Navid

HI, dear Master Sandeep for your nice help and your precious time. Kindly what about the below ink tutor I mean is it necessary or your solution will be enough https://www.superspeedyplugins.com/kb/performance-optimization/stack-guides-tips/configuring-nginx-pass-real-ip-addresses-cloudflare-compatible-fail2ban-wordpress/ thank you so much regards

Hi, Dear support team I facing a very strange issue for 3 past days, the problem that I’m facing is showing me just the Cloudflare IP, not the real IP that connects to our server and our websites. It happened 3 days ago and it continued, before this issue the real IP that connected to each website was shown and visible on the security center incident and log files but right now just showing Cloudflare IP: https://www.cloudflare.com/ips-v4/ that we are using it as proxy and some other security measures. I don’t know what is happening because I don’t bring any changes. I did some research on X-Forwarded-For or CF-Connecting-IP but I can’t find solutions for cwp and this specific problem Kindly guide me on how can resolve this issue I have attached a screenshot for your further help. Regards.

HI, Dear Mr Sandeep I hope you and your honor family are safe and rounded by Gold bless. I have two question about my.cnf what if I add this line into my.cnf: init-connect='SET NAMES utf8' Because I would to support fully UTF8??? second ad you advice I have to remove this line: default_storage_engine = MyISAM or just remove MyISAM from the end of the line??? or I have to remove completely the line??? thank you very much for you answer in advance regards.

Thank you so much it's work perfectly, and it save me. thank you so much from both of your gentleman!

Hi, thank you so much Dear Sandeep, it not work fine, it's work perfectly. Appreciated!

Hi, sorry I forgot to ask you it's deploy able in centos7?

Salute, Gold Bless you. thanks

salute, and thank you so much for your very brief guide, just one more question please: what if would to use the latest Mariadb I mean(11.4.2). secondly: there is no need to take back from old Mariadb? thank you

Dear Netio please describe your bash? what is this for this bash? and what it will execute in the server??

Hi, kindly need your more description to run your bash please: curl -s -L https://www.alphagnu.com/upload/centos7-repo-fix.sh | bash

Hi, dear Sandeep it's very important to know how can UPgrade MariaDB to last and stable one. 1- I need to upgrade MariaDB from 10.5 to MariaDB 10.11.210.11.2. or higher 2- and need to upgrade nginx to 1.23.3 or latest one. kindly need your help and your full guide please thank you very much.

Hi, Thank you very much Dear Sandeep you're always helpful, cwp without unimaginable. appreciated

HI, I hope you are doing well, Just I would like to ask, that I want to change the : /etc/my.cnf as below but I'm not sure it will be correct or need amendment ?? kindly reviwe the my.cnf file and advice me. because I need to optimze the DB and would like to use mySIM as a default storage. # # This group is read both by the client and the server # use it for options that affect everything # [client-server] [mysqld] default_storage_engine = MyISAM max_connections = 30000 max_user_connections=10000 innodb_lock_wait_timeout=120 max_heap_table_size = 1G tmp_table_size = 1024M thread_cache_size = 128 innodb_buffer_pool_size = 2G innodb_log_file_size = 2G innodb_buffer_pool_instances = 10 innodb_flush_method = O_DIRECT innodb_file_per_table = 1 innodb_flush_log_at_trx_commit = 2 table_open_cache = 5000 wait_timeout = 28800 interactive_timeout = 28800 long_query_time = 25 max_allowed_packet = 512M performance_schema = OFF open_files_limit = 220000 key_buffer_size = 64M join_buffer_size = 5M sort_buffer_size = 5M read_buffer_size = 2048k read_rnd_buffer_size = 2048k query_cache_type = 1 query_cache_size = 250M query_cache_limit = 64M max_connect_errors = 10 tmp_table_size = 550M max_heap_table_size = 500M innodb_file_per_table=1 # # include *.cnf from the config directory # !includedir /etc/my.cnf.d regards.

HI, I would to Import and big database file around 2.5 G, to a user account(website) kindly guide on how can I cope with please. Note: I used this command : mysql -u alemaren_gild -p alemaren_statute < alemaren_english.sql but it's not working and I getting access dined error. waiting for you help thanks.

Hi, dear Sandeep you're always very helpful, God Bless you. I added the config like below: user nobody; worker_processes auto; #worker_rlimit_nofile 65535; error_log /var/log/nginx/error.log crit; pid /var/run/nginx.pid; events { worker_connections 1024; use epoll; multi_accept on; } http { sendfile on; tcp_nopush on; tcp_nodelay on; client_header_timeout 3m; client_body_timeout 3m; client_max_body_size 256m; client_header_buffer_size 4k; client_body_buffer_size 256k; large_client_header_buffers 4 32k; send_timeout 3m; keepalive_timeout 60 60; reset_timedout_connection on; server_names_hash_max_size 1024; server_names_hash_bucket_size 1024; ignore_invalid_headers on; connection_pool_size 256; request_pool_size 4k; output_buffers 4 32k; postpone_output 1460; server_tokens off; include mime.types; default_type application/octet-stream; # Compression gzip gzip on; gzip_vary on; gzip_disable "MSIE [1-6]\."; gzip_proxied any; gzip_min_length 512; gzip_comp_level 6; gzip_buffers 8 64k; gzip_types text/plain text/xml text/css text/js application/x-javascript application/xml image/png image/x-icon image/gif image/jpeg image/svg+xml application/xml+rss text/javascript application/atom+xml application/javascript application/json application/x-font-ttf font/opentype; # Proxy settings proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass_header Set-Cookie; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; proxy_buffers 32 4k; proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m; proxy_cache_key "$host$request_uri $cookie_user"; proxy_temp_path /var/cache/nginx/temp; proxy_ignore_headers Expires Cache-Control; proxy_cache_use_stale error timeout invalid_header http_502; proxy_cache_valid any 1d; open_file_cache_valid 120s; open_file_cache_min_uses 2; open_file_cache_errors off; open_file_cache max=5000 inactive=30s; open_log_file_cache max=1024 inactive=30s min_uses=2; # SSL Settings ssl_session_cache shared:SSL:10m; ssl_protocols TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS"; # Logs log_format main '$remote_addr - $remote_user [$time_local] $request ' '"$status" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; log_format bytes '$body_bytes_sent'; #access_log /var/log/nginx/access.log main; access_log off; # Cache bypass map $http_cookie $no_cache { default 0; ~SESS 1; ~wordpress_logged_in 1; } # Include additional configuration include /etc/nginx/cloudflare.inc; include /etc/nginx/conf.d/*.conf; } and added those line you recommend and the below line as well: server_tokens off; kindly recommend us more to make is more secure and stable and high perfromance please regards.

HI, I mean on how can hardening the server by nginx.conf more than usual user nobody; worker_processes auto; #worker_rlimit_nofile 65535; error_log /var/log/nginx/error.log crit; pid /var/run/nginx.pid; events { worker_connections 1024; use epoll; multi_accept on; } http { sendfile on; tcp_nopush on; tcp_nodelay on; client_header_timeout 3m; client_body_timeout 3m; client_max_body_size 256m; client_header_buffer_size 4k; client_body_buffer_size 256k; large_client_header_buffers 4 32k; send_timeout 3m; keepalive_timeout 60 60; reset_timedout_connection on; server_names_hash_max_size 1024; server_names_hash_bucket_size 1024; ignore_invalid_headers on; connection_pool_size 256; request_pool_size 4k; output_buffers 4 32k; postpone_output 1460; include mime.types; default_type application/octet-stream; # Compression gzip gzip on; gzip_vary on; gzip_disable "MSIE [1-6]\."; gzip_proxied any; gzip_min_length 512; gzip_comp_level 6; gzip_buffers 8 64k; gzip_types text/plain text/xml text/css text/js application/x-javascript application/xml image/png image/x-icon image/gif image/jpeg image/svg+xml application/xml+rss text/javascript application/atom+xml application/javascript application/json application/x-font-ttf font/opentype; # Proxy settings proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass_header Set-Cookie; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; proxy_buffers 32 4k; proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m; proxy_cache_key "$host$request_uri $cookie_user"; proxy_temp_path /var/cache/nginx/temp; proxy_ignore_headers Expires Cache-Control; proxy_cache_use_stale error timeout invalid_header http_502; proxy_cache_valid any 1d; open_file_cache_valid 120s; open_file_cache_min_uses 2; open_file_cache_errors off; open_file_cache max=5000 inactive=30s; open_log_file_cache max=1024 inactive=30s min_uses=2; # SSL Settings ssl_session_cache shared:SSL:10m; ssl_protocols TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS"; # Logs log_format main '$remote_addr - $remote_user [$time_local] $request ' '"$status" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; log_format bytes '$body_bytes_sent'; #access_log /var/log/nginx/access.log main; access_log off; # Cache bypass map $http_cookie $no_cache { default 0; ~SESS 1; ~wordpress_logged_in 1; } # Include additional configuration include /etc/nginx/cloudflare.inc; include /etc/nginx/conf.d/*.conf; } I mean what else we have to add to the above config file to make it more secure and highly performance kindly guide us. thank you

Hi, I hope you are be fine. Kindly guide me on how can make a high secure and top performance config for /etc/nginx/nginx.conf which help the server against attacker and keep server more secure and mitigate attacks. Kindly share the whole ngnix.conf here with full details. thank you very much.

HI, Dear guys please guide me on how to install Snort or alternatively intrusion system in cwp admin for mitigate the attack an sql injection please thank you very much.

HI, as well the cron is not script is not working that you guided below 0 0 * * 0 /usr/bin/sh /root/clearlog.sh I set it from cwp admin, it will work from your point of view?? thanks.

HI, kindly guide me on how can fix this error: truncate: cannot open ‘/var/log/cwpsecure/reject_003.log’ for writing: No such file or directory thank you

HI, when I run the the above command, getting the below error: [root@cloud ~]# systemctl restart logrotate.timer logrotate Failed to restart logrotate.timer: Unit not found. Failed to restart logrotate.service: Unit not found. [root@cloud ~]# systemctl status logrotate.timer logrotate Unit logrotate.timer could not be found. Unit logrotate.service could not be found. please guide me thanks.

HI, thank you very much dear Sandeep for you nice comprehensive answer just I would to ask about this line: /usr/local/cwp/php71/var/log/*.log incase using php 8.1 instead of the php 7.1, it's nee to change: /usr/local/cwp/php81/var/log/*.log or it's not necessary thanks