This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
541
Suggestions / Re: :):):) Comodo WAF rules update required :):):)
« on: January 26, 2025, 12:53:00 AM »i switched back to OWASP latest rules but they are not blocking malicious attempts . i can see in logs its detecting but attempt is not blocked![]()
on the other hand comodo waf rules keeps blocking everythingbefore last update everything was fine and comodo waf rules were the best
Yea, there is a bug CWP has been made aware of with the OWASP latest not working.
542
Suggestions / Re: :):):) Comodo WAF rules update required :):):)
« on: January 26, 2025, 12:51:18 AM »
I tried that juggling, and it didn't work.
There is a problem with the OWASP latest ruleset that I've notified CWP about.
I've only found 2 semi-good replacements, but both are paid:
https://malware.expert/
https://atomicorp.com/modsecurity-rules/
And then there is course the company who bought Comodo, Xcitium. But their website doesn't even work
There is a problem with the OWASP latest ruleset that I've notified CWP about.
I've only found 2 semi-good replacements, but both are paid:
https://malware.expert/
https://atomicorp.com/modsecurity-rules/
And then there is course the company who bought Comodo, Xcitium. But their website doesn't even work
543
Other / Re: Support Ticket Issue
« on: January 24, 2025, 11:56:17 PM »
Via their support ticket system.
Most problems can not helped here on the forums.
What problem are you having?
--
And if you can include the following:
What 'errors' and/or 'messages' are being displayed in the logs?
What distro are you are you running CWP on?
CWP Free or CWPpro?
VPS or Dedicated?
Public or NAT?
Most problems can not helped here on the forums.
What problem are you having?
--
And if you can include the following:
What 'errors' and/or 'messages' are being displayed in the logs?
What distro are you are you running CWP on?
CWP Free or CWPpro?
VPS or Dedicated?
Public or NAT?
544
Suggestions / Re: :):):) Comodo WAF rules update required :):):)
« on: January 24, 2025, 11:50:49 PM »
The Comodo ruleset isn't a CWP problem.
I can't login with my UN/PW on their site for months now - waf.comodo.com
Seems like the new company who took them over want you to buy their ruleset.
They also haven't responded to emails.
So at this point I'm saying that ruleset is dead, thanks to another takeover.
I can't login with my UN/PW on their site for months now - waf.comodo.com
Seems like the new company who took them over want you to buy their ruleset.
They also haven't responded to emails.
So at this point I'm saying that ruleset is dead, thanks to another takeover.
545
Problems on other RedHat linux servers / Re: I can send and receive messages via the web, but it doesn't work through the...
« on: January 24, 2025, 11:47:16 PM »
Install netmap & netcat and try again.
Check your firewall to verify port 465 is open.
Check your firewall to verify port 465 is open.
546
Problems on other RedHat linux servers / Re: I can send and receive messages via the web, but it doesn't work through the...
« on: January 24, 2025, 02:46:17 AM »
AlmaLinux's default install doesn't have telnet.
But you can try:
From AlmaLinux 9.5:
Now to test your server:
But you can try:
Code: [Select]
nc -vz google.com 80Once confirmed you can contact google, and nc is working.From AlmaLinux 9.5:
Quote
Ncat: Version 7.92 ( https://nmap.org/ncat )
Ncat: Connected to 2607:f8b0:4009:81b::200e:80.
Ncat: 0 bytes sent, 0 bytes received in 0.02 seconds.
Now to test your server:
Code: [Select]
nc -vz domain.name 25Code: [Select]
nc -vz domain.name 465Code: [Select]
nc -vz domain.name 587
547
Problems on other RedHat linux servers / Re: I can send and receive messages via the web, but it doesn't work through the...
« on: January 23, 2025, 06:13:48 PM »
Does your SSL have the mail sub-domain added?
Most mail clients like Thunderbird will automatically contact the email server for the correct settings.
The error is it can't connect to the SMTP server via SSL.
Make sure ports 486 and 587 are open, as these are the SMTP SSL ports. Port 25 is Non-SSL.
Most mail clients like Thunderbird will automatically contact the email server for the correct settings.
The error is it can't connect to the SMTP server via SSL.
Make sure ports 486 and 587 are open, as these are the SMTP SSL ports. Port 25 is Non-SSL.
548
Problems on other RedHat linux servers / Re: How to Adjust my SSH Server ? Almalinux 8
« on: January 22, 2025, 02:03:12 AM »
Here is some light reading for you, for when you can't fall asleep. 
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/security_guide/sec-hardening_tls_configuration#sec-Choosing_Algorithms_to_Enable
--
https://community.centminmod.com/threads/openssh-chacha20-ciphers-for-terrapin-security-vulnerability-attacks.25043/
--
https://serverfault.com/questions/1148295/tls-cipher-suites-ordering
--
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening#setting-up-system-wide-crypto-policies-in-the-web-console_using-the-system-wide-cryptographic-policies
Scroll down to 3.6.1 Open SSH
--
And IF you want to open a can of worms and headaches...
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4823.pdf
--
Then once done with SSH, you have Apache to configure...

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/security_guide/sec-hardening_tls_configuration#sec-Choosing_Algorithms_to_Enable
--
https://community.centminmod.com/threads/openssh-chacha20-ciphers-for-terrapin-security-vulnerability-attacks.25043/
--
https://serverfault.com/questions/1148295/tls-cipher-suites-ordering
--
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening#setting-up-system-wide-crypto-policies-in-the-web-console_using-the-system-wide-cryptographic-policies
Scroll down to 3.6.1 Open SSH
--
And IF you want to open a can of worms and headaches...
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4823.pdf
--
Then once done with SSH, you have Apache to configure...
549
PHP / Re: Anti-Change Log
« on: January 22, 2025, 01:48:58 AM »1. You just need to add the version number and nothing else.
2. For main php version (php switcher) modify the file:
/usr/local/cwpsrv/htdocs/resources/conf/el9/php_switcher/versions.ini
Tried, but didn't work. :/
550
Problems on other RedHat linux servers / Re: How to Adjust my SSH Server ? Almalinux 8
« on: January 22, 2025, 01:12:29 AM »
There are instructions ay the link for Rocky 9 and RHEL8.
So those will work on AlmaLinux 8 and 9.
But remember always crate a backup of the confg file, BEFORE making any changes.
Snapshots are even better.
firewall-cmd isn't used on CWP server, in fact it disables it for CSF/LFD.
So those will work on AlmaLinux 8 and 9.
But remember always crate a backup of the confg file, BEFORE making any changes.
Snapshots are even better.
firewall-cmd isn't used on CWP server, in fact it disables it for CSF/LFD.
551
PHP / Re: Anti-Change Log
« on: January 22, 2025, 12:27:48 AM »1. You just need to add the version number and nothing else.
2. For main php version (php switcher) modify the file:
/usr/local/cwpsrv/htdocs/resources/conf/el9/php_switcher/versions.ini
Trying this with 8.3.16, will also try with 8.4, and create that .ini from a copy of 8.3
552
PHP / Re: Anti-Change Log
« on: January 22, 2025, 12:22:45 AM »
Well PHP released on 2025-01-17:
8.4.3
8.3.16
Both of which have bug fixes/patches.
Thankfully no CVE's.
8.4.3
8.3.16
Both of which have bug fixes/patches.
Thankfully no CVE's.
553
CentOS-WebPanel Bugs / Re: abcdefg.php file server error 500
« on: January 21, 2025, 11:16:56 PM »
What version of PHP are you running?
554
CentOS-WebPanel Bugs / Re: abcdefg.php file server error 500
« on: January 21, 2025, 10:27:05 PM »
Try under User Accounts -> Fix Permissions -> (Check both boxes for Fix Permissions & Internal Server Error) then the blue bar.
555
Other / ELRepo throwing GPG Key error when trying to update
« on: January 14, 2025, 11:36:50 PM »
If you get the error
when trying to update from elrepo, run the following, and it will import the correct key to get rid of the error.
Quote
GPG key at file:///etc/pki/rpm-gpg/RPM-GPG-KEY-elrepo.org (0xBAADAE52) is already installed
The GPG keys listed for the "ELRepo.org Community Enterprise Linux Kernel Repository - el9" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: kernel-lt-6.1.124-1.el9.elrepo.x86_64
when trying to update from elrepo, run the following, and it will import the correct key to get rid of the error.
Code: [Select]
rpm --import https://www.elrepo.org/RPM-GPG-KEY-v2-elrepo.org
before last update everything was fine and comodo waf rules were the best