Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - overseer

Pages: [1] 2 3 ... 100
1
The error appears to be on the legacy CentOS 7 end; no problems on the AlmaLinux 8 end. The 35 in the SSL connect error was a good clue:
Code: [Select]
[root@srv]# /usr/local/cwpsrv/htdocs/resources/scripts/check_api
User API port 2302 check: OK
Oauth query check: OK
User API folder check: OK
External API port 2304 check: OK
curl: (35) SSL received a record that exceeded the maximum permissible length.
External API files and htaccess : OK
CSF Firewall status check: DISABLED
And testing curl directly:
Code: [Select]
[root@srv]# curl -v https://127.0.0.1:2304/v1/testapi/
* About to connect() to 127.0.0.1 port 2304 (#0)
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 port 2304 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS error -12263 (SSL_ERROR_RX_RECORD_TOO_LONG)
* SSL received a record that exceeded the maximum permissible length.
* Closing connection 0
curl: (35) SSL received a record that exceeded the maximum permissible length.

2
Actually, it looks to be a Thai porno/romance portal -- the PayPal payment script is probably to reel in payments.
https://www.nongwangkudrung.go.th/video/
(not going to make this a clickable link)

3
I'm encountering an error while trying to perform a CWP -> CWP Migration -- SSL connect error.
(Funny, another CWP Migration just went fine on another system, no issues. But there were some oddities on this new system, such as SELinux being enabled by default, where it wasn't on the other one that worked fine. But SELinux is disabled now, so it shouldn't be a factor...) Firewalls down on both system, SSH test connections work in both directions. Stumped at the moment...
Code: [Select]
2025-07-07 17:59:23 export SSHPASS=************; /usr/bin/sshpass -e /usr/bin/ssh -p2222 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet  root@1.1.1.1
2025-07-07 17:59:23 test -d /usr/local/cwp/ && echo 'true' || echo 'false'
2025-07-07 17:59:23 true

2025-07-07 17:59:24 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
(if you think this is a mistake, you may want to use -f option)


2025-07-07 17:59:24 export SSHPASS=**********;/usr/bin/sshpass -e ssh-copy-id "-p 2222" root@1.1.1.1 -o StrictHostKeyChecking=no 2>&1
2025-07-07 17:59:24 /usr/bin/ssh -p 222 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet root@162.221.89.153 test -d /usr/local/cwp/ && echo 'true' || echo 'false' 2>&1
2025-07-07 17:59:24 true

2025-07-07 17:59:24 0
2025-07-07 17:59:24 35 - SSL connect error
2025-07-07 17:59:24

4
Are you running malware detection scans on your system?

https://basaranturizm.com indeed serves up examples of these trojan files -- oddly that's all the domain serves and it allows file listing, so something is not normal about it. Looks to be PayPal scam related. Perhaps it is even a source domain for the files to be retrieved from. I located some of those files on a backup of a CentOS 7 system VM running Apache. One CentOS 7 system I have in legacy mode is clean -- but it runs Nginx, not Apache. Two newer AlmaLinux servers I have are clean. So my suspicion is that there is a weakness in the default Apache config on CWP or a problem with CentOS 7 systems -- all the more reason to get off of EL7 and get to an EL8 or EL9 foundation.

5
I don't care for AlmaLinux's choice to give a separate LV to /home -- and it surprised me the first time I installed it. Usually on a CWP system, the big culprits are /var/vmail /home and /backup. On many of my systems, users packrat mail and so often times the mail folder is 2:1 to their home dir! So I need the full space available on the root filesystem (also to accommodate the growing backups).

Basic procedure is to to move contents of /home to a temporary location (even /home2 if you like). Edit / etc /fstab and comment out the /home line. Reboot.
Code: [Select]
lvextend -l +100%FREE /dev/mapper/almalinux-root
xfs_growfs  /dev/mapper/almalinux-root
mv /home2/* /home

6
Apache / Re: WARNING! You are not running CWP Apache
« on: July 06, 2025, 01:02:00 PM »
Be aware of what you installing/updating. What OS are you running?

7
Mod_Security / Re: OWASP CRS v4.15.0 Just Release
« on: July 05, 2025, 04:21:46 AM »
In order to support an e-commerce site and a service industry site, here's a couple more rules I had to add to the WordPress section of the disabled rules files:
/usr/local/apache/modsecurity-owasp-old/global_disabled_rules.conf
Code: [Select]
SecRuleRemoveById 981172
SecRuleRemoveById 981319

8
Installation / Re: I don't receive a single message from root..??
« on: July 05, 2025, 04:13:53 AM »
CWP put the line in main.cf under #network settings, when it builds/re-builds the mail server.
Checked all of our servers, and it says "mydestination = $myhostname = name.hostname.com'

Not sure why CWP does that, as it's redundant, and just replaces $myhostname on that line.
Wow, on a new Alma install using CWP's re-build mail server function, it must've buggered up the mydestination BAD with the duplicative line. So another postfix instance rejected it. Study the 5.5.2 Helo rejection:
Code: [Select]
<overseer@domain.net>: host mail.domain.com[111.111.111.111] said: 501
    5.5.2 <srv1.domain.net?=?srv1.domain.net>: Helo command
    rejected: Invalid name (in reply to RCPT TO command)
Hard setting it to mydestination = srv1.domain.net was far more acceptable to the other postfix server!

9
And you applied Sandeep's fix on that system?
Code: [Select]
dnf update ca-certificates -y
rpm -ivh https://github.com/mysterydata/md-disk/raw/main/libicu69-69.1-4.el8.x86_64.rpm
curl -s -L https://www.alphagnu.com/upload/tmp/el8/cwp_rc_fix_el8.sh | bash

10
How to / Re: [Tutorial] How to Change the IP Address of Server?
« on: July 05, 2025, 12:41:41 AM »
First go to CWP Settings > Edit settings and change the IP address to your new address. Tick the box for Rebuild vHosts.

Go to phpMyAdmin. Choose root > root_cwp database. Go under Search > Find & Replace. In the "Find:" field, put your old IP address. In the "Replace with:" field, put your new IP address. Under "Column" choose "ip_address". Click Go and it will be changed for you.

Also verify the new IP address is in /usr/local/apache/conf/sharedip.conf

Reboot.

12
Installation / Re: I don't receive a single message from root..??
« on: July 03, 2025, 05:30:42 PM »
You are specifying your server's hostname to announce it in the HELO exchange when it is talking to other mail servers. As you could see by my code block above, I (and many other mail admins) reject mail from servers that don't have their HELO hostname set (as many spammers don't use proper protocol and give proper HELO greetings. So for best mail delivery results and to avoid bounced mails, you should set your helo hostname as Starburst recommended.

13
CSF Firewall / Re: Possible fix to why CSF/LFD isn't installing.
« on: July 02, 2025, 04:30:39 PM »
Can't find perl-Sys-Hostname in the repo...
And I always add whowatch as an indispensable add-on to any system I give out shell access to (which is rare, but does happen).

14
Other / Re: Support not enable my service
« on: July 01, 2025, 11:53:42 PM »
Contact Starburst here. He is a reseller for CWP and can temporarily activate CWP Pro for you while you wait for a response. Send him your IP address list. Did you pay via PayPal or another method? I've never had any problems with PayPal with CWP.

15
In /usr/local/cwp/php71/php.ini, is the intl extension commented out?
Code: [Select]
;extension=intlUncomment, and/or set a hardcoded path
Code: [Select]
extension=
/usr/local/cwp/php71/lib/php/extensions/no-debug-non-zts-20170718/intl.so

Pages: [1] 2 3 ... 100