Recent Posts
21
Information / Re: Is CWP still maintained?
« Last post by djprmf on Today at 12:45:33 PM »Your post makes no sense.
All you have done is link to many RCE vulnerabilities in different applications - some dated 16 years ago. What have that to do with anything?
No one is saying that RCE is a "new thing"... is a security issue, and yes, if has happend before in different aplications... but what have that to do with the LACK OF COMMUNICATION from CWP, about the RCE issue that happend in the control panel.
Those links have nothing to do with the CWP situation.
Or are you stating that just because RCE is a thing, CWP shouldn't be blamed because of it?
For that logic, every attack, malware or exploit have a excuse: "oh well, it happend to others, so..."
Do you see the fault in your logic?
The point here is that CWP did NOT acknowledge the security issue, not even a post to alert the administrators about it. Not even in the post that was created by a forum member to alert.
Can you provide some way in HOW they confirm the issue?
So yes, CWP is to blame. They fixed, but silent fix a security issue is NOT the way that any credible company does this - and you should know that!
And about the other issue, @Starburst, you can be whatever you want to be. You can be a CWP partner... but you ARE NOT CWP.
Again, you are making no sense... How i was spreading misinformation?
Is anything here wrong?
In fact, your response about all this is troubling, because you cannot call you a sys admin and state that every exploit in a software should be "excused" just because "it exist"... That is NOT how this works...
You are a forum member, that's it. You are not the entity responsible for the CWP development, and you don't have any say or do in how CWP is developed. Only the CWP team has, and to this point, no one is talking anything.
at best yes, you are a CWP partner... but STILL NOT A DEVELOPER of the CWP team.
All you have done is link to many RCE vulnerabilities in different applications - some dated 16 years ago. What have that to do with anything?
No one is saying that RCE is a "new thing"... is a security issue, and yes, if has happend before in different aplications... but what have that to do with the LACK OF COMMUNICATION from CWP, about the RCE issue that happend in the control panel.
Those links have nothing to do with the CWP situation.
Or are you stating that just because RCE is a thing, CWP shouldn't be blamed because of it?
For that logic, every attack, malware or exploit have a excuse: "oh well, it happend to others, so..."
Do you see the fault in your logic?
The point here is that CWP did NOT acknowledge the security issue, not even a post to alert the administrators about it. Not even in the post that was created by a forum member to alert.
Can you provide some way in HOW they confirm the issue?
So yes, CWP is to blame. They fixed, but silent fix a security issue is NOT the way that any credible company does this - and you should know that!
And about the other issue, @Starburst, you can be whatever you want to be. You can be a CWP partner... but you ARE NOT CWP.
Again, you are making no sense... How i was spreading misinformation?
- You are just a forum member? Yes
- You provided false information about in how CWP had nothing to do with a security issue in they panel? Yes
- You are trying to prove that just because RCE exploits exist - had had FOR YEARS - that somehow make CWP team not responsible to disclose a security issue in they panel? Yes.
- You are a CWP Partner? Yes
- You are NOT a CWP team member, so you cannot talk for them? Yes
Is anything here wrong?
In fact, your response about all this is troubling, because you cannot call you a sys admin and state that every exploit in a software should be "excused" just because "it exist"... That is NOT how this works...
You are a forum member, that's it. You are not the entity responsible for the CWP development, and you don't have any say or do in how CWP is developed. Only the CWP team has, and to this point, no one is talking anything.
at best yes, you are a CWP partner... but STILL NOT A DEVELOPER of the CWP team.
22
Information / Re: Is CWP still maintained?
« Last post by Starburst on Today at 12:20:44 PM »@Starburst You are going offtopic - that is not the point here. I stated that in the previous message exactly to reinforce the point.
The fact that you are providing KB articles, and NOT the CWP team, is the problem here. You are NOT the CWP team...
And you left back the questions: you KNOW what changed in the updates? Do you know anything that is made in every update?
I see that you provided false information in the CWP exploit topic, stating that it wasn't a CWP exploit.... when it was.
This alone shows how little comunication is made from the team.... is a random member in the forum that is providing the information without any "official" knowledge of what is happening.
Is great that you are trying to help anyone around here, and great if you have the back for that as a sysadmin... but you are NOT the CWP team and cannot make sentences for them about the control panel, because is NOT your own creation/development.
Fine, they don't expect any help from us or probably any others here other than the 'Official CWP team'...
But also don't spread Mis-information about CWP, that you clearly don't have the experience or knowledge to talk about...
We are a CWP partner company, and not some 'random' forum member...
23
Information / Re: Is CWP still maintained?
« Last post by Starburst on Today at 12:17:54 PM »Again, the PHP Injection Attack, had nothing to do with CWP.
But happened to older servers that where not updated and their PHP hardened.
PHP Injection Attacks are common by script kiddies. And just don't happen to CWP.
GoDaddy's servers are constantly getting hacked, which are using Amazon AWS. lol
There are several articles out there on has to secure you php.ini config.
That is NOT true.
The issue WAS a vulnerability in CWP. Is NOT fault from the users.
https://fenrisk.com/rce-centos-webpanel
https://gbhackers.com/centos-web-panel-vulnerability/
So not, wasn't the users fault. it WAS a vulnerabilty in CWP.
Yes, but other control panels HAD this problem also, even Chrome did...
As did cPanel:
https://sploitus.com/exploit?id=948E719F-C0C9-518E-969F-C65D0D6FBE65
https://www.reddit.com/r/webhosting/comments/1d1jg3v/help_hacker_keeps_injecting_code_into_my_cpanel/
https://medium.com/@anonymousshetty2003/sql-injection-vulnerability-on-a-security-awareness-website-from-database-dump-to-cpanel-access-4bb3645eef07
https://stackoverflow.com/questions/550879/php-injection-attack-how-to-best-clean-up-the-mess
Look at gbhackers, they list all the vulnerabilities with PHP: https://gbhackers.com/multiple-php-vulnerabilities/
https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=30062
aaPanel even had the same issue:
https://fenrisk.com/rce-aapanel
PHP even has a comment about it:
https://www.php.net/manual/en/mongodb.security.request_injection.php
Even Chrome had been affected...
https://gbhackers.com/technical-details-and-exploit-released-for-chrome-flaw/
https://cybersecuritynews.com/10-year-old-roundcube-rce-vulnerability/
post-authenticated remote code execution vulnerability that exploits PHP object deserialization.
I could continue on, but don't blame CWP, when they where clearly not the only one who had this.
But systems that has proper PHP security hardening survived the attacks.
Our ModSecurity systems caught the PHP Injection Attacks as well, and blocked them.
No system is 100%, but this was NOT a CWP bug, but rather a PHP common code vulnerability that affect ALL system running PHP.
24
Information / Re: Is CWP still maintained?
« Last post by djprmf on Today at 12:00:33 PM »@Starburst You are going offtopic - that is not the point here. I stated that in the previous message exactly to reinforce the point.
The fact that you are providing KB articles, and NOT the CWP team, is the problem here. You are NOT the CWP team...
And you left back the questions: you KNOW what changed in the updates? Do you know anything that is made in every update?
I see that you provided false information in the CWP exploit topic, stating that it wasn't a CWP exploit.... when it was.
This alone shows how little comunication is made from the team.... is a random member in the forum that is providing the information without any "official" knowledge of what is happening.
Is great that you are trying to help anyone around here, and great if you have the back for that as a sysadmin... but you are NOT the CWP team and cannot make sentences for them about the control panel, because is NOT your own creation/development.
The fact that you are providing KB articles, and NOT the CWP team, is the problem here. You are NOT the CWP team...
And you left back the questions: you KNOW what changed in the updates? Do you know anything that is made in every update?
I see that you provided false information in the CWP exploit topic, stating that it wasn't a CWP exploit.... when it was.
This alone shows how little comunication is made from the team.... is a random member in the forum that is providing the information without any "official" knowledge of what is happening.
Is great that you are trying to help anyone around here, and great if you have the back for that as a sysadmin... but you are NOT the CWP team and cannot make sentences for them about the control panel, because is NOT your own creation/development.
25
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« Last post by djprmf on Today at 11:56:00 AM »It can vary from installation to installation.
In some, the backdoor stays dormant in the server, waiting to be "activated" - the file placed first is just a exploit, to create the webshell file if access with a POST request and specific queries. If the request is done, the file "defaiult.php" is created, and that is the real webshell file.
After that, anything can be changed realy. I notice some plugins changed, and theme files. Also there is a mu-plugin that is created to the redirect.
Of course, data in the BD and other details, like the WordPress configuration file, are also changed/access. If you have any password or WordPress salt in there, change them. But at this point, the installation in your server should NOT be considered safe.
You can still use it... but at your own risk.
In some, the backdoor stays dormant in the server, waiting to be "activated" - the file placed first is just a exploit, to create the webshell file if access with a POST request and specific queries. If the request is done, the file "defaiult.php" is created, and that is the real webshell file.
After that, anything can be changed realy. I notice some plugins changed, and theme files. Also there is a mu-plugin that is created to the redirect.
Of course, data in the BD and other details, like the WordPress configuration file, are also changed/access. If you have any password or WordPress salt in there, change them. But at this point, the installation in your server should NOT be considered safe.
You can still use it... but at your own risk.
26
Information / Re: Is CWP still maintained?
« Last post by Starburst on Today at 11:49:51 AM »
@Starburst
And even more, your guides can help... but do we know you? Who are you exactly?
You are providing guides to make critical changes in our systems, that some people without knowledge follow... and yes, the could work. But your guides provide your own mirrors, with your own code in the mix.
How do we know that we can trust you and your code?
Some people will follow your guides, without knowing what are they doing.
And you can be a great person, don't get me wrong. You appear to be here to help... but we are in the internet....
I look at your guides, and they are ok - but i would be worry to use code that is in a unknown mirrror. Would be better if CWP team provide those instead? Yes, it will, because at least CWP we know...
I am a very old and warped SysOp.
Our servers have been running CWP since 2019.
We are also a large mirror provider for ELRepo. So if you use that repo, you probably connect to one of our servers around the globe.
As well as a mirror in England for MariaDB.
Which also gave use the unique ability to do what we did for CSF.
Any 'code' we offer is in plain English to say, and you can see exactly what it is doing.
Also any feedback is welcome to make our guides better, as we aim to be more than 'OK'.
As any company the KB has article we used allot, and there are some that are not public, since those usually very company to company with specific settings.
27
Installation / Re: Can't get CWPpro to activate
« Last post by Starburst on Today at 11:26:51 AM »Is your server behind a NAT (aka internal IP)?
28
Installation / Re: Can't get CWPpro to activate
« Last post by overseer on Today at 10:47:16 AM »Is your server properly addressed and resolving on the net? IPv4 and IPv6?
Code: [Select]
ip aCan you ping other hosts from the server? Do you have essential service ports open on the CSF firewall?29
Installation / Re: Can't get CWPpro to activate
« Last post by erolyil on Today at 07:46:55 AM »Hi, I have the same issue and when I ran the update I got the the below response and no more progress. How can I solve it?
######################
Update Server Packages
######################
PHP Warning: file_get_contents(): php_network_getaddresses: getaddrinfo failed: Name or service not known in /usr/local/cwpsrv/htdocs/resources/admin/include/cron.php on line 0
PHP Warning: file_get_contents(http://centos-webpanel.com/webpanel/versions/el7.txt): failed to open stream: php_network_getaddresses: getaddrinfo failed: Name or service not known in /usr/local/cwpsrv/htdocs/resources/admin/include/cron.php on line 0
PHP Notice: Undefined offset:1 in /usr/local/cwpsrv/htdocs/resources/admin/include/cron.php on line 0
######################
Update Server Packages
######################
PHP Warning: file_get_contents(): php_network_getaddresses: getaddrinfo failed: Name or service not known in /usr/local/cwpsrv/htdocs/resources/admin/include/cron.php on line 0
PHP Warning: file_get_contents(http://centos-webpanel.com/webpanel/versions/el7.txt): failed to open stream: php_network_getaddresses: getaddrinfo failed: Name or service not known in /usr/local/cwpsrv/htdocs/resources/admin/include/cron.php on line 0
PHP Notice: Undefined offset:1 in /usr/local/cwpsrv/htdocs/resources/admin/include/cron.php on line 0
30
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« Last post by pedromidiasf on October 08, 2025, 07:46:35 PM »Do you know which wordpress files got infected?
