All Activity

Hi Starburst Not really sure what you are talking about in this context. Who is Jetback, where can I see CWP user accounts, and how does this matter regarding my original request. Would be fine, if Sandeep would give us the honor to reply to this after more than 2 weeks.....

Just a FYI, JetBack seems to work with CWP unofficially. When you access the control panel for it, it shows all the CWP user accounts. Only draw back I see, if they would have to use a different control panel, UN & PW to access it.

Check your main config file for the OWASP rules. Sounds like a path wasn't set correctly.

Thank-You Sandeep. I will look into it.

So I would say the current truth is: Everyone running Alma8 now with php5.6 required has no chance to upgrade to Alma9 right now. The situation you describe, to recompile php5.6 with openssl from scratch seems to be "mission impossible" for the average user and if I get you right even for yourself.....

If you can build PHP 5.6 from scratch including OpenSSL v.1.1, in this case you can use AlmaLinux 9.x also. For a server I had to get PHP 5.6 running on AlmaLinux 9, but OpenSSL is not included in this PHP version yet. I had to keep a few outdated systems alive for a while. But, the CWP for AlamLinux 8 can run PHP 5.6 also.

Hi Sandeep As I found out a long time ago, the New Backup Beta in CWP works so much better than the standard backup which is completely obsolete now. So time to integrate it fully into the MMI in the main page and drop the currently linked standard backup completely. Also a kind of persistent annoyance when the MMI says backup is switched off even when the new backup beta is enabled and running. There have been numerous events now when I switched it on occasionally and only having two backups running in paralell and eating up my disk space quickly. I think there is no one out there who still uses the standad backup anymore when the new backup beta runs flawlessly since years. Sure this is for beaty right now but we should keep CWP in a deflated and disk efficient status, and for you this would be a nobrainer to be integrated in less than 5 minutes I guess. Keep it up man

ip route default via 46.xx.xx.1 dev enp4s0 proto static metric 100 46.xx.xx.0/26 dev enp4s0 proto kernel scope link src 46.xx.xx.16 metric 100 46.xx.xx.44 is my main ip. Also both uses the same interface when running vnstat ns1.domain.com -> 46.xx.xx.44 ns2.domain.com -> 46.xx.xx.16 In february i used 11gb bandwith on the secondary. So far in march i have used 97gb

From Deepseek.com, and I agree: The secondary IP address (10.0.0.3) showing over 1GB of transfer every hour, while all sites are configured to use the server IP (10.0.0.2), suggests that there is traffic being routed or directed to the secondary IP. Here are some possible reasons for this: 1. Misconfigured Services or ApplicationsA service or application on the server might be explicitly bound to the secondary IP (10.0.0.3) instead of the primary IP (10.0.0.2). This could include: Web servers (e.g., Apache, Nginx) Database servers (e.g., MySQL, PostgreSQL) Backup services Monitoring or logging tools Check the configuration files of these services to ensure they are not listening on the secondary IP. 2. DNS or A Records Pointing to the Secondary IPIf any DNS records (A records) point to the secondary IP (10.0.0.3), traffic will be directed to that IP. For example: A subdomain or specific service might be configured to use 10.0.0.3. A misconfigured DNS record could accidentally route traffic to the secondary IP. Verify your DNS settings to ensure no domains or subdomains are pointing to 10.0.0.3. 3. Network Interface ConfigurationThe network interface on the server might be misconfigured, causing traffic to be routed through the secondary IP. For example: Incorrect routing tables. Improper binding of IP addresses to the network interface. Check the server's network configuration (e.g., /etc/network/interfaces on Linux) and routing tables (ip route or route -n). 4. Background Processes or Cron JobsA background process or cron job might be using the secondary IP for tasks such as: Data synchronization. Backups. API calls or external communication. Check running processes (ps aux, top, or htop) and cron jobs (crontab -l) to identify any tasks that might be generating traffic. 5. Malware or Unauthorized AccessThe secondary IP might be compromised, and an attacker could be using it for malicious activities such as: Data exfiltration. Serving malicious content. Participating in a botnet. Investigate the traffic using tools like tcpdump, iftop, or nethogs to identify the source and destination of the traffic. 6. Load Balancing or Proxy ConfigurationIf the server is behind a load balancer or proxy, the secondary IP might be used for specific traffic. For example: The load balancer might be directing certain requests to 10.0.0.3. A reverse proxy might be forwarding traffic to the secondary IP. Check the configuration of any load balancers or proxies in your setup. 7. Logs and MonitoringAnalyze server logs to identify the source of the traffic: Web server logs (e.g., Apache, Nginx). Firewall logs (e.g., iptables, ufw). System logs (/var/log/syslog, /var/log/messages). Use monitoring tools like iftop, nethogs, or vnstat to track real-time traffic on the secondary IP. Steps to Diagnose and Resolve:Check Network Configuration: Verify the IP addresses assigned to the network interface. Ensure no services are bound to the secondary IP. Analyze Traffic: Use tools like tcpdump or iftop to capture and analyze traffic on the secondary IP. Review DNS Settings: Ensure no DNS records point to the secondary IP. Inspect Running Processes: Identify any processes generating traffic on the secondary IP. Check for Malware: Run a malware scan and investigate suspicious activity. Review Logs: Examine server logs for unusual activity or errors. By systematically checking these areas, you should be able to identify the source of the traffic and resolve the issue.

I have the share ip at lets say 10.0.0.1 and a secondary ip 10.0.03. Server ip is 10.0.0.2 Shared ip is also 10.0.0.1 All sites use server ip Why do i have over 1GB transfer every hour on the secondary ip?

Tried it, still isn't fully working. The servers use ModSecurity2.9.8 with the OWASP CRS ruleset on Apache 2.4.63 Thanks

I am curious about this reply: we have several instances still runining on PHP 5.6 with old typo3 4.17. I think there is no way to upgrade this to Alma 9, what do you think.

This is the SMTP debug, from a WordPress SMTP Plugin, where the PHP is connecting to OpenSSL 1.1, instead of the OpenSSL 3.2.2: Versions: WordPress: 6.7.2 WordPress MS: No PHP: 8.2.27 WP Mail SMTP: 4.4.0 Params: Mailer: smtp Constants: No ErrorInfo: SMTP Error: Could not connect to SMTP host. Failed to connect to serverSMTP server error: Failed to connect to server Host: vps.example.com Port: 465 SMTPSecure: ssl SMTPAutoTLS: bool(false) SMTPAuth: bool(true) Server: OpenSSL: OpenSSL 1.1.1t 7 Feb 2023 Debug: Email Source: WP Mail SMTP Mailer: Other SMTP SMTP Error: Could not connect to SMTP host. Failed to connect to serverSMTP server error: Failed to connect to server SMTP Debug: 2025-03-09 20:58:34 Connection: opening to ssl://vps.example.com:465, timeout=30, options=array() 2025-03-09 20:58:34 Connection failed. Error #2: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [/home/user/public_html/wp-includes/PHPMailer/SMTP.php line 412] 2025-03-09 20:58:34 Connection failed. Error #2: stream_socket_client(): Failed to enable crypto [/home/user/public_html/wp-includes/PHPMailer/SMTP.php line 412] 2025-03-09 20:58:34 Connection failed. Error #2: stream_socket_client(): Unable to connect to ssl://vps.example.com:465 (Unknown error) [/home/user/public_html/wp-includes/PHPMailer/SMTP.php line 412] 2025-03-09 20:58:34 SMTP ERROR: Failed to connect to server: (0) SMTP Error: Could not connect to SMTP host. Failed to connect to server

So, we need change the PHP build script to include the right OpenSSL library (e.g. 3.2.2 for the AlmaLinux 9.5), or we need to move the OpenSSL 3.x to location /usr/local/opensslso/ instead of the v.1.1. The CWP uses PHP 7.x for admin-panel function so, the OpenSSL v.1.1 is not removable. @Sandeep B. What is your opinion?

Output of command (PHP 8.2): php -i | grep "OpenSSL" SSL Version => OpenSSL/3.2.2 OpenSSL support => enabled OpenSSL Library Version => OpenSSL 1.1.1t 7 Feb 2023 OpenSSL Header Version => OpenSSL 1.1.1t 7 Feb 2023 Native OpenSSL support => enabled Output of command (PHP-FPM 8.3): /opt/alt/php-fpm83/usr/bin/php -i | grep "OpenSSL" SSL Version => OpenSSL/3.2.2 OpenSSL support => enabled OpenSSL Library Version => OpenSSL 1.1.1t 7 Feb 2023 OpenSSL Header Version => OpenSSL 1.1.1t 7 Feb 2023 Native OpenSSL support => enabled php -i | grep "Configure Command" Configure Command => './configure' '--with-config-file-path=/usr/local/php' '--enable-cgi' '--with-config-file-scan-dir=/usr/local/php/php.d' '--with-zlib=/usr' '--enable-mbstring' '--with-zip' '--enable-bcmath' '--enable-pcntl' '--enable-ftp' '--enable-exif' '--enable-calendar' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--with-tidy' '--with-curl' '--with-gmp' '--with-pspell' '--enable-gd' '--with-jpeg' '--with-freetype' '--enable-gd-jis-conv' '--with-webp' '--with-avif' '--with-zlib-dir=/usr' '--with-xpm' '--with-openssl' '--with-pdo-mysql=mysqlnd' '--with-gettext=/usr' '--with-bz2=/usr' '--with-mysqli' '--enable-soap' '--enable-phar' '--with-xsl' '--with-kerberos' '--enable-posix' '--enable-sockets' '--with-external-pcre' '--with-libdir=lib64' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--enable-intl' '--with-imap' '--with-imap-ssl' '--with-password-argon2' 'PKG_CONFIG_PATH=/usr/local/opensslso/lib/pkgconfig' /opt/alt/php-fpm83/usr/bin/php -i | grep "Configure Command" Configure Command => './configure' '--prefix=/opt/alt/php-fpm83/usr' '--with-config-file-path=/opt/alt/php-fpm83/usr/php' '--with-config-file-scan-dir=/opt/alt/php-fpm83/usr/php/php.d' '--with-zlib=/usr' '--enable-mbstring' '--with-zip' '--enable-bcmath' '--enable-pcntl' '--enable-ftp' '--enable-exif' '--enable-calendar' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--with-tidy' '--with-curl' '--with-iconv' '--with-gmp' '--with-pspell' '--enable-gd' '--with-jpeg' '--with-freetype' '--enable-gd-jis-conv' '--with-webp' '--with-avif' '--with-zlib-dir=/usr' '--with-xpm' '--with-openssl' '--with-pdo-mysql=mysqlnd' '--with-gettext=/usr' '--with-bz2=/usr' '--with-mysqli' '--enable-soap' '--enable-phar' '--with-xsl' '--with-kerberos' '--enable-posix' '--enable-sockets' '--with-external-pcre' '--with-libdir=lib64' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--enable-intl' '--with-imap' '--with-imap-ssl' '--enable-fpm' '--enable-opcache' '--with-password-argon2' 'PKG_CONFIG_PATH=/usr/local/opensslso/lib/pkgconfig' The PHP is configured to use OpenSSL from: 🔴 PKG_CONFIG_PATH=/usr/local/opensslso/lib/pkgconfig This means PHP is still linked to OpenSSL 1.1.1t instead of OpenSSL 3.2.2. @Sandeep B. Do you have any suggestion to correct it as fast as possible? May all CWP in AlmaLinux 9 have this issue.

Has anyone tried aapanel? https://www.aapanel.com/

this is an old tutorial and discontinued due to a maintenance issue we'll create a new tutorial for it soon

You can fix this by adding salt to your wp-config.php Redis is superior of all APCU, which will increase the performance but the database will not be optimized we always recommend opcache + redis https://blog.alphagnu.com/speedup-wordpress-decrease-server-load-redis-cache-cwp-centos-webpanel/

It's not possible to use modsecurity v3.0.13 with Apache, just only with nginx. Apache works only with v2.9.x versions of modsecurity.

I fixed the problem with replace old password from the old conf. Now its working,

Hello, i made huge mistake deleting roundcube mysql. I have backup, but not allow me to do it. I did try with phpmyadmin, the database is restored, but cannot connect for some reason. DATABASE ERROR! Unable to connect to the database! Please contact your server-administrator. I did try to reinstall roundcube and got this error. Running update script at target... Executing database schema update. ERROR: SQLSTATE[HY000] [1045] Access denied for user 'ridha_roun288'@'localhost' (using password: YES) ERROR: Failed to connect to database All done. [root@server roundcubemail-1.5.8]# Please help.

I'm using this guide, unfortunately the logs in "security center" stopped showing up. What can I do to fix this?

test the latest one: # added by Navid if ($config{LF_MODSEC} && $globlogs{MODSEC_LOG}{$lgfile} && $line =~ /\[client (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|[A-Fa-f0-9:]+)\] ModSecurity:.*?(?:\[id "(\d+)"\].*?)?Access denied.*?(\[uri "([^"]+)"\])?.*?(\[host "([^"]+)"\])?/i) { my $ip = $1; $ip =~ s/^::ffff://i; # Remove IPv6 prefix (if present) $ip =~ s/:\d+$//; # Strip port (e.g., 1.2.3.4:56789 → 1.2.3.4) my $ruleid = defined($2) ? $2 : "unknown"; # Rule ID my $uri = defined($4) ? $4 : "unknown"; # Blocked URI my $host = defined($6) ? $6 : "unknown"; # Host header # Ports to block (expand as needed: HTTP, HTTPS, SMTP, FTP, etc.) my $block_ports = "80,443,25,587,465,21,22,8080,8443"; if (checkip($ip)) { return ("ModSecurity Alert [ID:$ruleid] - Host: $host, URI: $uri", $ip, "mod_security-custom", "4", $block_ports, "1"); } else { return; } } # ended by Navid

or use this one for better enhancement # added by Navid if ($config{LF_MODSEC} && $globlogs{MODSEC_LOG}{$lgfile} && $line =~ /^\[\S+ \S+ \S+ \S+ \S+\] \[(\w*)?:error\] (\[pid \d+(:tid \d+)\]) \[client (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|[A-Fa-f0-9:]+)\:\d+\] \[client (\S+)\] ModSecurity:.*?(?:\[id \"(\d+)\"\].*?)?Access denied/i) { my $ip = $5; $ip =~ s/^::ffff://; $ip =~ s/:\d+$// if split(/:/, $ip) == 2; my $ruleid = "unknown"; $ruleid = $6 if defined($6); # Capture ModSecurity rule ID # Extract URI for context (optional) my $uri = "unknown"; $uri = $1 if $line =~ /\[uri \"([^\"]+)\"\]/; if (checkip($ip)) { return ("ModSecurity Alert [ID:$ruleid] - Blocked URI: $uri", $ip, "mod_security-custom", "4", "80,443", "1"); } else { return; } } # ended by Navid

thank you so much for report this error that you're faced and here is the corrected and tested version Fore regex.custom.pm: # added by Navid if ($config{LF_MODSEC} && $globlogs{MODSEC_LOG}{$lgfile} && $line =~ /^\[\S+ \S+ \S+ \S+ \S+\] \[(\w*)?:error\] (\[pid \d+(:tid \d+)\]) \[client \S+:\S+\] \[client (\S+)\] ModSecurity:(( \[[^\]]+\])*)? Access denied/) { my $ip = $4; $ip =~ s/^::ffff://; $ip =~ s/:\d+$// if split(/:/, $ip) == 2; my $ruleid = "unknown"; if ($line =~ /\[id "(\d+)"\]/) { $ruleid = $1; } if (checkip($ip)) { return ("mod_security (id: $ruleid) triggered by", $ip, "mod_security-custom", "4", "80,443", "1"); } else { return; } } # ended by Navidfor test the Validation just run the commend below Validate The Syntax: perl -c /usr/local/csf/bin/regex.custom.pmOutput should show: OK. Restart CSF/LFD: csf -r