Recent Posts

Pages: [1] 2 3 ... 10

CSF Firewall / Re: 100's of suspicious emails an hour

« Last post by overseer on Today at 09:18:31 PM »

Are you on AlmaLinux 8 or 9? If AlmaLinux 8, you could install cgroups for resource limits.

CSF Firewall / 100's of suspicious emails an hour

« Last post by DragoCom on Today at 05:27:48 PM »

I am getting these by the 100's every hour for user account names and amavis, what can I do to fix this?

Time: Sun Nov 16 18:18:29 2025 +0100
PID: 1928822 (Parent PID:1928752)
Account: amavis
Uptime: 5425 seconds

Executable:

/usr/bin/perl

Command Line (often faked in exploits):

/usr/sbin/amavisd (ch1-avail)

Network connections by the process (if any):

tcp: 127.0.0.1:39922 -> 127.0.0.1:10025

Files open by the process (if any):

/dev/null
/dev/null
/dev/null
/usr/sbin/amavisd
/usr/share/perl5/vendor_perl/Amavis/SpamControl.pm
/run/amavisd/amavisd.lock
/dev/null
/var/spool/amavisd/db/__db.001
/var/spool/amavisd/db/__db.001
/var/spool/amavisd/db/__db.002
/var/spool/amavisd/db/__db.003
/var/spool/amavisd/db/snmp.db
/var/spool/amavisd/db/nanny.db
/var/spool/amavisd/tmp/amavis-20251116T180849-1928822-zLPqELXV/email.txt

Memory maps by the process (if any):

55cf62db6000-55cf62db8000 r-xp 00000000 08:04 101399 /usr/bin/perl
55cf62fb7000-55cf62fb8000 r--p 00001000 08:04 101399 /usr/bin/perl
55cf62fb8000-55cf62fb9000 rw-p 00002000 08:04 101399 /usr/bin/perl
55cf63810000-55cf691fe000 rw-p 00000000 00:00 0 [heap]
55cf691fe000-55cf6c178000 rw-p 00000000 00:00 0 [heap]
55cf6c178000-55cf6c808000 rw-p 00000000 00:00 0 [heap]
7f1d80ee5000-7f1d80f27000 rw-s 00000000 08:04 5209326978 /var/spool/amavisd/db/__db.003
7f1d80f27000-7f1d8101b000 rw-s 00000000 08:04 5209326976 /var/spool/amavisd/db/__db.001
7f1d8101b000-7f1d81020000 r-xp 00000000 08:04 8388779 /usr/lib64/libnss_dns-2.28.so
7f1d81020000-7f1d81220000 ---p 00005000 08:04 8388779 /usr/lib64/libnss_dns-2.28.so
7f1d81220000-7f1d81221000 r--p 00005000 08:04 8388779 /usr/lib64/libnss_dns-2.28.so
7f1d81221000-7f1d81222000 rw-p 00006000 08:04 8388779 /usr/lib64/libnss_dns-2.28.so
7f1d81222000-7f1d812d6000 rw-p 00000000 00:00 0
7f1d812d6000-7f1d81357000 rw-p 00000000 00:00 0
7f1d81357000-7f1d81361000 r-xp 00000000 08:04 8412173 /usr/lib64/libnss_sss.so.2
7f1d81361000-7f1d81560000 ---p 0000a000 08:04 8412173 /usr/lib64/libnss_sss.so.2
7f1d81560000-7f1d81561000 r--p 00009000 08:04 8412173 /usr/lib64/libnss_sss.so.2
7f1d81561000-7f1d81562000 rw-p 0000a000 08:04 8412173 /usr/lib64/libnss_sss.so.2
7f1d81562000-7f1d81566000 r-xp 00000000 08:04 4127195311 /usr/lib64/perl5/vendor_perl/auto/Razor2/Preproc/deHTMLxs/deHTMLxs.so
7f1d81566000-7f1d81765000 ---p 00004000 08:04 4127195311 /usr/lib64/perl5/vendor_perl/auto/Razor2/Preproc/deHTMLxs/deHTMLxs.so
7f1d81765000-7f1d81766000 r--p 00003000 08:04 4127195311 /usr/lib64/perl5/vendor_perl/auto/Razor2/Preproc/deHTMLxs/deHTMLxs.so
7f1d81766000-7f1d81767000 rw-p 00004000 08:04 4127195311 /usr/lib64/perl5/vendor_perl/auto/Razor2/Preproc/deHTMLxs/deHTMLxs.so
7f1d81767000-7f1d8176b000 r-xp 00000000 08:04 2491416802 /usr/lib64/perl5/vendor_perl/auto/Sys/Syslog/Syslog.so
7f1d8176b000-7f1d8196a000 ---p 00004000 08:04 2491416802 /usr/lib64/perl5/vendor_perl/auto/Sys/Syslog/Syslog.so
7f1d8196a000-7f1d8196b000 r--p 00003000 08:04 2491416802 /usr/lib64/perl5/vendor_perl/auto/Sys/Syslog/Syslog.so
7f1d8196b000-7f1d8196c000 rw-p 00000000 00:00 0
7f1d8196c000-7f1d81971000 r-xp 00000000 08:04 276824199 /usr/lib64/perl5/vendor_perl/auto/Term/ReadKey/ReadKey.so
7f1d81971000-7f1d81b70000 ---p 00005000 08:04 276824199 /usr/lib64/perl5/vendor_perl/auto/Term/ReadKey/ReadKey.so
7f1d81b70000-7f1d81b71000 r--p 00004000 08:04 276824199 /usr/lib64/perl5/vendor_perl/auto/Term/ReadKey/ReadKey.so
7f1d81b71000-7f1d81b72000 rw-p 00000000 00:00 0
7f1d81b72000-7f1d81b78000 r-xp 00000000 08:04 2415919316 /usr/lib64/perl5/vendor_perl/auto/version/vxs/vxs.so
7f1d81b78000-7f1d81d78000 ---p 00006000 08:04 2415919316 /usr/lib64/perl5/vendor_perl/auto/version/vxs/vxs.so
7f1d81d78000-7f1d81d79000 r--p 00006000 08:04 2415919316 /usr/lib64/perl5/vendor_perl/auto/version/vxs/vxs.so
7f1d81d79000-7f1d81d7a000 rw-p 00000000 00:00 0
7f1d81d7a000-7f1d81d85000 r-xp 00000000 08:04 4546625987 /usr/lib64/perl5/vendor_perl/auto/DB_File/DB_File.so
7f1d81d85000-7f1d81f85000 ---p 0000b000 08:04 4546625987 /usr/lib64/perl5/vendor_perl/auto/DB_File/DB_File.so
7f1d81f85000-7f1d81f86000 r--p 0000b000 08:04 4546625987 /usr/lib64/perl5/vendor_perl/auto/DB_File/DB_File.so
7f1d81f86000-7f1d81f87000 rw-p 0000c000 08:04 4546625987 /usr/lib64/perl5/vendor_perl/auto/DB_File/DB_File.so
7f1d81f87000-7f1d8214a000 r-xp 00000000 08:04 1409286347 /usr/lib64/perl5/vendor_perl/auto/Encode/JP/JP.so
7f1d8214a000-7f1d8234a000 ---p 001c3000 08:04 1409286347 /usr/lib64/perl5/vendor_perl/auto/Encode/JP/JP.so
7f1d8234a000-7f1d82425000 r--p 001c3000 08:04 1409286347 /usr/lib64/perl5/vendor_perl/auto/Encode/JP/JP.so
7f1d82425000-7f1d82426000 rw-p 00000000 00:00 0
7f1d82426000-7f1d825b1000 r-xp 00000000 08:04 1417674952 /usr/lib64/perl5/vendor_perl/auto/Encode/KR/KR.so
7f1d825b1000-7f1d827b1000 ---p 0018b000 08:04 1417674952 /usr/lib64/perl5/vendor_perl/auto/Encode/KR/KR.so
7f1d827b1000-7f1d82872000 r--p 0018b000 08:04 1417674952 /usr/lib64/perl5/vendor_perl/auto/Encode/KR/KR.so
7f1d82872000-7f1d82873000 rw-p 00000000 00:00 0
7f1d82873000-7f1d829c6000 r-xp 00000000 08:04 1434452186 /usr/lib64/perl5/vendor_perl/auto/Encode/TW/TW.so
7f1d829c6000-7f1d82bc5000 ---p 00153000 08:04 1434452186 /usr/lib64/perl5/vendor_perl/auto/Encode/TW/TW.so
7f1d82bc5000-7f1d82c60000 r--p 00152000 08:04 1434452186 /usr/lib64/perl5/vendor_perl/auto/Encode/TW/TW.so
7f1d82c60000-7f1d82c61000 rw-p 00000000 00:00 0
7f1d82c61000-7f1d82dbd000 r-xp 00000000 08:04 1392509130 /usr/lib64/perl5/vendor_perl/auto/Encode/CN/CN.so
7f1d82dbd000-7f1d82fbc000 ---p 0015c000 08:04 1392509130 /usr/lib64/perl5/vendor_perl/auto/Encode/CN/CN.so
7f1d82fbc000-7f1d8305f000 r--p 0015b000 08:04 1392509130 /usr/lib64/perl5/vendor_perl/auto/Encode/CN/CN.so
7f1d8305f000-7f1d83060000 rw-p 00000000 00:00 0
7f1d83060000-7f1d83064000 r-xp 00000000 08:04 1442840779 /usr/lib64/perl5/vendor_perl/auto/Encode/Unicode/Unicode.so
7f1d83064000-7f1d83263000 ---p 00004000 08:04 1442840779 /usr/lib64/perl5/vendor_perl/auto/Encode/Unicode/Unicode.so
7f1d83263000-7f1d83264000 r--p 00003000 08:04 1442840779 /usr/lib64/perl5/vendor_perl/auto/Encode/Unicode/Unicode.so
7f1d83264000-7f1d83265000 rw-p 00000000 00:00 0
7f1d83265000-7f1d8329e000 r-xp 00000000 08:04 1384120522 /usr/lib64/perl5/vendor_perl/auto/Encode/Byte/Byte.so
7f1d8329e000-7f1d8349d000 ---p 00039000 08:04 1384120522 /usr/lib64/perl5/vendor_perl/auto/Encode/Byte/Byte.so
7f1d8349d000-7f1d834be000 r--p 00038000 08:04 1384120522 /usr/lib64/perl5/vendor_perl/auto/Encode/Byte/Byte.so
7f1d834be000-7f1d834bf000 rw-p 00000000 00:00 0
7f1d834bf000-7f1d834c8000 r-xp 00000000 08:04 721420418 /usr/lib64/perl5/vendor_perl/auto/Data/Dumper/Dumper.so
7f1d834c8000-7f1d836c7000 ---p 00009000 08:04 721420418 /usr/lib64/perl5/vendor_perl/auto/Data/Dumper/Dumper.so
7f1d836c7000-7f1d836c8000 r--p 00008000 08:04 721420418 /usr/lib64/perl5/vendor_perl/auto/Data/Dumper/Dumper.so
7f1d836c8000-7f1d836c9000 rw-p 00000000 00:00 0
7f1d836c9000-7f1d83bbe000 r--p 00000000 08:04 466689 /usr/share/misc/magic.mgc
7f1d83bbe000-7f1d83be3000 r-xp 00000000 08:04 8393601 /usr/lib64/libmagic.so.1.0.0
7f1d83be3000-7f1d83de2000 ---p 00025000 08:04 8393601 /usr/lib64/libmagic.so.1.0.0
7f1d83de2000-7f1d83de4000 r--p 00024000 08:04 8393601 /usr/lib64/libmagic.so.1.0.0
7f1d83de4000-7f1d83de5000 rw-p 00026000 08:04 8393601 /usr/lib64/libmagic.so.1.0.0
7f1d83de5000-7f1d83dea000 r-xp 00000000 08:04 4085254419 /usr/lib64/perl5/vendor_perl/auto/File/LibMagic/LibMagic.so
7f1d83dea000-7f1d83fe9000 ---p 00005000 08:04 4085254419 /usr/lib64/perl5/vendor_perl/auto/File/LibMagic/LibMagic.so
7f1d83fe9000-7f1d83fea000 r--p 00004000 08:04 4085254419 /usr/lib64/perl5/vendor_perl/auto/File/LibMagic/LibMagic.so
7f1d83fea000-7f1d83feb000 rw-p 00000000 00:00 0
7f1d83feb000-7f1d84002000 r-xp 00000000 08:04 8413536 /usr/lib64/libgcc_s-8-20210514.so.1
7f1d84002000-7f1d84201000 ---p 00017000 08:04 8413536 /usr/lib64/libgcc_s-8-20210514.so.1
7f1d84201000-7f1d84202000 r--p 00016000 08:04 8413536 /usr/lib64/libgcc_s-8-20210514.so.1
7f1d84202000-7f1d84203000 rw-p 00017000 08:04 8413536 /usr/lib64/libgcc_s-8-20210514.so.1
7f1d84203000-7f1d84389000 r-xp 00000000 08:04 8393267 /usr/lib64/libstdc++.so.6.0.25
7f1d84389000-7f1d84588000 ---p 00186000 08:04 8393267 /usr/lib64/libstdc++.so.6.0.25
7f1d84588000-7f1d84594000 r--p 00185000 08:04 8393267 /usr/lib64/libstdc++.so.6.0.25
7f1d84594000-7f1d84595000 rw-p 00191000 08:04 8393267 /usr/lib64/libstdc++.so.6.0.25
7f1d84595000-7f1d84598000 rw-p 00000000 00:00 0
7f1d84598000-7f1d845b2000 r-xp 00000000 08:04 4529887828 /usr/lib64/perl5/vendor_perl/auto/Encode/Detect/Detector/Detector.so
7f1d845b2000-7f1d847b2000 ---p 0001a000 08:04 4529887828 /usr/lib64/perl5/vendor_perl/auto/Encode/Detect/Detector/Detector.so
7f1d847b2000-7f1d847b3000 r--p 0001a000 08:04 4529887828 /usr/lib64/perl5/vendor_perl/auto/Encode/Detect/Detector/Detector.so
7f1d847b3000-7f1d847bd000 rw-p 0001b000 08:04 4529887828 /usr/lib64/perl5/vendor_perl/auto/Encode/Detect/Detector/Detector.so
7f1d847bd000-7f1d847c9000 r-xp 00000000 08:04 738197641 /usr/lib64/perl5/vendor_perl/auto/HTML/Parser/Parser.so
7f1d847c9000-7f1d849c8000 ---p 0000c000 08:04 738197641 /usr/lib64/perl5/vendor_perl/auto/HTML/Parser/Parser.so
7f1d849c8000-7f1d849c9000 r--p 0000b000 08:04 738197641 /usr/lib64/perl5/vendor_perl/auto/HTML/Parser/Parser.so
7f1d849c9000-7f1d849ca000 rw-p 00000000 00:00 0
7f1d849ca000-7f1d849cb000 r-xp 00000000 08:04 2634023109 /usr/lib64/perl5/auto/Sys/Hostname/Hostname.so
7f1d849cb000-7f1d84bca000 ---p 00001000 08:04 2634023109 /usr/lib64/perl5/auto/Sys/Hostname/Hostname.so
7f1d84bca000-7f1d84bcb000 r--p 00000000 08:04 2634023109 /usr/lib64/perl5/auto/Sys/Hostname/Hostname.so
7f1d84bcb000-7f1d84bcc000 rw-p 00000000 00:00 0
7f1d84bcc000-7f1d84bd1000 r-xp 00000000 08:04 3909091518 /usr/lib64/perl5/vendor_perl/auto/NetAddr/IP/Util/Util.so
7f1d84bd1000-7f1d84dd0000 ---p 00005000 08:04 3909091518 /usr/lib64/perl5/vendor_perl/auto/NetAddr/IP/Util/Util.so
7f1d84dd0000-7f1d84dd1000 r--p 00004000 08:04 3909091518 /usr/lib64/perl5/vendor_perl/auto/NetAddr/IP/Util/Util.so
7f1d84dd1000-7f1d84dd2000 rw-p 00005000 08:04 3909091518 /usr/lib64/perl5/vendor_perl/auto/NetAddr/IP/Util/Util.so
7f1d84dd2000-7f1d84e64000 r-xp 00000000 08:04 981467266 /usr/lib64/perl5/vendor_perl/auto/Net/SSLeay/SSLeay.so
7f1d84e64000-7f1d85064000 ---p 00092000 08:04 981467266 /usr/lib64/perl5/vendor_perl/auto/Net/SSLeay/SSLeay.so
7f1d85064000-7f1d85066000 r--p 00092000 08:04 981467266 /usr/lib64/perl5/vendor_perl/auto/Net/SSLeay/SSLeay.so
7f1d85066000-7f1d85067000 rw-p 00094000 08:04 981467266 /usr/lib64/perl5/vendor_perl/auto/Net/SSLeay/SSLeay.so
7f1d85067000-7f1d8506c000 r-xp 00000000 08:04 3850372197 /usr/lib64/perl5/vendor_perl/auto/Socket6/Socket6.so
7f1d8506c000-7f1d8526c000 ---p 00005000 08:04 3850372197 /usr/lib64/perl5/vendor_perl/auto/Socket6/Socket6.so
7f1d8526c000-7f1d8526d000 r--p 00005000 08:04 3850372197 /usr/lib64/perl5/vendor_perl/auto/Socket6/Socket6.so
7f1d8526d000-7f1d8526e000 rw-p 00000000 00:00 0
7f1d8526e000-7f1d852f5000 r-xp 00000000 08:04 8787568 /usr/lib64/libssl.so.1.1.1k
7f1d852f5000-7f1d854f5000 ---p 00087000 08:04 8787568 /usr/lib64/libssl.so.1.1.1k
7f1d854f5000-7f1d854fe000 r--p 00087000 08:04 8787568 /usr/lib64/libssl.so.1.1.1k
7f1d854fe000-7f1d85502000 rw-p 00090000 08:04 8787568 /usr/lib64/libssl.so.1.1.1k
7f1d85502000-7f1d85503000 rw-p 00000000 00:00 0
7f1d85503000-7f1d8550c000 r-xp 00000000 08:04 4697621320 /usr/lib64/perl5/vendor_perl/auto/Crypt/OpenSSL/RSA/RSA.so
7f1d8550c000-7f1d8570b000 ---p 00009000 08:04 4697621320 /usr/lib64/perl5/vendor_perl/auto/Crypt/OpenSSL/RSA/RSA.so
7f1d8570b000-7f1d8570c000 r--p 00008000 08:04 4697621320 /usr/lib64/perl5/vendor_perl/auto/Crypt/OpenSSL/RSA/RSA.so
7f1d8570c000-7f1d8570d000 rw-p 00000000 00:00 0
7f1d8570d000-7f1d85718000 r-xp 00000000 08:04 4672454816 /usr/lib64/perl5/vendor_perl/auto/Crypt/OpenSSL/Bignum/Bignum.so
7f1d85718000-7f1d85917000 ---p 0000b000 08:04 4672454816 /usr/lib64/perl5/vendor_perl/auto/Crypt/OpenSSL/Bignum/Bignum.so
7f1d85917000-7f1d85918000 r--p 0000a000 08:04 4672454816 /usr/lib64/perl5/vendor_perl/auto/Crypt/OpenSSL/Bignum/Bignum.so
7f1d85918000-7f1d85919000 rw-p 00000000 00:00 0
7f1d85919000-7f1d85bcf000 r-xp 00000000 08:04 8393662 /usr/lib64/libcrypto.so.1.1.1k
7f1d85bcf000-7f1d85dcf000 ---p 002b6000 08:04 8393662 /usr/lib64/libcrypto.so.1.1.1k
7f1d85dcf000-7f1d85dfb000 r--p 002b6000 08:04 8393662 /usr/lib64/libcrypto.so.1.1.1k
7f1d85dfb000-7f1d85dff000 rw-p 002e2000 08:04 8393662 /usr/lib64/libcrypto.so.1.1.1k
7f1d85dff000-7f1d85e04000 rw-p 00000000 00:00 0
7f1d85e04000-7f1d85fbe000 r-xp 00000000 08:04 8996506 /usr/lib64/libdb-5.3.so
7f1d85fbe000-7f1d861bd000 ---p 001ba000 08:04 8996506 /usr/lib64/libdb-5.3.so
7f1d861bd000-7f1d861c7000 r--p 001b9000 08:04 8996506 /usr/lib64/libdb-5.3.so
7f1d861c7000-7f1d861c8000 rw-p 001c3000 08:04 8996506 /usr/lib64/libdb-5.3.so
7f1d861c8000-7f1d861fe000 r-xp 00000000 08:04 3833594039 /usr/lib64/perl5/vendor_perl/auto/BerkeleyDB/BerkeleyDB.so
7f1d861fe000-7f1d863fd000 ---p 00036000 08:04 3833594039 /usr/lib64/perl5/vendor_perl/auto/BerkeleyDB/BerkeleyDB.so
7f1d863fd000-7f1d863fe000 r--p 00035000 08:04 3833594039 /usr/lib64/perl5/vendor_perl/auto/BerkeleyDB/BerkeleyDB.so
7f1d863fe000-7f1d863ff000 rw-p 00036000 08:04 3833594039 /usr/lib64/perl5/vendor_perl/auto/BerkeleyDB/BerkeleyDB.so
7f1d863ff000-7f1d86405000 r-xp 00000000 08:04 2583691462 /usr/lib64/perl5/auto/PerlIO/encoding/encoding.so
7f1d86405000-7f1d86604000 ---p 00006000 08:04 2583691462 /usr/lib64/perl5/auto/PerlIO/encoding/encoding.so
7f1d86604000-7f1d86605000 r--p 00005000 08:04 2583691462 /usr/lib64/perl5/auto/PerlIO/encoding/encoding.so
7f1d86605000-7f1d86606000 rw-p 00000000 00:00 0
7f1d86606000-7f1d86608000 r-xp 00000000 08:04 2659188933 /usr/lib64/perl5/auto/Tie/Hash/NamedCapture/NamedCapture.so
7f1d86608000-7f1d86808000 ---p 00002000 08:04 2659188933 /usr/lib64/perl5/auto/Tie/Hash/NamedCapture/NamedCapture.so
7f1d86808000-7f1d86809000 r--p 00002000 08:04 2659188933 /usr/lib64/perl5/auto/Tie/Hash/NamedCapture/NamedCapture.so
7f1d86809000-7f1d8680a000 rw-p 00000000 00:00 0
7f1d8680a000-7f1d86815000 r-xp 00000000 08:04 8388781 /usr/lib64/libnss_files-2.28.so
7f1d86815000-7f1d86a15000 ---p 0000b000 08:04 8388781 /usr/lib64/libnss_files-2.28.so
7f1d86a15000-7f1d86a16000 r--p 0000b000 08:04 8388781 /usr/lib64/libnss_files-2.28.so
7f1d86a16000-7f1d86a17000 rw-p 0000c000 08:04 8388781 /usr/lib64/libnss_files-2.28.so
7f1d86a17000-7f1d86a1d000 rw-p 00000000 00:00 0
7f1d86a1d000-7f1d86a27000 r-xp 00000000 08:04 385876103 /usr/lib64/perl5/vendor_perl/auto/Digest/SHA/SHA.so
7f1d86a27000-7f1d86c26000 ---p 0000a000 08:04 385876103 /usr/lib64/perl5/vendor_perl/auto/Digest/SHA/SHA.so
7f1d86c26000-7f1d86c27000 r--p 00009000 08:04 385876103 /usr/lib64/perl5/vendor_perl/auto/Digest/SHA/SHA.so
7f1d86c27000-7f1d86c28000 rw-p 00000000 00:00 0
7f1d86c28000-7f1d86c2b000 r-xp 00000000 08:04 2600468679 /usr/lib64/perl5/auto/PerlIO/scalar/scalar.so
7f1d86c2b000-7f1d86e2a000 ---p 00003000 08:04 2600468679 /usr/lib64/perl5/auto/PerlIO/scalar/scalar.so
7f1d86e2a000-7f1d86e2b000 r--p 00002000 08:04 2600468679 /usr/lib64/perl5/auto/PerlIO/scalar/scalar.so
7f1d86e2b000-7f1d86e2c000 rw-p 00000000 00:00 0
7f1d86e2c000-7f1d86fa9000 r-xp 00000000 08:04 8773205 /usr/lib64/libunistring.so.2.1.0
7f1d86fa9000-7f1d871a8000 ---p 0017d000 08:04 8773205 /usr/lib64/libunistring.so.2.1.0
7f1d871a8000-7f1d871ac000 r--p 0017c000 08:04 8773205 /usr/lib64/libunistring.so.2.1.0
7f1d871ac000-7f1d871ad000 rw-p 00180000 08:04 8773205 /usr/lib64/libunistring.so.2.1.0
7f1d871ad000-7f1d871c9000 r-xp 00000000 08:04 8773285 /usr/lib64/libidn2.so.0.3.6
7f1d871c9000-7f1d873c9000 ---p 0001c000 08:04 8773285 /usr/lib64/libidn2.so.0.3.6
7f1d873c9000-7f1d873ca000 r--p 0001c000 08:04 8773285 /usr/lib64/libidn2.so.0.3.6
7f1d873ca000-7f1d873cb000 rw-p 00000000 00:00 0
7f1d873cb000-7f1d873d0000 r-xp 00000000 08:04 4051735751 /usr/lib64/perl5/vendor_perl/auto/Net/LibIDN2/LibIDN2.so
7f1d873d0000-7f1d875cf000 ---p 00005000 08:04 4051735751 /usr/lib64/perl5/vendor_perl/auto/Net/LibIDN2/LibIDN2.so
7f1d875cf000-7f1d875d0000 r--p 00004000 08:04 4051735751 /usr/lib64/perl5/vendor_perl/auto/Net/LibIDN2/LibIDN2.so
7f1d875d0000-7f1d875d1000 rw-p 00000000 00:00 0

CentOS-WebPanel GUI / Re: PHP version for control panel

« Last post by overseer on Today at 02:24:12 PM »

Yes, that's the unfortunate reality. CWP's internal PHP version is locked to 7.2.30 -- but this is only for their internal services (ports 2030, 2031, 2083, 2087, 2095, 2096). It would be better if they could get onto 7.4 for internal use or best if they could get onto a supported 8.x branch. https://endoflife.date/php But I suppose their goal is to have a static, predictable PHP version that performs identically across systems. Hard to know for sure without code review that isn't possible with IonCube encoded PHP files.

You can set the system-wide PHP version, including the CLI as Cyberspace described.

CentOS-WebPanel GUI / Re: PHP version for control panel

« Last post by cyberspace on November 15, 2025, 02:41:48 PM »

Hi,

In CWP admin panel:
https://hostname.com:2087/
Go to "PHP Version Switcher" in the section "PHP Settings". You will be able to select and compile more modern PHP version for CWP here.

Note it will change the primary PHP version on your server/VPS.

CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ

« Last post by overseer on November 13, 2025, 05:18:25 PM »

Yes, the latter files are from other PHP injection attacks with web shells. I've observed those over the years on various servers and panels -- not specific to CWP or the currently discussed CVE (which is patched).

CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ

« Last post by pedromidiasf on November 13, 2025, 02:00:41 PM »

There are more files, follow the topic to find out more about it.
Some of your files are not present on my server. Probably previous attack?

CentOS 9 Problems / Re: EL9 recent update casusing boot issue

« Last post by overseer on November 13, 2025, 01:19:55 PM »

You can't go wrong with AlmaLinux 8 -- there's a reason it's the recommended OS for CWP and has a clear path forward.
https://control-webpanel.com/installation-instructions#step2
(But note you should ignore the Minimal/Boot recommendation -- you should start with the DVD installation, just don't add any software profiles such as LAMP or MariaDB when you install -- keep it clean & basic.)

CentOS 9 Problems / Re: EL9 recent update casusing boot issue

« Last post by sETu on November 12, 2025, 03:03:32 PM »

Thanks i will try AlmaLinux.

CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ

« Last post by SubZero5 on November 12, 2025, 02:27:24 AM »

.htaccess modified
index.php sometimes modified
defauit.php added
about.php added
nbpafebaef.jpg added
0vuFDw.php 0hmIaF.php 0soCeG.php like files created
radio.php added
content.php added
lock360.php added
admin.php added
Admin role Users added to DB

Be careful!.

CSF Firewall / Re: Setting up fail2ban

« Last post by overseer on November 11, 2025, 10:39:27 PM »

https://www.howtoforge.com/how-to-install-and-configure-fail2ban-on-fedora-33-centos-8/
https://forum.centos-webpanel.com/csf-firewall/make-fail2ban-puts-its-bans-on-csf-banlist/msg40331/#msg40331

Pages: [1] 2 3 ... 10

Control Web Panel

Recent Posts

CSF Firewall / Re: 100's of suspicious emails an hour

CSF Firewall / 100's of suspicious emails an hour

CentOS-WebPanel GUI / Re: PHP version for control panel

CentOS-WebPanel GUI / Re: PHP version for control panel

CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ

CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ

CentOS 9 Problems / Re: EL9 recent update casusing boot issue

CentOS 9 Problems / Re: EL9 recent update casusing boot issue

CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ

CSF Firewall / Re: Setting up fail2ban