Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Starburst

Pages: 1 ... 10 11 [12] 13 14 ... 119
166
Installation / Re: install cwp panel rocky linux
« on: October 18, 2025, 08:51:10 PM »
Rocky Linux is still missing some libraries.

The recommended version for CWP is AlmaLinux 8 or 9.

If you don't need PHP below 7.4 or migrate sites, or limit user resources (storage, cpu, etc.) then AL9 is the best.

167
CSF Firewall / Re: Firewall off in cwp panel
« on: October 18, 2025, 08:48:28 PM »
That's what we run.

Usually once you start it & enable it via the CLI, and maybe reboot, CWP will see it running.

All CWP is doing in the background is running
Code: [Select]
systemctl status csfAnd then displaying On/Off

168
CentOS 9 Problems / Re: monit with AL9
« on: October 18, 2025, 08:46:05 PM »
I hate that program, and I hate that CWP forces you to install it.

I usually install it, disable it from ever starting again.

Would recommend a 3rd party solution, but you mentioned you only have the 1 server.

169
CSF Firewall / Re: Configserver down?
« on: October 16, 2025, 08:14:35 PM »
Related this guide: https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/csf-firewall-gplv3-release-tweaked-for-cwp/

 https://dl.starburst.help/configserver-scripts/csf.tgz
generate 404 error

Thanks for letting me know.
It's been fixed, missed that when I switched the site to a new server.  :-\

All working now.

170
CSF Firewall / Re: Firewall off in cwp panel
« on: October 16, 2025, 07:56:07 PM »
What OS are you running on the server?

171
Mod_Security / Re: OWASP Latest
« on: October 15, 2025, 09:59:39 PM »
Ok. Same for Almalinux 8? I just saw the Alma9 in the link.
Yes, it is the same for AL8.

172
Mod_Security / Re: OWASP Latest
« on: October 15, 2025, 08:24:40 PM »
@overseer post the 2 links you need to follow.
It's mostly cut & paste in the CLI.

173
Mod_Security / Re: OWASP Latest
« on: October 15, 2025, 07:12:45 PM »
Comodo WAF has been dead for over a year now.

OWASP doesn't automatically update, even though it says it does.
The ModSecurity version installed by default by CWP is 2.9.6 and is incompatible with the new OWASP CRS rulesets.

174
CSF Firewall / Re: Firewall off in cwp panel
« on: October 14, 2025, 05:50:55 PM »
SSH into the server, and from the CLI:

csf -e, if working you should see what you are "csf and lfd are not disabled!"
That's a good thing.

Then run:

Code: [Select]
systemctl start csf
Code: [Select]
systemctl start lfd
Code: [Select]
systemctl enable csf
Code: [Select]
systemctl enable lfd
Some system are weird.

Log back into CWP, and it should show as 'On' now.

175
DKIM / Re: I'm a bit lost
« on: October 14, 2025, 05:48:14 PM »
There is another file to check, opendkim.conf

Also some installation are missing opendkim & opendkim-tools, so you want to make sure they are installed and enabled.

If you are running AL9, see:
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/dkim-not-working-on-almalinux-9-with-cwp/

176
CentOS 8 Problems / Re: packages update error AlmaLinux 8
« on: October 11, 2025, 02:01:54 PM »
@overseer

Please reframe posting any of our help or articles in the furture when 'djprmf' is helping in a thread, that user made it clear our help and knowledge is not wanted by other users...

177
I have not posted False or Mis-information.
Your post doesn't even make sense.

And all here know that I know what I'm talking about from my posts.

So just insulting me and others here hasn't made you any friends and lost you any support.

Unlike yourself.

I'm guessing your some kid or tween who just wants to come on the forums, post your BS mis-information, and argue with everyone.

So FOCUS...

178
Information / Re: Is CWP still maintained?
« on: October 09, 2025, 01:28:05 PM »
Then, by your logic, we should blame the creators of the binary... because they created this digital thing.
Or we should blame the creators of guns... not who use them and for what...

You don't really see how your logic makes no sense?

I'm placing blame where is belongs - with PHP...

Quote
The flaw stems from unsafe handling of the id parameter, which is passed directly into PHP’s unserialize() function without validation.
Attackers can supply malicious serialized PHP objects that trigger arbitrary command execution via system().

So are all the CVE's of this PHP vulnerability.

Servers that where correctly secured where not affected.

179
Information / Re: Is CWP still maintained?
« on: October 09, 2025, 01:26:03 PM »
Here is the fix to apply to your php.ini

The flaw stems from unsafe handling of the id parameter, which is passed directly into PHP’s unserialize() function without validation.
Attackers can supply malicious serialized PHP objects that trigger arbitrary command execution via system().

This is also blocked by ModSecurity and the OWASP CRS ruleset when correctly configured.

180
Information / Re: Is CWP still maintained?
« on: October 09, 2025, 01:17:44 PM »
Yes, they are responsible for the software they create, but they DID NOT CREATE PHP...

And that's where this vulnerability is located.

You are blaming CWP in your posts
Quote
THEY ARE RESPONSIBLE FOR THE SOFTWARE THAT THEY CREATED!
for something they had NO control over. And hence it wasn't a CWP bug to even 'disclose' or responsible for.

You need to goto the PHP forums and blame them, as they are the ones who a responsible for the software they created.

Tell me where in the below it mentions CWP, or even cPanel, aaPanel, etc...

--

SUBJECT:
Multiple Vulnerabilities in PHP Could Allow for Remote Code Execution

OVERVIEW:
Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow for remote code execution. PHP is a programming language originally designed for use in web-based applications with HTML content. Successful exploitation could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Pages: 1 ... 10 11 [12] 13 14 ... 119