdecrypt.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, dechunk
This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
with the ionCube PHP Loader + ionCube24 v13.0.2, Copyright (c) 2002-2023, by ionCube Ltd.
2
MySQL / phpMyAdmin Bruteforce From 127.0.0.1 ??
« on: September 30, 2022, 07:33:39 AM »
I have paid for 10x CWP Pro licenses and I am the only user of my servers but I occasionally see this in /var/log/secure:
At first I thought my server may have been compromised, but I do not think it is compromised because I see these failed login attempts on all of my servers occasionally. I have recently re-installed CWP. My systems are fully up-to-date as well.... I do not have anyone else using my servers.
When I try to replicate the issue using incorrect password on https://tiberion.mydomain.com:2087/pma I see this:
How am I seeing failed login attempts from 127.0.0.1?? I am the ONLY user of my servers, no customers, no one else uses the servers.
Code: [Select]
....
Sep 29 06:04:27 tiberion phpMyAdmin[122141]: user denied: dev (mysql-denied) from 127.0.0.1
Sep 29 06:04:29 tiberion phpMyAdmin[122141]: user denied: blog (mysql-denied) from 127.0.0.1
Sep 29 06:04:30 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:31 tiberion phpMyAdmin[122141]: user denied: nas (mysql-denied) from 127.0.0.1
Sep 29 06:04:34 tiberion phpMyAdmin[122141]: user denied: wordpress (mysql-denied) from 127.0.0.1
Sep 29 06:04:34 tiberion phpMyAdmin[122141]: user denied: root (empty-denied) from 127.0.0.1
Sep 29 06:04:35 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:36 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:36 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:37 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:38 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:38 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:39 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:40 tiberion phpMyAdmin[122141]: user denied: db (mysql-denied) from 127.0.0.1
Sep 29 06:04:54 tiberion phpMyAdmin[122141]: user denied: wordspress (mysql-denied) from 127.0.0.1
Sep 29 06:04:54 tiberion phpMyAdmin[122141]: user denied: shopdb (mysql-denied) from 127.0.0.1
Sep 29 06:04:55 tiberion phpMyAdmin[122141]: user denied: blog (mysql-denied) from 127.0.0.1
Sep 29 06:04:56 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:56 tiberion phpMyAdmin[122141]: user denied: admin (mysql-denied) from 127.0.0.1
Sep 29 06:04:57 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:58 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:58 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:59 tiberion phpMyAdmin[122141]: user denied: database (mysql-denied) from 127.0.0.1
Sep 29 06:04:59 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:00 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:01 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:01 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:02 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:03 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:03 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:04 tiberion phpMyAdmin[122141]: user denied: admin (mysql-denied) from 127.0.0.1
Sep 29 06:05:05 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:05 tiberion phpMyAdmin[122141]: user denied: admin (mysql-denied) from 127.0.0.1
Sep 29 06:05:06 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:06 tiberion phpMyAdmin[122141]: user denied: pma (mysql-denied) from 127.0.0.1
Sep 29 06:05:07 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:08 tiberion phpMyAdmin[122141]: user denied: admin (mysql-denied) from 127.0.0.1
Sep 29 06:05:08 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:09 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:10 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:10 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:11 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:12 tiberion phpMyAdmin[122141]: user denied: dbs (mysql-denied) from 127.0.0.1
Sep 29 06:05:12 tiberion phpMyAdmin[122141]: user denied: wordpress (mysql-denied) from 127.0.0.1
Sep 29 06:05:13 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:14 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:14 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:15 tiberion phpMyAdmin[122141]: user denied: admin (mysql-denied) from 127.0.0.1
Sep 29 06:05:15 tiberion phpMyAdmin[122141]: user denied: user (mysql-denied) from 127.0.0.1
Sep 29 06:05:16 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:17 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:17 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:18 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:19 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:19 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:20 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:21 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:21 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:22 tiberion phpMyAdmin[122141]: user denied: admin (mysql-denied) from 127.0.0.1
Sep 29 06:05:22 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:23 tiberion phpMyAdmin[122141]: user denied: nas (mysql-denied) from 127.0.0.1
Sep 29 06:05:24 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:24 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:25 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:26 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:26 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:27 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:28 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:28 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:29 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:30 tiberion phpMyAdmin[122141]: user denied: wordpress (mysql-denied) from 127.0.0.1
Sep 29 06:05:30 tiberion phpMyAdmin[122141]: user denied: wordpress (mysql-denied) from 127.0.0.1
Sep 29 06:05:31 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:31 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:32 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:33 tiberion phpMyAdmin[122141]: user denied: wp (mysql-denied) from 127.0.0.1
Sep 29 06:05:33 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:34 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:35 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:35 tiberion phpMyAdmin[122141]: user denied: dev (mysql-denied) from 127.0.0.1
Sep 29 06:05:36 tiberion phpMyAdmin[122141]: user denied: wp (mysql-denied) from 127.0.0.1
Sep 29 06:05:37 tiberion phpMyAdmin[122141]: user denied: shopdb (mysql-denied) from 127.0.0.1
Sep 29 06:05:37 tiberion phpMyAdmin[122141]: user denied: admin (mysql-denied) from 127.0.0.1
Sep 29 06:05:38 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:38 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:39 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:40 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:40 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:41 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:42 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:42 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:43 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:44 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:44 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:45 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:45 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:46 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:47 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:47 tiberion phpMyAdmin[122141]: user denied: wp (mysql-denied) from 127.0.0.1
Sep 29 06:05:48 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:49 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:49 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:50 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:51 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:51 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:52 tiberion phpMyAdmin[122141]: user denied: sql (mysql-denied) from 127.0.0.1
Sep 29 06:05:53 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:53 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:54 tiberion phpMyAdmin[122141]: user denied: admin (mysql-denied) from 127.0.0.1
....At first I thought my server may have been compromised, but I do not think it is compromised because I see these failed login attempts on all of my servers occasionally. I have recently re-installed CWP. My systems are fully up-to-date as well.... I do not have anyone else using my servers.
When I try to replicate the issue using incorrect password on https://tiberion.mydomain.com:2087/pma I see this:
Code: [Select]
Sep 30 02:25:41 tiberion phpMyAdmin[1199600]: user denied: root (mysql-denied) from X.X.X.XX.X.X.X is my home IP address .....How am I seeing failed login attempts from 127.0.0.1?? I am the ONLY user of my servers, no customers, no one else uses the servers.
Pages: [1]
