Recent Posts
1
MySQL / Re: increase the characters db
« Last post by gilliard on Today at 01:04:47 PM »Is empty file...
2
MySQL / Re: increase the characters db
« Last post by overseer on Today at 12:51:21 PM »Code: [Select]
/usr/local/cwp/.conf/mysql_user_prefix.conf3
PHP / Re: Difference in the php views...
« Last post by overseer on Today at 12:47:39 PM »The main php version from the CLI that you have set used by PHP Switcher is called for php info on your first case. The display is typical for a 7.x version -- CWP renders it using their stylesheet so it matches the rest of the panel. But if you have an 8.x or later, it will call the normal php.info and display it in that space.
4
MySQL / increase the characters db
« Last post by gilliard on Today at 12:37:22 PM »How do I increase the characters in the database name?
5
PHP / Difference in the php views...
« Last post by venty on Today at 08:40:54 AM »Hi,
please help, why in the CWP panel, when I go to the menu PHP Settings/PHP imfo, php info is displayed like this:
https://prnt.sc/FcozFB37iNmK
and not like this:
https://prnt.sc/GdtmAeHoBNDd
The versions of PHP are different, but this should not be the reason for the difference in the views...
Thanks in advance!
BR
Venty
please help, why in the CWP panel, when I go to the menu PHP Settings/PHP imfo, php info is displayed like this:
https://prnt.sc/FcozFB37iNmK
and not like this:
https://prnt.sc/GdtmAeHoBNDd
The versions of PHP are different, but this should not be the reason for the difference in the views...
Thanks in advance!
BR
Venty
6
CentOS 8 Problems / Re: PHP compiling fails, strange ld / ldconfig behaviour?
« Last post by overseer on July 09, 2025, 11:19:43 PM »If you want to PM me login details, I could take a look for you. I recommend PHP-FPM for performance reasons, plus the versatility of running php versions on a site-by-site basis with separate configs is a good thing. I have 4 versions running on one server -- legacy 5.6 for one site, 7.4 for a WordPress site that needs full compatibility, 8.1 for other WP sites, and 8.2 for a Drupal site.
7
CentOS 8 Problems / Re: PHP compiling fails, strange ld / ldconfig behaviour?
« Last post by crouso on July 09, 2025, 07:54:27 PM »Thank you for your reply.
PHP switcher also did not work correctly, i tried it, same error messages in logfile regarding bz2... seems i am stuck at 7.4.33?
My end goal/s would be to (depends on solution/s)
- keep PHP 7.4.33 for compatibility issues as "base version"
- be able to compile (php >8.2 needed) other versions with php selector
- and maybe php-fpm selector too
Or a way how i can add alternate php versions manually?
What is your end goal? Which mode are you going to use -- PHP switcher, suPHP, or php-fpm? Which versions of PHP would you like to have? Each case is a bit different.
PHP switcher also did not work correctly, i tried it, same error messages in logfile regarding bz2... seems i am stuck at 7.4.33?
My end goal/s would be to (depends on solution/s)
- keep PHP 7.4.33 for compatibility issues as "base version"
- be able to compile (php >8.2 needed) other versions with php selector
- and maybe php-fpm selector too
Or a way how i can add alternate php versions manually?
8
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« Last post by frussane on July 09, 2025, 06:08:50 PM »Also just to confirm, I am indeed using AlmaLinux 8.10 (Cerulean Leopard)
9
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« Last post by frussane on July 09, 2025, 05:01:06 PM »I noticed I had 3 users in /home/jail/ possibly from jailkit. But I never actually made any configs about this, so 3 of my users are using it, and the others aren't. That's just something odd but probably unrelated.
About the hidden files, just deleted them, thanks!
I had first renamed /tmp to /tmp_inf and created a new /tmp but that broke my websites sessions.
I will try to help as I can, I only have medium server experience!
I've noticed some executables and scripts being created and hidden inside wordpress folders, I've cleared them but if more appear I'll share here the names and contents.
About the hidden files, just deleted them, thanks!
I had first renamed /tmp to /tmp_inf and created a new /tmp but that broke my websites sessions.
I will try to help as I can, I only have medium server experience!
I've noticed some executables and scripts being created and hidden inside wordpress folders, I've cleared them but if more appear I'll share here the names and contents.
10
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« Last post by kandalf on July 09, 2025, 04:51:08 PM »I had the same problem, was going crazy, thinking it was a wordpress vulnerability, then started seeing processes from one user trying to access other users. This made me notic only 3 of my users are in jail and others aren't, no idea why this behaviour by CWP.
I've ran:Code: [Select]find / -type f \( -name "defauit.php" -o -name "nbpafebaef.jpg" \) -exec rm -f {} + 2>/dev/nullto delete all of this 2 files.
I've also renamed filemanager.php
Could any one provide with more insight/what more steps should be done to make sure it's clean?
What do you mean by “my users are in jail”?
Also, make sure to delete two hidden files that may have been used in the attack. They were found in /tmp on my compromised servers:
• .tmp_baf
• .auto_monitor
These files are part of the script that spreads the malicious payload across all user accounts.
Let us know if you find anything else suspicious, we’re trying to understand the full scope of this breach.
