Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - overseer

Pages: 1 ... 67 68 [69] 70 71 ... 101
1021
CSF Firewall / Re: How to Prevent CWP BruteForce?
« on: July 07, 2023, 09:11:02 PM »
Just note that your clients will then be unable to directly communicate with AliBaba/AliExpress vendors. I am now getting bounce messages and stuck messages in my queues after blocking CN.

1022
CentOS-WebPanel GUI / Re: CWP Invalid session on login
« on: July 06, 2023, 02:23:32 AM »
Did you look at creating a Cloudflare firewall rule to allow your CWP admin port (2031 or 2087 or whatever)?

1023
I would take the caching aspect out of the loop, unless you really think you need it. It's usually the last step in deployment before going live. And in all honesty, unless you have a lot of RAM available or fast disks, Varnish introduces a whole level of complexity and tends to be a common break point. I've only ever implemented it on one very high traffic server. But ultimately, I got even better results from using Cloudflare's infrastructure.

The best bang-for-your-buck combo on CWP is with Nginx (least troublesome to configure and manage, far better performance than Apache). Varnish is only if you absolutely need to milk every last bit of performance out of your existing server.

1024
You should look at the last lines of that website's log files:

access log: /usr/local/apache/domlogs/yourdomain.com.log
error log: /usr/local/apache/domlogs/yourdomain.com.error.log

Should give you a pretty good clue as to what's going wrong.

1025
You'll have to look at the varnish logs. Do you have a WP varnish plugin to expiry the cache?

1026
Postfix / How to Whitelist a hostname in CSF
« on: July 03, 2023, 03:04:40 AM »
You may find it necessary to whitelist a hostname as opposed to an IP address in CSF. CSF has a file specifically for allowing hostnames called "csf.dyndns". Fully Qualified Domain Names (FQDN) are checked at a configurable interval of seconds, to poll for a change in the IP address.

To whitelist a hostname:
1) Open/create the file "/etc/csf/csf.dyndns" and add the hostname.
2) Open the file "/etc/csf/csf.conf" and set: DYNDNS = "1800" (which would check for IP updates every 30 minutes).
Note: If you want the activity of the IP also ignored, set DYNDNS_IGNORE = "1"
3) Restart the firewall (csf -r)

The hostnames in csf.dyndns will automatically be allowed and the rules will refresh every 30 minutes.

1027
Updates / Re: How to upgrade the OS
« on: July 03, 2023, 02:52:56 AM »
I would just pay the additional $$ -- cost of doing business. Unless they could grant you some kind of special temp license for migration. Maybe they ought to consider a 1-3 mo temp license for this use case -- people migrating from CentOS 7 to AlmaLinux or Rocky.

1028
Information / Re: RH plan to kill RHEL clones
« on: July 03, 2023, 02:49:55 AM »
Might be time to get a RH dev account and take them up on the offer for a free license. Then you have access to the source code, and maybe then you accidentally mirror it on your pub FTP server. Accidentally.

Any AlmaLinux devs catching this?

1029
Suggestions / Re: 2FA with Google Authenticator
« on: July 01, 2023, 02:23:51 AM »
Why are you trolling? Why not do something useful for the community like contributing code, documentation, or mutual support for other users. That's far more useful than criticizing in a vacuum. CWPs problems are obvious and well publicized, but the developers do a lot on limited resources and produce a useful tool that works for my use case and provides my end users with an effective management tool at a far more reasonable price than the *BIG* bloated controlPanel.

1030
Information / Re: RH plan to kill RHEL clones
« on: July 01, 2023, 02:18:52 AM »
There are plenty of control panels that work with Debian-based OSes and abstracted ones like Webmin, so I don't see much need for CWP devs to spread themselves even thinner by trying to support another distribution lineage. In this case, specialty is good. This was originally CentOS Web Panel, now rebranded as Control Web Panel to keep the acronym but apply more generally and not be specifically limited to CentOS proper (which now has taken an upstream swim to be an unstable rolling distribution). Personally, I prefer Debian OS derivatives on the desktop (Ubuntu, Mint) and prefer EL on the server side (CentOS 7, soon to be Alma Linux 9).

1031
It's not high on my priority list. If the devs were interested in a poll or vote amongst users as to what priorities matter, this is not one of them.

1032
Suggestions / Re: CWP Plugin Store
« on: July 01, 2023, 02:10:17 AM »
And a workable product than some of us use to manage servers & run live sites...

1033
Updates / Re: How to upgrade the OS
« on: June 30, 2023, 08:45:52 PM »
My plan (for spring 2024) on my CentOS 7.9 VMs will be to spin up a new AlmaLinux 9 VM and install CWP. According to the devs, they are working on EL9 support and I am hopeful it will be ready to go next spring, before the coming EOL apocalypse. Since the 2 VMs will reside on the same physical machine, it should be comparatively quick to do a CWP migration from VM to VM. Then a final rsync after the fact, pause the CentOS 7 VM, change the IP of the AlmaLinux 9 VM to be the IP of the CentOS 7 VM and spin it up. This will require no DNS reconfiguration. Obviously, I'll be watching the landscape as things progress this winter & next spring and block out a low traffic weekend (perhaps over US holidays) to enact the server switchovers.

1034
Postfix / Re: SASL LOGIN authentication failed: UGFzc3dvcmQ6 hk.
« on: June 30, 2023, 01:30:31 PM »
This is done vis CSF, not directly in postfix. In /etc/csf/csf.conf
Code: [Select]
CC_DENY = "CN,KP,RU,NG"To increase the LFD lockout limits on IMAP, POP, and SMTP:
Code: [Select]
# [*]Enable login failure detection of SMTP AUTH connections
LF_SMTPAUTH = "20"
LF_SMTPAUTH_PERM = "1"

# [*]Enable login failure detection of pop3 connections
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
LF_POP3D = "25"
LF_POP3D_PERM = "1"

# [*]Enable login failure detection of imap connections
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
LF_IMAPD = "25"
LF_IMAPD_PERM = "1"

And you were looking for this directive for permanent blocking:
Code: [Select]
###############################################################################
# SECTION:Temp to Perm/Netblock Settings
###############################################################################
# Temporary to Permanent IP blocking. The following enables this feature to
# permanently block IP addresses that have been temporarily blocked more than
# LF_PERMBLOCK_COUNT times in the last LF_PERMBLOCK_INTERVAL seconds. Set
# LF_PERMBLOCK  to "1" to enable this feature
#
# Care needs to be taken when setting LF_PERMBLOCK_INTERVAL as it needs to be
# at least LF_PERMBLOCK_COUNT multiplied by the longest temporary time setting
# (TTL) for blocked IPs, to be effective
#
# Set LF_PERMBLOCK to "0" to disable this feature
LF_PERMBLOCK = "1"
LF_PERMBLOCK_INTERVAL = "86400"
LF_PERMBLOCK_COUNT = "4"
LF_PERMBLOCK_ALERT = "1"

Also consider setting up postscreen for postfix, as it will help "screen" your SMTP connections and stop junk connections right at the gate:
https://www.awsmonster.com/how-to-secure-postfixdovecot-on-cwp

And while you're there, do a little more light reading:
https://www.awsmonster.com/postfix-tuning-guide

1035
Postfix / Re: SASL LOGIN authentication failed: UGFzc3dvcmQ6 hk.
« on: June 30, 2023, 04:41:25 AM »
Take a look at country code blocking. I block the 5 biggest spam sending sources -- none of my clients do business with these countries: RU, CN, KP, NG, {Bulgaria, Poland, Brazil have also been big culprits on my servers, but it tends to come in waves}. There is a case to allow for China due to Alibaba allowing direct vendor contact with potential customers -- if that's something your clients engage in.

The IP in your example resolves to GB, so that may be from a botnet or it may be a legit hacking attempt from GB, which I have seen on my servers. I just can't block a huge swath of Europe, due to my clients communicating with people there and potential site visitors from there.

Pages: 1 ... 67 68 [69] 70 71 ... 101