21
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« Last post by ConcernedCitizen on October 15, 2025, 06:48:20 PM »I mass removed them, every part of the malicious code, backup.c, licelic.c etc with rm find. Buy maybe i can find them from backups.
As far as I understand from the context of the malicious code, they are trying trick the visitors to make payment with a credit card. Because the attacker needs to be notified every time a visitor runs the code and in defauit.php there are classes about making payment.
So the attacker takes the information of the credit card provided by the visitor, and uses it on another website.
Oh i found one image file from a backup.

As far as I understand from the context of the malicious code, they are trying trick the visitors to make payment with a credit card. Because the attacker needs to be notified every time a visitor runs the code and in defauit.php there are classes about making payment.
So the attacker takes the information of the credit card provided by the visitor, and uses it on another website.
Oh i found one image file from a backup.

22
CSF Firewall / Re: Firewall off in cwp panel
« Last post by overseer on October 15, 2025, 05:50:59 PM »And you've rebooted? Sometimes it takes a full reboot to get itself sorted out! 

23
Mod_Security / Re: OWASP Latest
« Last post by overseer on October 15, 2025, 05:23:27 PM »Please update Mod Security to the latest version and OWASP to the latest ruleset using Starburst's guides. I have followed them and don't have the referenced /usr/local/apache/modsecurity-owasp-latest/rules/rules.dat file on any of my servers.
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-modsecurity-to-2-9-12-running-cwp-and-apache-on-almalinux-9/
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-owasp-crs-ruleset-running-cwp-and-apache-on-almalinux-9/
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-modsecurity-to-2-9-12-running-cwp-and-apache-on-almalinux-9/
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-owasp-crs-ruleset-running-cwp-and-apache-on-almalinux-9/
24
Mod_Security / OWASP Latest
« Last post by rustylh on October 15, 2025, 02:59:00 PM »We switched from Comodo to OWASP Latest as I read Comodo WAF no longer received updates. Now when Aacron runs we are seeing this error:
PHP Warning: file_get_contents(/usr/local/apache/modsecurity-owasp-latest/rules/rules.dat): failed to open stream: No such file or directory in /usr/local/cwpsrv/htdocs/resources/admin/include/cron.php on line 0
--2025-10-15 03:46:04-- http://static.cdn-cwp.com/files/apache/mod-security/modsecurity-owasp-latest.zip
I am not seeing rules.dat in /usr/local/apache/modsecurity-owasp-latest/rules. Will the cron.daily resolve this at next run or do I need to so something further.
Thank you all for your help!
PHP Warning: file_get_contents(/usr/local/apache/modsecurity-owasp-latest/rules/rules.dat): failed to open stream: No such file or directory in /usr/local/cwpsrv/htdocs/resources/admin/include/cron.php on line 0
--2025-10-15 03:46:04-- http://static.cdn-cwp.com/files/apache/mod-security/modsecurity-owasp-latest.zip
I am not seeing rules.dat in /usr/local/apache/modsecurity-owasp-latest/rules. Will the cron.daily resolve this at next run or do I need to so something further.
Thank you all for your help!
25
CSF Firewall / Re: Firewall off in cwp panel
« Last post by setecabanas on October 15, 2025, 02:47:09 PM »I have tried to install a new server with Almalinux 9
So, in a fresh installation same problem. But it is not important, only affects cwp panel
So, in a fresh installation same problem. But it is not important, only affects cwp panel
Code: [Select]
[root@s3 almalinux]# csf -e
csf and lfd are not disabled!
[root@s3 almalinux]#
[root@s3 almalinux]#
[root@s3 almalinux]# systemctl start csf
[root@s3 almalinux]# systemctl start lfd
[root@s3 almalinux]# systemctl enable csf
[root@s3 almalinux]# systemctl enable lfd
26
MySQL / Re: root myql password
« Last post by overseer on October 15, 2025, 01:13:35 PM »You should remove your current MariaDB 10.6 and install 10.11 (LTS version). This will preserve your DB and get you to a current, supported version:
https://www.alphagnu.com/topic/23-upgrade-mariadb-1011-in-cwp-centos-7-centos-8-stream-almalinux-78-rockylinux-78/
https://www.alphagnu.com/topic/23-upgrade-mariadb-1011-in-cwp-centos-7-centos-8-stream-almalinux-78-rockylinux-78/
27
MySQL / Re: root myql password
« Last post by setecabanas on October 15, 2025, 12:26:23 PM »I think the problem is other: I've broken my MySQL installation 
I think I'll have to reinstall everything.
Thanks anyway

Code: [Select]
[root@s3 mysql]# systemctl status mariadb
× mariadb.service - MariaDB 10.6.23 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; disabled; preset: disabled)
Drop-In: /etc/systemd/system/mariadb.service.d
└─migrated-from-my.cnf-settings.conf
Active: failed (Result: exit-code) since Wed 2025-10-15 12:23:52 UTC; 3s ago
Docs: man:mariadbd(8)
https://mariadb.com/kb/en/library/systemd/
Process: 16501 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
Process: 16502 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= || VAR=`/usr/bin/galera_recovery`; [ $? -eq 0 ] && systemctl set-environment _WSREP_START_POSITION=$VAR || exit 1 (code=e>
Process: 16510 ExecStart=/usr/sbin/mariadbd $MYSQLD_OPTS $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION (code=exited, status=1/FAILURE)
Main PID: 16510 (code=exited, status=1/FAILURE)
Status: "MariaDB server is down"
CPU: 140ms
Oct 15 12:23:52 s3 mariadbd[16510]: 2025-10-15 12:23:52 0 [ERROR] InnoDB: Plugin initialization aborted with error Generic error
Oct 15 12:23:52 s3 mariadbd[16510]: 2025-10-15 12:23:52 0 [Note] InnoDB: Starting shutdown...
Oct 15 12:23:52 s3 mariadbd[16510]: 2025-10-15 12:23:52 0 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
Oct 15 12:23:52 s3 mariadbd[16510]: 2025-10-15 12:23:52 0 [Note] Plugin 'FEEDBACK' is disabled.
Oct 15 12:23:52 s3 mariadbd[16510]: 2025-10-15 12:23:52 0 [ERROR] Could not open mysql.plugin table: "Unknown storage engine 'Aria'". Some plugins may be not loaded
Oct 15 12:23:52 s3 mariadbd[16510]: 2025-10-15 12:23:52 0 [ERROR] Failed to initialize plugins.
Oct 15 12:23:52 s3 mariadbd[16510]: 2025-10-15 12:23:52 0 [ERROR] Aborting
Oct 15 12:23:52 s3 systemd[1]: mariadb.service: Main process exited, code=exited, status=1/FAILURE
Oct 15 12:23:52 s3 systemd[1]: mariadb.service: Failed with result 'exit-code'.
I think I'll have to reinstall everything.
Thanks anyway

28
MySQL / Re: root myql password
« Last post by overseer on October 15, 2025, 10:42:52 AM »That script seems to be outdated and shouldn't be used. Please use this guide instead:
https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password
https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password
29
CSF Firewall / Re: Firewall off in cwp panel
« Last post by setecabanas on October 15, 2025, 08:29:49 AM »thanks
30
MySQL / root myql password
« Last post by setecabanas on October 15, 2025, 08:20:47 AM »Hello,
I change root mysql password by mistake and now:
My server is with Almalinux 9 and
Mariadb Ver 15.1 Distrib 10.11.14-MariaDB
I try to edit this script to adapt:
However the problem is not solved
Could you help me?
ERROR 1348 (HY000) at line 1: Column 'Password' is not updatable
How can I adapt the code -> /scripts/mysql_pwd_reset so that this error doesn't occur and the password changes correctly?
I change root mysql password by mistake and now:
Code: [Select]
Warning: mysqli_connect(): (HY000/1045): Access denied for user 'root'@'localhost' (using password: YES) in /usr/local/cwpsrv/htdocs/resources/admin/include/functions.php on line 0
Warning: mysqli_connect(): (HY000/1045): Access denied for user 'root'@'localhost' (using password: YES) in /usr/local/cwpsrv/htdocs/admin/admin/index.php on line 0
Trying to start mysql server, please wait!
Try to restart Control Web Panel with command: sh /scripts/restart_cwpsrv
**Check your MySQL root password in: /usr/local/cwpsrv/htdocs/resources/admin/include/db_conn.php and /root/.my.cnf
You can reset the MySQL root password fast with this command: /scripts/mysql_pwd_reset -q
Warning: mysqli_error() expects exactly 1 parameter, 0 given in /usr/local/cwpsrv/htdocs/admin/admin/index.php on line 0
Could not connect:
My server is with Almalinux 9 and
Mariadb Ver 15.1 Distrib 10.11.14-MariaDB
I try to edit this script to adapt:
Code: [Select]
/scripts/mysql_pwd_reset
Quote
Enter MySQL root password (NO special characters): Yaj0ahLvXm
Shutting down any mysql processes...
Resetting password... hold on
--------------
UPDATE mysql.user SET Password=PASSWORD('Yaj0ahLvXm'),Authentication_string=PASSWORD('Yaj0ahLvXm') WHERE user='root'
--------------
ERROR 1348 (HY000) at line 1: Column 'Password' is not updatable
Cleaning up...
Password reset has been completed
New MySQL root password: Yaj0ahLvXm
However the problem is not solved

Could you help me?
ERROR 1348 (HY000) at line 1: Column 'Password' is not updatable
How can I adapt the code -> /scripts/mysql_pwd_reset so that this error doesn't occur and the password changes correctly?