This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
286
PHP / Re: Anti-Change Log
« on: August 08, 2025, 06:22:33 AM »
@Igor S.
Guys these PHP updates fix CVE's.
Thanks
Guys these PHP updates fix CVE's.
Thanks
287
E-Mail / Re: Roundcube - Connection Error - Sending a particular email
« on: August 08, 2025, 06:18:47 AM »
Please advise the following:
What distro are you running CWP on?
Public or NAT?
Can you send out a test email form the CLI?
--
Welcome back @cyberspace
What distro are you running CWP on?
Public or NAT?
Can you send out a test email form the CLI?
--
Welcome back @cyberspace
288
Mod_Security / Re: ModSecurity Updated to 2.9.12
« on: August 08, 2025, 06:17:21 AM »
No, it just replaces ModSecurity and copies over a new mod_security2.so to /usr/local/apache/modules
Which at that point it will ask you to overwrite the existing file.
It a really simple script, 10 lines long, and if you do make & make install, it would be 9 lines.
But I like to double space so it's easier to read.
Which at that point it will ask you to overwrite the existing file.
It a really simple script, 10 lines long, and if you do make & make install, it would be 9 lines.
But I like to double space so it's easier to read.
289
Mod_Security / ModSecurity Updated to 2.9.12
« on: August 07, 2025, 06:51:29 PM »
A new version of ModSecurity came out 2 days ago that fixes a CVE, and some other minor things.
You can download directly at:
https://github.com/owasp-modsecurity/ModSecurity/releases/tag/v2.9.12
Or from our KB download site at:
https://dl.starburst.help/ModSecurity/2.9.12/
There is also an update script for CWP if you want an easier way to update:
https://dl.starburst.help/ModSecurity/2.9.12/Update_Script_CWP/
You can download directly at:
https://github.com/owasp-modsecurity/ModSecurity/releases/tag/v2.9.12
Or from our KB download site at:
https://dl.starburst.help/ModSecurity/2.9.12/
There is also an update script for CWP if you want an easier way to update:
https://dl.starburst.help/ModSecurity/2.9.12/Update_Script_CWP/
290
PHP / Re: When will PHP 8.4 be released in CWP?
« on: August 07, 2025, 12:52:41 PM »Went well buddy thankyou Can you do a KB article on getting a complete snapshot or back up of the server i have used a few tools but they seem to fail on me.
That would be up to your provider on how to make a snapshot or backup.
Every provider is different in the way they do it.
Check their KB, they should have instructions.
If not, contact their support.
291
PHP / Re: When will PHP 8.4 be released in CWP?
« on: August 07, 2025, 03:31:05 AM »
OK, got 1 way to work.
Surprisingly some extensions don't support PHP 8.4 yet like IMAP. Only has support up to 8.3.24.
But anyways...
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/install-php-8-4-in-control-web-panel-cwp-on-almalinux-9-from-repos/
Surprisingly some extensions don't support PHP 8.4 yet like IMAP. Only has support up to 8.3.24.
But anyways...
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/install-php-8-4-in-control-web-panel-cwp-on-almalinux-9-from-repos/
292
PHP / Re: When will PHP 8.4 be released in CWP?
« on: August 06, 2025, 09:49:54 PM »
OMG...
PHP 8.4 isn't as easy to get compiled & installed as previous versions.
Not sure what they changed, but it keeps erroring.
And since this is a computer program, C4 found a problem it can't fix...
But I am still working on it.
PHP 8.4 isn't as easy to get compiled & installed as previous versions.
Not sure what they changed, but it keeps erroring.

And since this is a computer program, C4 found a problem it can't fix...

But I am still working on it.
293
CWP API / Re: Issue creating user accounts via API on Alma Linux 9 with CWP
« on: August 06, 2025, 09:29:05 PM »
I know the API works with AlmaLinux 9 and Blesta 5.11.4
294
PHP / Re: When will PHP 8.4 be released in CWP?
« on: August 06, 2025, 05:40:28 PM »
I hope soon.
CPW have released 3 updates, and haven't even updated PHP 8.1, 8.2 or 8.3 yet.
And even I can't get an answer to this.
You can manually update PHP to 8.4 and just starting working on that KB article.
Let me verify the process, and I'll post a link when ready. Hopefully within 24 hours. Send Coke...
Been busy with the ConfigServer FAQ Archive stuff on the KB. (Still a work in progress)
I'm hopeful he will release the code under GPL so it can continue to be developed.
CPW have released 3 updates, and haven't even updated PHP 8.1, 8.2 or 8.3 yet.
And even I can't get an answer to this.
You can manually update PHP to 8.4 and just starting working on that KB article.
Let me verify the process, and I'll post a link when ready. Hopefully within 24 hours. Send Coke...

Been busy with the ConfigServer FAQ Archive stuff on the KB. (Still a work in progress)
I'm hopeful he will release the code under GPL so it can continue to be developed.
295
CWP API / Re: Issue creating user accounts via API on Alma Linux 9 with CWP
« on: August 06, 2025, 12:15:25 AM »
I'm not an expert in the API.
But I know the username when created by the API HAS to be 6-8, no more and all lower case letters only for the username.
NO numbers or special characters.
But I know the username when created by the API HAS to be 6-8, no more and all lower case letters only for the username.
NO numbers or special characters.
296
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected Arbitrary PHP Code Execution via Publ
« on: August 05, 2025, 01:22:18 PM »
See @overseer Reply #39
As long as your AL is up2date run:
But also having a secure PHP helps, by default CWP leaves nothing disabled so users can configure their server as they need.
ModSecurity has also been catching this, which again, needs to be kept updated.
As long as your AL is up2date run:
Code: [Select]
dnf --refresh updateand you are running 0.9.8.1210 you should be fine.But also having a secure PHP helps, by default CWP leaves nothing disabled so users can configure their server as they need.
ModSecurity has also been catching this, which again, needs to be kept updated.
297
Information / Re: Security Warning for CWP Users (CWPpro version: 0.9.8.1210)
« on: August 04, 2025, 12:04:59 PM »
PHP Injection attacks are common, and from what you posted that's what looks like happened.
What PHP version are you running on all servers?
CWP doesn't restrict/disable any of PHP functions by default.
Which is good & bad at the same time.
You need to go into the php.ini file(s) and secure it yourself. There are plenty of sites that advise how to do this with a simple Google search.
Also which ruleset do you have for ModSecurity?
What PHP version are you running on all servers?
CWP doesn't restrict/disable any of PHP functions by default.
Which is good & bad at the same time.
You need to go into the php.ini file(s) and secure it yourself. There are plenty of sites that advise how to do this with a simple Google search.
Also which ruleset do you have for ModSecurity?
298
Information / When making a New Topic. Please Include:
« on: August 03, 2025, 08:49:37 PM »
If Search has failed to return an active thread.
Please advise the following:
Subject should be of the problem you are having. No BS or misleading subject lines.
Also:
Please advise the following:
Subject should be of the problem you are having. No BS or misleading subject lines.
- What distro are you trying to install CWP onto? / What distro are you running CWP on?
- Public or NAT?
- CWP Free or CWPpro?
- VPS or Dedicated?
- What 'errors' and/or 'messages' are being displayed in the logs?
Also:
- NO ED med posts, we already have direct connections...
- NO escort posts, we already have wife's and some have work wife's, we do not need any other headaches...
299
Information / Re: Security Warning for CWP Users (CWPpro version: 0.9.8.1210)
« on: August 03, 2025, 08:23:17 PM »I would like to recommend that the changelogs published at https://control-webpanel.com/changelog be updated promptly and consistently with each new software release or update.
Timely and detailed changelogs serve several important purposes for users and administrators:
- Transparency of Updates: A regularly updated changelog allows users to stay informed about the specific changes introduced in each release - whether they are bug fixes, security patches, performance improvements, or new features.
- Issue Tracking and Resolution Confirmation: Many administrators monitor CWP updates in anticipation of fixes to known issues. Without updated changelogs, it becomes difficult to determine whether a particular problem has been addressed or if further action is required.
- Efficient System Administration: Accurate changelogs enable sysadmins to plan accordingly - whether its scheduling downtime, testing updates in staging environments, or avoiding unnecessary troubleshooting.
- Improved Trust and Engagement: Clear communication of development efforts demonstrates professionalism and fosters greater trust among the user community. It also helps users contribute better feedback and report issues more accurately.
I appreciate the ongoing work and development put into CWP and hope this suggestion can be considered to enhance the overall user experience and system reliability.
Or you could learn how or hire someone to secure your Linux server, before blaming it on something/someone else... Before posting something with a title of "Security Warning"...
If your not happy with CWP, PLEASE go use some other control panel...
I'm sure cPanel will fit all your requirements above...
300
Information / Re: Security Warning for CWP Users (CWPpro version: 0.9.8.1210)
« on: August 03, 2025, 08:20:30 PM »On multiple independent VPS servers running CWP, I have detected a suspicious file named defauit.php (note: obfuscated by replacing lowercase L with uppercase i) located in the root directories of websites.
Upon inspection, it was found to be a backdoor file capable of remote code execution, making use of functions like file_put_contents, __call, unlink, and __destruct.
File Details:
Filename: defauit.php
Creation Date: July 4th, 2025
The file appears to prepare a payload to be executed remotely.
Log Evidence:
The file was accessed multiple times from the following IP address:
IP: 198.144.182.13
Timestamps: July 28th, 2025 09:03 and 09:12
July 31st, 2025 13:33
Requests to defauit.php triggered multiple ModSecurity Warnings.
Despite these, some PHP-level operations (like unlink() and touch()) appear to have executed based on error logs.
Evaluation:
The file was injected on July 4th, and remained dormant for about 3 weeks.
Exploitation attempts were made on July 28th and 31st.
This pattern fits a delayed activation backdoor scenario.
No such files or behavior were observed on my other servers using DirectAdmin.
Request to CWP Team:
To better understand if this issue is related to CWP itself or its environment, I kindly request the CWP developers to:
Investigate potential security vectors or vulnerabilities,
Release appropriate patches or mitigation steps,
And share an official security advisory with the community.
If needed, I can also provide the full content of the defauit.php file for analysis.
NOTE : I use cwp pro (CWPpro version: 0.9.8.1210)
You never answered what distro you are running CWP on...
And now you pointed out it was a PHP Injection Attack, and nothing to do with CWP.
What PHP Version are you running?
Did you secure your php.ini?
