Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
946
Installation / Reversing el8_stream_convert_to_cwp_stable
« on: June 16, 2021, 12:48:52 AM »
Would like to reverse el8_stream_convert_to_cwp_stable, so then I could reverse back to regular CentOS.
@Sandeep or @Igor
The only other way I see is to do the repos manually, which would be a pain in the butt.
@Sandeep or @Igor
The only other way I see is to do the repos manually, which would be a pain in the butt.
947
CentOS-WebPanel Bugs / Re: Nothing work in /scripts folder
« on: June 13, 2021, 09:44:21 PM »
What version of CentOS are you running?
I am assuming you are logging in as root vis SSH also.
I am assuming you are logging in as root vis SSH also.
948
Information / Re: server ssl doesnt exist
« on: June 13, 2021, 09:41:38 PM »
Hate to ask this simple question, but sometime it's the simple things.
When you access CWP and goto Server Settings -> Change Hostname
It will show:
Your Hostname is: (Hotname) and it resolves to IP: 1.2.3.4 [Check Black List] [Check CWP SSL] [Check WebServers SSL]
rDNS/PTR = (Hostname) SUCCESS [Check SenderBase]
The SUCCESS should be a Green block with White letters.
If it's not, a SSL will not generate for the hostname.
Also Let's Encrypt only allows 3-4 attempts per 24 hours or something like that.
Just my 2 cents.
When you access CWP and goto Server Settings -> Change Hostname
It will show:
Your Hostname is: (Hotname) and it resolves to IP: 1.2.3.4 [Check Black List] [Check CWP SSL] [Check WebServers SSL]
rDNS/PTR = (Hostname) SUCCESS [Check SenderBase]
The SUCCESS should be a Green block with White letters.
If it's not, a SSL will not generate for the hostname.
Also Let's Encrypt only allows 3-4 attempts per 24 hours or something like that.
Just my 2 cents.
949
FTP / Re: How to disable port 21 for plain FTP?
« on: June 13, 2021, 09:35:53 PM »
You can remove ports form csf/lfd, but Whitelisted IP(s) still can access those ports.
e.g. You would remove port 22 for SSH, but your Whitelisted IP will still be able to access it.
I recommend doing this to stop port sniffers and SSH access attempts.
e.g. You would remove port 22 for SSH, but your Whitelisted IP will still be able to access it.
I recommend doing this to stop port sniffers and SSH access attempts.
950
E-Mail / Re: Mail server different as Hostname
« on: May 30, 2021, 02:36:14 AM »@Starburst so if I may, let me understand correctly, because I want to learn this.
CWP7 serverName: server.com
CWP7 user acct: myuser.com
in DNS zone for myuser.com, create an MX record to point to mail.myuser.com
Then create an A record for mail, correct?
Correct
Then when it connects, as long as you checked the box for mail in the SSL certs, it will read that certificate on connection.
951
Information / Re: CentOS has been discontinued, will CWP development still continue?
« on: May 19, 2021, 09:42:05 PM »
Not to mention CWP runs on Cloud Linux, which has version 8.x out.
952
Information / Re: FYI - CWP 0.9.8.1061 & Rocky Linux
« on: May 19, 2021, 09:41:05 PM »looks like you have some issue with the compiler...try to check that as it has probably something missing
Will do.
It is a Release Candidate after all. And not for production use.
953
Information / Re: FYI - CWP 0.9.8.1061 & Rocky Linux
« on: May 19, 2021, 09:27:24 PM »
Upgraded:
libselinux-2.9-4.el8_3.x86_64 libselinux-utils-2.9-4.el8_3.x86_64
python3-libselinux-2.9-4.el8_3.x86_64
Installed:
apr-devel-1.6.2-1.x86_64 apr-util-devel-1.6.0-1.x86_64
expat-devel-2.2.5-4.el8.x86_64 keyutils-libs-devel-1.5.10-6.el8.x86_64
krb5-devel-1.18.2-5.el8.x86_64 libcom_err-devel-1.45.6-1.el8.x86_64
libkadm5-1.18.2-5.el8.x86_64 libselinux-devel-2.9-4.el8_3.x86_64
libsepol-devel-2.9-1.el8.x86_64 libverto-devel-0.3.0-5.el8.x86_64
openssl-devel-1:1.1.1g-15.el8.x86_64 pcre2-devel-10.32-2.el8.x86_64
pcre2-utf16-10.32-2.el8.x86_64 pcre2-utf32-10.32-2.el8.x86_64
zlib-devel-1.2.11-16.2.el8.x86_64
Complete!
checking for chosen layout... Apache
checking for working mkdir -p... yes
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking target system type... x86_64-pc-linux-gnu
configure:
configure: Configuring Apache Portable Runtime library...
configure:
checking for APR... yes
setting CC to "gcc"
setting CPP to "gcc -E"
setting CFLAGS to " -pthread"
setting CPPFLAGS to " -DLINUX -D_REENTRANT -D_GNU_SOURCE"
setting LDFLAGS to " "
configure:
configure: Configuring Apache Portable Runtime Utility library...
configure:
checking for APR-util... yes
checking for gcc... gcc
checking whether the C compiler works... no
Apache Rebuild Completed
Notification added
--
From /usr/local/apache/logs/erro_log
[Wed May 19 17:20:52.836744 2021] [mpm_event:notice] [pid 30989:tid 139976648229440] AH00492: caught SIGWINCH, shutting down gracefully
[Wed May 19 17:20:52.912960 2021] [mpm_event:notice] [pid 36673:tid 140268500484672] AH00489: Apache/2.4.39 (Unix) configured -- resuming normal operations
[Wed May 19 17:20:52.913172 2021] [core:notice] [pid 36673:tid 140268500484672] AH00094: Command line: '/usr/local/apache/bin/httpd'
But still didn't upgrade to 2.4.46
libselinux-2.9-4.el8_3.x86_64 libselinux-utils-2.9-4.el8_3.x86_64
python3-libselinux-2.9-4.el8_3.x86_64
Installed:
apr-devel-1.6.2-1.x86_64 apr-util-devel-1.6.0-1.x86_64
expat-devel-2.2.5-4.el8.x86_64 keyutils-libs-devel-1.5.10-6.el8.x86_64
krb5-devel-1.18.2-5.el8.x86_64 libcom_err-devel-1.45.6-1.el8.x86_64
libkadm5-1.18.2-5.el8.x86_64 libselinux-devel-2.9-4.el8_3.x86_64
libsepol-devel-2.9-1.el8.x86_64 libverto-devel-0.3.0-5.el8.x86_64
openssl-devel-1:1.1.1g-15.el8.x86_64 pcre2-devel-10.32-2.el8.x86_64
pcre2-utf16-10.32-2.el8.x86_64 pcre2-utf32-10.32-2.el8.x86_64
zlib-devel-1.2.11-16.2.el8.x86_64
Complete!
checking for chosen layout... Apache
checking for working mkdir -p... yes
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking target system type... x86_64-pc-linux-gnu
configure:
configure: Configuring Apache Portable Runtime library...
configure:
checking for APR... yes
setting CC to "gcc"
setting CPP to "gcc -E"
setting CFLAGS to " -pthread"
setting CPPFLAGS to " -DLINUX -D_REENTRANT -D_GNU_SOURCE"
setting LDFLAGS to " "
configure:
configure: Configuring Apache Portable Runtime Utility library...
configure:
checking for APR-util... yes
checking for gcc... gcc
checking whether the C compiler works... no
Apache Rebuild Completed
Notification added
--
From /usr/local/apache/logs/erro_log
[Wed May 19 17:20:52.836744 2021] [mpm_event:notice] [pid 30989:tid 139976648229440] AH00492: caught SIGWINCH, shutting down gracefully
[Wed May 19 17:20:52.912960 2021] [mpm_event:notice] [pid 36673:tid 140268500484672] AH00489: Apache/2.4.39 (Unix) configured -- resuming normal operations
[Wed May 19 17:20:52.913172 2021] [core:notice] [pid 36673:tid 140268500484672] AH00094: Command line: '/usr/local/apache/bin/httpd'
But still didn't upgrade to 2.4.46
954
Information / Re: FYI - CWP 0.9.8.1061 & Rocky Linux
« on: May 18, 2021, 08:14:26 PM »Hi, Starburst.
Sounds good!
What error do you have with Apache rebuild?
Clicked on WebServer Settings -> Apache Re-Build
And select Apache 2.4.46 & suPHP 0.7.2
But it stays at the default 2.4.39 even thought it says it completed.
That functionality seems hit & miss. More miss even on CentOS 8.
955
CSF Firewall / Re: Targeted attack on pop3d, SSH, IMAP, PORTS more than 500 IP are blocking a day
« on: May 17, 2021, 09:50:50 PM »We asked CWP support they don't have any resolution for this issue. Even they are promoting for paid support.
We can take paid support from them as the CWP UPDATE LOG and all other things are perfect, but even using this
CWP panel for more than two year did seen any profession with CWP. Current situation is very dangerous but looking
for an solution for this hacking attempt but they are not thinking or considering it.
Yesterday I installed and activated KernelCare by cloudlinux.com but it was also not resolving our issue, finally closed
the pop3d port even stopping the Dovecot IMAP/POP3 Server we though this is good so the users will not face any mail issue
but they are not able to use any desktop email client. After that also getting another type of attack log added below
========== LOG ===============
Firewall message :
172.65.32.248 (US/United States/-) blocked with too many connections
Connections Log:
My server IP and the port they are trying
tcp: 172.65.32.248:443 -> 173.XXX.XXX.X:55368 (TIME_WAIT)
tcp: 172.65.32.248:443 -> 173.XXX.XXX.X:55336 (TIME_WAIT)
tcp: 172.65.32.248:443 -> 173.XXX.XXX.X:55362 (TIME_WAIT)
tcp: 172.65.32.248:443 -> 173.XXX.XXX.X:55330 (TIME_WAIT)
tcp: 172.65.32.248:443 -> 173.XXX.XXX.X:55350 (TIME_WAIT)
tcp: 172.65.32.248:443 -> 173.XXX.XXX.X:55352 (TIME_WAIT)
tcp: 172.65.32.248:443 -> 173.XXX.XXX.X:55334 (TIME_WAIT)
tcp: 172.65.32.248:443 -> 173.XXX.XXX.X:55346 (TIME_WAIT)
tcp: 172.65.32.248:443 -> 173.XXX.XXX.X:55354 (TIME_WAIT)
tcp: 172.65.32.248:443 -> 173.XXX.XXX.X:55370 (TIME_WAIT)
tcp: 172.65.32.248:443 -> 173.XXX.XXX.X:55372 (TIME_WAIT)
tcp: 172.65.32.248:443 -> 173.XXX.XXX.X:55412 (ESTABLISHED)
tcp: 172.65.32.248:443 -> 173.XXX.XXX.X:55374 (TIME_WAIT)
tcp: 172.65.32.248:443 -> 173.XXX.XXX.X:55398 (TIME_WAIT)
tcp: 172.65.32.248:443 -> 173.XXX.XXX.X:55358 (TIME_WAIT)
tcp: 172.65.32.248:443 -> 173.XXX.XXX.X:55356 (TIME_WAIT)
tcp: 172.65.32.248:443 -> 173.XXX.XXX.X:55338 (TIME_WAIT)
CSF Should be blocking that IP 172.65.32.248. Check it to make sure you see that entry.
If not create a blacklisted entry for 172.65.32.248 or 172.65.32.0/24
956
CSF Firewall / Re: Targeted attack on pop3d, SSH, IMAP, PORTS more than 500 IP are blocking a day
« on: May 16, 2021, 05:55:09 PM »
Go into your CSF Main Config file: /etc/csf/csf.conf
You can access this also under Firewall Manager -> Configuration -> Main Configuration
1. Search for tcp_in
2. Remove the SSH Port 22 and the customer one if you have setup (You need to have your IP address in the Whitelist so you still can connect via SSH)
3. Search for cc_deny
4. By default no Country Codes are blocked, so you will only see - CC_DENY = ""
5. Enter the 2 Digit Country Codes you want to block between the quotation marks from CSF.
6. Click on "Save Changes"
7. Back under Firewall Manager, select Restart -> Force restart all
Now CSF will block and drop any access coming from those countries.
The other way would be to goto arin.net, lookup the upstream IP block, and block that.
But that only works if the attackers are coming rom 1 specific IP group.
# 1 & 2 should always be done, unless you allow user shell access for some reason.
You can access this also under Firewall Manager -> Configuration -> Main Configuration
1. Search for tcp_in
2. Remove the SSH Port 22 and the customer one if you have setup (You need to have your IP address in the Whitelist so you still can connect via SSH)
3. Search for cc_deny
4. By default no Country Codes are blocked, so you will only see - CC_DENY = ""
5. Enter the 2 Digit Country Codes you want to block between the quotation marks from CSF.
6. Click on "Save Changes"
7. Back under Firewall Manager, select Restart -> Force restart all
Now CSF will block and drop any access coming from those countries.
The other way would be to goto arin.net, lookup the upstream IP block, and block that.
But that only works if the attackers are coming rom 1 specific IP group.
# 1 & 2 should always be done, unless you allow user shell access for some reason.
957
CentOS-WebPanel Bugs / Re: Apache Re-Build broken. Again.
« on: May 14, 2021, 06:23:07 AM »You cannot build/re-build anything that has to be downloaded from dl1.centos-webpanel.com, it seems that the host has some network problems. Watching the logs, it can be seen that the server tries to download the packages, but the connection resets almost every time. After 5 failed requests, the log says: Cannot download, giving up, continue with the build.
The build fails because of this, but the return message is : Build complete.
I think this is not a dinamically message, because it will say that the build is complete even if there are a lot of errors.
Then CWP needs to either change the script in CWP or fix the server.
Either way it's not working, and needs to be resolved.
958
Information / FYI - CWP 0.9.8.1061 & Rocky Linux
« on: May 13, 2021, 04:42:18 PM »
Just a quick FYI. Not sure if anyone cares or not.
We (Starburst, NOT CWP) installed CWP 0.9.8.1061 on Rocky Linux RC1 yesterday on a test box.
Everything went well and worked. Well, Apache Rebuild still isn't working. (But that's on CentOS also :/)
We also where able to update the Kernel, MariaDB and Dovecot from their respective CentOS 8 repos.
Rocky Linux is also working on an upgrade like RedHat did from CentOS to CentOS Stream.
So you can switch from CentOS 8/CentOS Stream to Rocky Linux.
Which also hopefully means in the future the version will be upgradable, since this is how Debian does their upgrades,
We (Starburst, NOT CWP) installed CWP 0.9.8.1061 on Rocky Linux RC1 yesterday on a test box.
Everything went well and worked. Well, Apache Rebuild still isn't working. (But that's on CentOS also :/)
We also where able to update the Kernel, MariaDB and Dovecot from their respective CentOS 8 repos.
Rocky Linux is also working on an upgrade like RedHat did from CentOS to CentOS Stream.
So you can switch from CentOS 8/CentOS Stream to Rocky Linux.
Which also hopefully means in the future the version will be upgradable, since this is how Debian does their upgrades,
959
CentOS-WebPanel Bugs / Re: Apache Re-Build broken. Again.
« on: May 12, 2021, 07:24:25 PM »
Brand new fresh install with 0.9.8.1061
And yup, Apache isn't rebuilding, Again, even thought it says it's been completed.
And yup, Apache isn't rebuilding, Again, even thought it says it's been completed.
960
SSL / Re: SSL: 2nd user
« on: May 02, 2021, 01:43:20 AM »
Hostname should be only as a subdomain, like: srv1.mydomain.com, please don't use cloudflare protection with hostname as this will cause you issues.
If you are using a VPS with OpenVZ/Virtuozzo/Lxc containers then you should also update hostname within the VPS panel.
Hostname change will also generate a new Hostname autoSSL Certificate.
Certificate Path: /etc/pki/tls/certs/hostname.bundle
Key Path: /etc/pki/tls/private/hostname.key
Pure-FTPd PEM: /etc/pki/tls/private/hostname.pem
Your Hostname is: domainname and it resolves to IP: (IP) [Check Black List] [Check CWP SSL] [Check WebServers SSL]
rDNS/PTR = domainname SUCCESS [Check SenderBase]
rDNS/PTR check for IP (IP) = domainname
Those are checks that are done when changing the hostname.
If they fail, problems could occur.
Also see the CWP note about cloudfare.
If you are using a VPS with OpenVZ/Virtuozzo/Lxc containers then you should also update hostname within the VPS panel.
Hostname change will also generate a new Hostname autoSSL Certificate.
Certificate Path: /etc/pki/tls/certs/hostname.bundle
Key Path: /etc/pki/tls/private/hostname.key
Pure-FTPd PEM: /etc/pki/tls/private/hostname.pem
Your Hostname is: domainname and it resolves to IP: (IP) [Check Black List] [Check CWP SSL] [Check WebServers SSL]
rDNS/PTR = domainname SUCCESS [Check SenderBase]
rDNS/PTR check for IP (IP) = domainname
Those are checks that are done when changing the hostname.
If they fail, problems could occur.
Also see the CWP note about cloudfare.
