Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
61
Postfix / Re: EMAIL SENT FROM CWP GOING TO SPAM
« on: July 08, 2019, 01:02:57 PM »
Use mxtollbox to generate and test spf, ptr , and _DMARC (use these too). I don't worry about dkim personally but the more the merrier.
I find if mxtollbox is used to generate and test and it says all ok, then I don't have too many deliverability problems.
I find if mxtollbox is used to generate and test and it says all ok, then I don't have too many deliverability problems.
62
Addons / Re: New re-designed version of WHMCS module
« on: July 07, 2019, 10:46:58 AM »
Any chance of it auto copying whmcs username and password and inputting that when linking with CWP?
Clients already have to log into whmcs...to then immediately have to login a second time for CWP will be tedious...one might as well just go direct to CWP.
Clients already have to log into whmcs...to then immediately have to login a second time for CWP will be tedious...one might as well just go direct to CWP.
63
Updates / Re: CWP VERSION FREE 0.9.8.845 No option to download files in file manager
« on: July 04, 2019, 11:57:28 AM »
Check your user account has the right privilages and/or try different web browser...because that is the only way I know of that downloading files works.
Otherwise...setup sftp and use filezilla to download and upload files.
Otherwise...setup sftp and use filezilla to download and upload files.
64
Other / Paypal Invoice Template...
« on: July 04, 2019, 08:22:11 AM »
Hi guys,
i just wanted to ask about the CWP paypal invoice template.
I am using WHMCS to automatically send out invoices using paypal module.
I notice that you have two customisations on this template:
1. CWP logo in top LHS
2. Unpaid/paypal option on RHS
I have a paypal business account however paypal are trying to charge me an additional $25 apparently in order to be able to customise paypal invoice templates.
Is that true for me to be able to create an invoice identical to yours (with my own logo)?
i just wanted to ask about the CWP paypal invoice template.
I am using WHMCS to automatically send out invoices using paypal module.
I notice that you have two customisations on this template:
1. CWP logo in top LHS
2. Unpaid/paypal option on RHS
I have a paypal business account however paypal are trying to charge me an additional $25 apparently in order to be able to customise paypal invoice templates.
Is that true for me to be able to create an invoice identical to yours (with my own logo)?
65
CentOS 7 Problems / Re: getting Forbidden You don't have permission error
« on: July 03, 2019, 08:59:34 PM »
There are three options for mod security rules...the default one, owasp and Comodo.
Which one do you have selected?
If you are using the free version of cwp, then it will be the default....which shouldn't cause any WordPress issues because it's basic rules are very few.
Having said that, there is a list of WordPress rules you can download.
Another thing you should check is the panic level...if it is set much above 2 on a normal install you may start to get false positives.
Also, are you running Wordfence on your WordPress website? It has its own list of WAF rules.
Which one do you have selected?
If you are using the free version of cwp, then it will be the default....which shouldn't cause any WordPress issues because it's basic rules are very few.
Having said that, there is a list of WordPress rules you can download.
Another thing you should check is the panic level...if it is set much above 2 on a normal install you may start to get false positives.
Also, are you running Wordfence on your WordPress website? It has its own list of WAF rules.
66
Updates / Re: CWP VERSION FREE 0.9.8.845 No option to download files in file manager
« on: July 03, 2019, 07:50:16 PM »
Just select and left click on the file and it will download.(click twice)
67
Installation / Re: can i use only one domain ?
« on: July 02, 2019, 04:28:48 PM »
You could add website files into the default apache web directory on the server without creating any domains and it will work.
You just have to find what the default apache directory for cwp is using for that page you are seeing.
It easier in cwp to simply add a new user though. With new user comes web directory, security controls...heaps of functinality you can use to control the new users website you make.
You just have to find what the default apache directory for cwp is using for that page you are seeing.
It easier in cwp to simply add a new user though. With new user comes web directory, security controls...heaps of functinality you can use to control the new users website you make.
68
Information / Re: IP Access restriction
« on: July 02, 2019, 04:16:53 PM »
Perhaps register a cheap vps somewhere, Use that as a VPN gateway, with only ssh key access, to your main server and access it through VPN static IP.
You can get cheap VPS for $5-10/ mth depending on how much ram. Checkout Vultr.com
You can get cheap VPS for $5-10/ mth depending on how much ram. Checkout Vultr.com
69
Information / Re: It seems that cwp has a new website
« on: June 30, 2019, 04:19:00 AM »
+1 for congrats on the new look. A step in the forward's direction 
I think a couple of negative comments here are being a bit harsh...sure have a complain when things that are simple should be easy to fix but are not fixed, but dont trash the panel completely.
Let's face it, when it comes to value for money (in terms of the pro version), I think people are getting a great deal when compared with just about any other panel I can think of.
It's also silly to make any kind of comparison with cpanel. If you would prefer to pay $15 month or more, vs $10 year for CWP, by all means...i won't stand in your way and good luck to you
I think as time goes by, eventually, these guys will build this into a rival to cpanel, Plesk, Virtualmin for sure...but let's be honest about this, one is comparing control panels that have been around for many years and a couple of which have rather large staff numbers...hardly fair comparison!
In finishing up, however, I will concede, there are some rather elementary fixes that this panel desperately needs before they go expanding its horizons. If the basics are not fixed, the expanded version takes that bugs with it. In the end, this becomes a bloody expensive flaming nightmare to fix!
As an example, anyone here every had anything to do with Microsofts FSX (original flight simulator). When Lockheed Martin took over the development (renamed prepar3d) it cost them a huge amount of money and years to fix the completely f%$ked up codebase!!!
One of the elementary things that is not only staring everyone in the face but also screaming out for a fix is
the inability of the file manager to sort files alphabetically.
FFS please fix this!!!
I think a couple of negative comments here are being a bit harsh...sure have a complain when things that are simple should be easy to fix but are not fixed, but dont trash the panel completely.
Let's face it, when it comes to value for money (in terms of the pro version), I think people are getting a great deal when compared with just about any other panel I can think of.
It's also silly to make any kind of comparison with cpanel. If you would prefer to pay $15 month or more, vs $10 year for CWP, by all means...i won't stand in your way and good luck to you
I think as time goes by, eventually, these guys will build this into a rival to cpanel, Plesk, Virtualmin for sure...but let's be honest about this, one is comparing control panels that have been around for many years and a couple of which have rather large staff numbers...hardly fair comparison!
In finishing up, however, I will concede, there are some rather elementary fixes that this panel desperately needs before they go expanding its horizons. If the basics are not fixed, the expanded version takes that bugs with it. In the end, this becomes a bloody expensive flaming nightmare to fix!
As an example, anyone here every had anything to do with Microsofts FSX (original flight simulator). When Lockheed Martin took over the development (renamed prepar3d) it cost them a huge amount of money and years to fix the completely f%$ked up codebase!!!
One of the elementary things that is not only staring everyone in the face but also screaming out for a fix is
the inability of the file manager to sort files alphabetically.
FFS please fix this!!!
70
Mod_Security / Re: Wordpress does not work after activate the Mod Security
« on: June 25, 2019, 10:37:37 AM »
That's all good and well, however on an already functioning system that was happily singing along, this shouldn't have happened in the first place.
71
Mod_Security / Re: Wordpress does not work after activate the Mod Security
« on: June 25, 2019, 12:37:21 AM »
Also, an update on this...
If one goes CWP dashboard>Security>mod security
click on the domain for which the problem exists and under "Actions" turn off Mod_Security, the problem immediately goes away in Wordpress.
For the time being, until i can find the right set of whitelist rules i need for Comodo WAF...
i am leaving Mod Security turned off for the problematic domain with the problematic wordpress installation, and instead using Wordfence Firewall plugin inside Wordpress itself to control all Firewall and security functions (which is quite powerful and does the trick at the "work face"
If one goes CWP dashboard>Security>mod security
click on the domain for which the problem exists and under "Actions" turn off Mod_Security, the problem immediately goes away in Wordpress.
For the time being, until i can find the right set of whitelist rules i need for Comodo WAF...
i am leaving Mod Security turned off for the problematic domain with the problematic wordpress installation, and instead using Wordfence Firewall plugin inside Wordpress itself to control all Firewall and security functions (which is quite powerful and does the trick at the "work face"
72
Mod_Security / Re: Wordpress does not work after activate the Mod Security
« on: June 24, 2019, 08:47:44 PM »
As thus issue has arisen on a mother thread...I am updating this one as well. I think the link below might help streamline the process of whitelisting mod security rules for wordpress.
https://www.tweaking4all.com/web-development/wordpress/mod_security-fix/
https://www.tweaking4all.com/web-development/wordpress/mod_security-fix/
73
Mod_Security / Re: IS MY SERVER GETTING VIRUS ?
« on: June 24, 2019, 08:43:50 PM »
Is this on cwp free version or pro?
If it's pro with all its built in security apps, how did that someone even get into server in the first place!
If it's pro with all its built in security apps, how did that someone even get into server in the first place!
74
Information / Re: IP Access restriction
« on: June 20, 2019, 09:12:58 PM »
Just buy/rent a static IP address for your home/office internet connection from your internet service provider.
Here in my country it costs me $10/month for one.
Solves the problem.
Here in my country it costs me $10/month for one.
Solves the problem.
75
Information / Re: ssh disable root login
« on: June 14, 2019, 09:43:24 AM »
I may be misunderstanding the question...if so forgive me.
The object of the exercise as far as my limited knowledge of web servers goes is this...
1. having ssh logins for users, in general, is a terrible idea for most web servers. That means, no user should be given ssh login ability unless you are prepared to spend a good deal of time making sure you are both capable and willing to really lock down the web server.
2. If the ssh login is just for a single user, or small group who you have excellent control over, then it's by far one of the most secure forms of communication between yourself and your server!
So the above two scenarios at first glance seem to completely contradict each other, however, that is not exactly a good illustration of the problem. The problem is that one of the most secure forms of communication (ssh) is potentially the most catastrophic to the server should it get hacked! Some of the issues are:
- users being able to see files that dont belong to them
- users potentially running dangerous commands
- ssh can still be brute forced
Whilst all of the above are not beyond fixing, i dont allow any SSH access to my webservers for anyone else but myself. If clients have use of filemanager, or even cms such as wordpress, i dont see any good reason why they need ssh/sftp access (or alternatively, ftp/ftps for that matter).
Now, in terms of root user access from terminal...
the reason we are told to disable "root user" ssh or shell access is
1. just in case the root account gets hacked! Such a scenario would be catastrophic to your web server!
2. so you cant stuff your system so easily when playing around on a live production system!
So the recommended alternative is to create a sudoer user...which has rights similar to root for most things, however, does not have access to high-level directories that can be used to completely destroy the server either intentionally or unintentionally.
sudoer should not be able to edit/write to root owned directories unless group permissions have been assigned that allow such access!
short and curly...create a sudoer administrator user and provide access to ssh for that user. Usually one then disables direct access to ssh by root.
Should you be in command shell via programs such as putty for example, then in order to gain root access, you then elevate your sudo user to temporarily gain root access using a few different methods...
1. sudo
2. sudo -i
3. su
4 sudo -s
I also am able on one of my systems change an existing user to root by typing "su root"
I also do not see any great advantage in using private key files either. Sure it makes brute forcing the server account directly almost impossible, if someone gets access to your keyfiles on your desktop pc (because home computers have such great reputations for getting viruses and trojans etc)....
Finally, i think there is some misconception about the "Control Panel" root user access, and normal shell/command prompt access. Disabling the root user shell access doesnt mean the control panel is going to stop functioning!
this is my understanding of the why and how.
The object of the exercise as far as my limited knowledge of web servers goes is this...
1. having ssh logins for users, in general, is a terrible idea for most web servers. That means, no user should be given ssh login ability unless you are prepared to spend a good deal of time making sure you are both capable and willing to really lock down the web server.
2. If the ssh login is just for a single user, or small group who you have excellent control over, then it's by far one of the most secure forms of communication between yourself and your server!
So the above two scenarios at first glance seem to completely contradict each other, however, that is not exactly a good illustration of the problem. The problem is that one of the most secure forms of communication (ssh) is potentially the most catastrophic to the server should it get hacked! Some of the issues are:
- users being able to see files that dont belong to them
- users potentially running dangerous commands
- ssh can still be brute forced
Whilst all of the above are not beyond fixing, i dont allow any SSH access to my webservers for anyone else but myself. If clients have use of filemanager, or even cms such as wordpress, i dont see any good reason why they need ssh/sftp access (or alternatively, ftp/ftps for that matter).
Now, in terms of root user access from terminal...
the reason we are told to disable "root user" ssh or shell access is
1. just in case the root account gets hacked! Such a scenario would be catastrophic to your web server!
2. so you cant stuff your system so easily when playing around on a live production system!
So the recommended alternative is to create a sudoer user...which has rights similar to root for most things, however, does not have access to high-level directories that can be used to completely destroy the server either intentionally or unintentionally.
sudoer should not be able to edit/write to root owned directories unless group permissions have been assigned that allow such access!
short and curly...create a sudoer administrator user and provide access to ssh for that user. Usually one then disables direct access to ssh by root.
Should you be in command shell via programs such as putty for example, then in order to gain root access, you then elevate your sudo user to temporarily gain root access using a few different methods...
1. sudo
2. sudo -i
3. su
4 sudo -s
I also am able on one of my systems change an existing user to root by typing "su root"
I also do not see any great advantage in using private key files either. Sure it makes brute forcing the server account directly almost impossible, if someone gets access to your keyfiles on your desktop pc (because home computers have such great reputations for getting viruses and trojans etc)....
Finally, i think there is some misconception about the "Control Panel" root user access, and normal shell/command prompt access. Disabling the root user shell access doesnt mean the control panel is going to stop functioning!
this is my understanding of the why and how.
