Messages

1021

CentOS 7 Problems / Re: Taking 3 minutes to load the Mail Server Manger

« on: May 29, 2023, 10:51:51 PM »

My two CWP VMs have more resources than that: 2 CPUs, 6GB of memory on one that runs ~30 accounts, 3CPUs and 10GB of memory on the other "heavy" VM that runs a dedicated Drupal site. That's about the resources I had dedicated to a dedicated e-commerce server running a Magento site.

I've heard of people running servers under 1-2 CPUs and 4GB of memory and I have done that as a temporary measure on my servers, but never long-term.

1022

Migration from other control panels / Re: cPanel to CWP Pro Migration -> DNS Zones owned by root (in cPanel)

« on: May 29, 2023, 02:21:48 PM »

It's been several years since I've migrated my cPanel servers to CWP, but I don't recall there being any issues with DNS zones even back then -- and things should have improved in the intervening 2-3 years. I would think your workaround of changing from root-owned to account-owned should work. But how many zones are we talking about -- a handful? Dozens? Hundreds? Can you just manually recreate the zones on the receiving CWP server? Sometimes that type of workaround is the best course of action and the greatest time saver. Back 2-3 years ago I had to create a custom post-migration script to fix various permission errors I was encountering after migration, which I passed on to the CWP devs.

1023

CentOS-WebPanel GUI / Re: CWP Pro proposing gdb-headless updates when not needed

« on: May 29, 2023, 02:14:44 PM »

Good job! Exactly the right way to deal with that scenario.
(And of course, I meant CWP's YUM module is a frontend for yum -- not the whole of CWP being a yum frontend!)

1024

CentOS-WebPanel Bugs / Re: When registering a new user, The username is limited to 8 characters.

« on: May 29, 2023, 02:12:48 PM »

CWP imposes the 8 character limitation, just as cPanel used to (and cPanel is something of the spiritual father/reference platform for CWP). But the command line useradd utility can do up to 32 characters. I haven't tested to see if you do an end-run around CWP and it would respect the longer user name. But my suspicion is it would truncated it to 8 char because of the need for longer permutations for MySQL user + DB names: username_dbname. Perhaps this will be something they fix when they start offering EL9 support later this year or next year. AlmaLinux 9, here we come!

1025

E-Mail / Re: postfix sending email every minute

« on: May 29, 2023, 02:07:15 PM »

Yes, cyberspace mentioned the most common vector for spam sending on servers -- an insecure php script that gets exploited/abused to send bulk UCE (unsolicited commercial e-mail). I'm sorry I neglected to mention the possibility in my response, because that's the most common vector these days. In fact, that's the only mail abuse I've seen on my servers is via a malicous php script implanted via a WordPress vulnerability. You may want to consider closing off the php mailer vector altogether and require ONLY authenticated SMTP on the server for mail sending. It depends on your situation, but really I would say generally that using the php mailer functionality is "lazy coding" and you should only use SMTP AUTH for accounting purposes -- it's clear who is sending what and everything is logged.

1026

CentOS-WebPanel GUI / Re: CWP Pro proposing gdb-headless updates when not needed

« on: May 28, 2023, 08:01:41 PM »

CWP is just a frontend for YUM, so it is just presenting whatever suggestions yum is recommending for update. If you don't need gdb-headless, consider removing it. I recommend NOT running any unnecessary services on your server, as it just serves to increase your attack surface. Better to run lean an nimble and only install what you absolutely need.

1027

CentOS 6 Problems / Re: GUI for CentOS WHM!!

« on: May 28, 2023, 07:57:26 PM »

What's with these AI bot responses lately? Are they trainers for ChatGPT?

[That was not about Igor; it was about some AI Bot response that is now deleted.]

1028

CentOS 6 Problems / Re: GUI for CentOS WHM!!

« on: May 28, 2023, 12:47:41 PM »

What's with these AI bot responses lately? Are they trainers for ChatGPT?

1029

E-Mail / Re: postfix sending email every minute

« on: May 27, 2023, 05:26:51 PM »

By your log, it looks to be agendada, UID 1010
Try running:

Code: [Select]

id 1010to find the associated account. Then go into your admin panel and rate limit the amount of mail messages the account can send in an hour, to contain collateral damage while you investigate.

I would seriously consider enacting some Postfix rate limiting restrictions as well in /etc/postfix/main.cf:

Code: [Select]

##//delivery rate controls/restrictions
# Parrallel delivery force (local=2 and dest=20 are aggressive)
local_destination_concurrency_limit = 6
default_destination_concurrency_limit = 30
# Max flow rate (1 sec delay per 50 emails/sec over the number of emails delivered/sec)
in_flow_delay = 1s
# Tarpit those bots/clients/spammers who send errors or scan for accounts
smtpd_error_sleep_time = 10s 
smtpd_soft_error_limit = 5
smtpd_hard_error_limit = 10
# limit max sends per minute
anvil_rate_time_unit = 60s
smtpd_client_event_limit_exceptions = $mynetworks
smtpd_client_recipient_rate_limit = 30
smtpd_client_message_rate_limit = 30


1030

E-Mail / Re: zombie attack target email account

« on: May 27, 2023, 05:17:15 PM »

And have you hardened your postfix installation to prevent relaying? Pay particular attention to the $mynetworks and $relay_domains directives. Do you have UCE controls properly implemented in Postfix? Don't trust the defaults -- they are just a starting point. You should be much more restrictive than what CWP provides as an initial basis.

1031

CentOS-WebPanel Bugs / Re: Apache rebuild doesn't work (again) and workaround

« on: May 26, 2023, 10:43:28 PM »

What version of Apache are you looking for? 2.4.56?

As a quick test, I can curl their older Apache 2.2.27 script:

Code: [Select]

curl -O https://dl1.centos-webpanel.com/files/c_scripts/apache-2.2.27.sh

1032

Apache / Re: /usr/local/apache/conf.d/vhosts/domain.ssl.conf gets overwritten

« on: May 26, 2023, 10:29:29 PM »

Code: [Select]

sudo chattr +i /usr/local/apache/conf.d/vhosts/testdomain.nl.ssl.confto make changes, remove the immutable bit:

Code: [Select]

sudo chattr -i /usr/local/apache/conf.d/vhosts/testdomain.nl.ssl.conf

1033

DNS / Re: CWP Can't add “One” domain name

« on: May 26, 2023, 10:16:09 PM »

How is your DNS infrastructure set up? Do you use the default CWP DNS servers, or something different? (I use Cloudflare as my NS.)

1034

CentOS 7 Problems / Re: Malware found

« on: May 26, 2023, 02:00:57 PM »

Are you running rkhunter to check for a root kit?

Also look for FritzFrog and Ebury:
https://srvfail.com/check-clean-ebury-ssh-rootkit/

1035

E-Mail / Re: zombie attack target email account

« on: May 26, 2023, 01:00:08 AM »

Are your SPF and DMARC DNS records set up properly to restrict sending to your own domain and server IP address?