Navid

HI

On 1/22/2025 at 2:35 PM, TheHolbi said:

Hello, I am also using several Contabo VPS with AlmaLinux 9.x and CWP but the install issues (only 1 or 2 occurred) can be handled with some little correction.
If you will be more specific with your issues may I can help you.
So, I suggest to use AlmaLinux 9.x (latest).
There may some issue with mod_security install (the mod_security config file have to be corrected manually)
And there may some issue with postfix - openssl install, the config files have to be corrected manually,
And there may some issue with amavis install, the config file have to be corrected manually.

And finalizing the component install, the server with CWP and AlmaLinux 9.x running very well and stable.

So, what were your issues?

Hi, could you please share the solution that your are talking above here? it will help a lot of people thank you so much.

test the latest one:

# added by Navid

if ($config{LF_MODSEC} && $globlogs{MODSEC_LOG}{$lgfile} && $line =~ /\[client (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|[A-Fa-f0-9:]+)\] ModSecurity:.*?(?:\[id "(\d+)"\].*?)?Access denied.*?(\[uri "([^"]+)"\])?.*?(\[host "([^"]+)"\])?/i) {

my $ip = $1;

$ip =~ s/^::ffff://i; # Remove IPv6 prefix (if present)

$ip =~ s/:\d+$//; # Strip port (e.g., 1.2.3.4:56789 → 1.2.3.4)

my $ruleid = defined($2) ? $2 : "unknown"; # Rule ID

my $uri = defined($4) ? $4 : "unknown"; # Blocked URI

my $host = defined($6) ? $6 : "unknown"; # Host header

# Ports to block (expand as needed: HTTP, HTTPS, SMTP, FTP, etc.)

my $block_ports = "80,443,25,587,465,21,22,8080,8443";

if (checkip($ip)) {

return ("ModSecurity Alert [ID:$ruleid] - Host: $host, URI: $uri", $ip, "mod_security-custom", "4", $block_ports, "1");

} else {

return;

}

}

# ended by Navid

or use this one for better enhancement

# added by Navid

if ($config{LF_MODSEC} && $globlogs{MODSEC_LOG}{$lgfile} && $line =~ /^\[\S+ \S+ \S+ \S+ \S+\] \[(\w*)?:error\] (\[pid \d+(:tid \d+)\]) \[client (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|[A-Fa-f0-9:]+)\:\d+\] \[client (\S+)\] ModSecurity:.*?(?:\[id \"(\d+)\"\].*?)?Access denied/i) {

my $ip = $5;

$ip =~ s/^::ffff://;

$ip =~ s/:\d+$// if split(/:/, $ip) == 2;

my $ruleid = "unknown";

$ruleid = $6 if defined($6); # Capture ModSecurity rule ID

# Extract URI for context (optional)

my $uri = "unknown";

$uri = $1 if $line =~ /\[uri \"([^\"]+)\"\]/;

if (checkip($ip)) {

return ("ModSecurity Alert [ID:$ruleid] - Blocked URI: $uri", $ip, "mod_security-custom", "4", "80,443", "1");

} else {

return;

}

}

# ended by Navid

On 2/27/2025 at 3:59 AM, Starburst said:

@Navid

Tried your modification, but LFD gave an error:

thank you so much for report this error that you're faced

and here is the corrected and tested version Fore regex.custom.pm:

# added by Navid
if ($config{LF_MODSEC} && $globlogs{MODSEC_LOG}{$lgfile} && $line =~ /^\[\S+ \S+ \S+ \S+ \S+\] \[(\w*)?:error\] (\[pid \d+(:tid \d+)\]) \[client \S+:\S+\] \[client (\S+)\] ModSecurity:(( \[[^\]]+\])*)? Access denied/) {
    my $ip = $4;
    $ip =~ s/^::ffff://;
    $ip =~ s/:\d+$// if split(/:/, $ip) == 2;

    my $ruleid = "unknown";
    if ($line =~ /\[id "(\d+)"\]/) {
        $ruleid = $1;
    }

    if (checkip($ip)) {
        return ("mod_security (id: $ruleid) triggered by", $ip, "mod_security-custom", "4", "80,443", "1");
    } else {
        return;
    }
}
# ended by Navid

for test the Validation just run the commend below

1. Validate The Syntax:

   perl -c /usr/local/csf/bin/regex.custom.pm

   Output should show: OK.

2. Restart CSF/LFD:

   csf -r

On 2/22/2025 at 4:45 PM, Sandeep B. said:

i need one test server pre built with cwp to test the latest version some one DM me

Hi, I have a server with pre installed cwp, if you need to test the latest one with pleasure

thank.

On 5/8/2024 at 12:23 AM, Sandeep B. said:

first, you can try this mod security csf regex : 

 

if (($config{LF_MODSEC}) and ($globlogs{MODSEC_LOG}{$lgfile}) and ($line =~ /^\[\S+ \S+ \S+ \S+ \S+\] \[(\w*)?:error\] (\[pid \d+(:tid \d+)\]) \[client \S+:\S+\] \[client (\S+)\] ModSecurity:(( \[[^\]]+\])*)? Access denied/)) {
        my $ip = $4;
        $ip =~ s/^::ffff://;
        if (split(/:/,$ip) == 2) {$ip =~ s/:\d+$//}
        my $ruleid = "unknown";
        if ($line =~ /\[id "(\d+)"\]/) {$ruleid = $1}
        if (checkip(\$ip)) {return ("mod_security (id:$ruleid) triggered by","$ip","mod_security-custom","1","80,443","1")} else {return}
}

 

After reviewing the code, I've made some improvements for better readability and maintainability. The functionality remains the same, but the code is now more structured and clearer. Here's the revised version:

perlCopy

# added by Navid
if ($config{LF_MODSEC} && $globlogs{MODSEC_LOG}{$lgfile} && $line =~ /^\[\S+ \S+ \S+ \S+ \S+\] \[(\w*)?:error\] (\[pid \d+(:tid \d+)\]) \[client \S+:\S+\] \[client (\S+)\] ModSecurity:(( \[[^\]]+\])*)? Access denied/,/) {
    my $ip = $4;
    $ip =~ s/^::ffff://;
    $ip =~ s/:\d+$// if split(/:/, $ip) == 2;

    my $ruleid = "unknown";
    if ($line =~ /\[id "(\d+)"\]/) {
        $ruleid = $1;
    }

    if (checkip($ip)) {
        return ("mod_security (id: $ruleid) triggered by", $ip, "mod_security-custom", "4", "80,443", "1");
    } else {
        return;
    }
}
# ended by Navid

Changes made to the code:

1. Replaced the and operator (&&) instead of and for better Perl coding practice.

2. Reorganized the conditional checks to be more concise and easier to read.

3. Simplified the conditional statement for removing the port number from the IP address.

4. Added curly braces for better clarity and readability.

Note: if there is missed please advice me.

thank you.

Hi, kindly some one help us on how to update/ upgrade Mode Security to latest version : v3.0.13 on cwp panel please

thank you so much

Hi, dear Sandeep thank you so much for you a very nice and useful guide on cURL. but as you know the latest is cURL 8.11.1

could you please confirm and update the code for the latest cURL???

note: does the Latest cURL is capable with cwp?

thank you and waiting for you guide.

regards.

thank you so much this topic help me a lot

your sincerely

Hi, dear masters, I would like to install the latest version of the cURL on centos 7 Kindly guide me on how can apply this scenario because I did as below;

rpm -Uvh http://www.city-fan.org/ftp/contrib/yum-repo/rhel7/x86_64/city-fan.org-release-2-1.rhel7.noarch.rpm

yum --enablerepo=city-fan.org update curl libcurl libcurl-devel

but it is not working.

thank you so much.

Hi, this week I got a lot of attack which was on the below path:

2025/01/12 15:02:08 [error] 762#762: *1768584 openat() "/usr/local/apache/autossl_tmp/.well-known/acme-challenge/ALFA_DATA/alfacgiapi/bash.alfa" failed (2: No such file or directory), client: 68.183.234.75, server: mysite.com, request: "GET /.well-known/pki-validation/ALFA_DATA/alfacgiapi/bash.alfa HTTP/2.0", host: "www.mysite.com"

and they trying to redirecting the website on which one they want, as well there was a huge DDoS attack on same path.

kindly advice me on how can make it secure the centos 7 with cwp please.

I put a scenario below for some security step :

edit htaccess file on the root by:

# Disable directory browsing
Options -Indexes

# Allow access to the necessary files (Let's Encrypt challenge files)
<Files "^.*\.(wP7FYuLdR7qk-y\hj.txt)$">
    Require all granted
</Files>

# Block all other files and access
<Files "*">
    Require all denied
</Files>

# Allow access from the Let's Encrypt IP addresses (source: https://letsencrypt.org/docs/challenge-types/#http-01-challenge)
Require ip 204.2.147.196/32
Require ip 54.86.189.80/32
Require ip 52.41.92.181/32
Require ip 52.44.188.73/32
Require ip 52.204.133.74/32

if you know a better a secure solution kindly advice it here.

thank you

4 hours ago, leisegang said:

i would sayt that the server lacks a recursive DNS record. Does it have a public IP and a PTR`?

Hi, thank you very much, yes it does, everything was good 3 days before, but suddenly it seem issue in rdns

kindly guide me what if I setup new server by alma9 but I’m not sure CWP support alma 9?

what is the solution

thank you

3 hours ago, Sandeep B. said:

Hi ensure port 53 is opened tcp and udp

Hi, thank you dear sandeep for your time and efforts to resolve our issue it’s to much worthy for us indeed.

yes the 53 port is sat correctly to open in all mood tcp and udp

waiting for further solution please

thank you.

Hi, dear Master please guide me on does it possible to Migrating from CentOS7 to AlmaLinux9 (same server) without installing to new server?

I having Centos7 and willing to Migrating to Almalinux9 without new installation to the new server?

if possible please guide me.

Note: i found the below articles but I’m not sure it will work or no.

Migrating from CentOS to AlmaLinux or Rocky Linux

If you have CentOS 8 installed, root access to the server, and some knowledge of SSH commands, you can migrate your operating system to AlmaLinux or Rocky Linux.

For migrating to AlmaLinux, take the following steps:

1. Access the server via SSH with your root details (eg. ssh root@IPaddress –p22) Find more information about how to access your server via SSH.

2. Download the following AlmaLinux GitHub repository script.

3. Run the script: sudo bash almalinux-deploy.sh

If your migration is successful, you will see “Migration to AlmaLinux is completed” in the output. Then you can reboot your system to run the AlmaLinux kernel and start using AlmaLinux OS with the following command: sudo reboot

Migration from CentOS to Rocky Linux can also be performed via SSH with the help of the migrate2rocky tool developed for this purpose.

Take the following steps to migrate CentOS to Rocky Linux:

1. In the repository via SSH, download the executing script directly from the repository via SSH by running the following command on your server: click here.

2. Make sure that the script is executable by running the following command: chmod u+x migrate2rocky.sh

3. Then you can run the migration script: ./migrate2rocky.sh –r

You will see ‘Completed!’, which means that the system was successfully migrated from CentOS to Rocky Linux. Reboot your server using the sudo reboot and start using Rocky Linux!

After the reboot, check the current system installed on your server by running: hostnamectl.

source link:

AlmaLinux vs. Rocky Linux: a com...

Hi, dear masters I having issue with my rDNS which are showing rDNS/PTR = FAILED

I have attached a screen shot for further help and kindly guide me on how can resolve this issue.

Postfix Mail Server Manager

Rebuild your mail server with Amavisd, Spamassassin, ClamAV (AntiSpam and AntiVirus Protection)
Hostname needs to have a valid A record and rDNS/PTR set for successful email delivery.
**Reject the request when the hostname in the client HELO (EHLO) command has no DNS A or MX record. The unknown_hostname_reject_code specifies the response code to rejected requests (default: 450).

Your Hostname is: cloud.signalprime.com and it resolves to IP: ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.16 <<>> A cloud.signalprime.com +short @8.8.8.8 ;; global options: +cmd ;; connection timed out; no servers could be reached [Check Black List]
rDNS/PTR = FAILED, check with your hosting provider!FAILED[Check SenderBase]

rDNS/PTR check for IP 116.202.219.107 = ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.16 <<>> -x 116.202.219.107 +short @8.8.8.8;; global options: +cmd;; connection timed out; no servers could be reached
rDNS/PTR check for IP 116.202.219.96 = ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.16 <<>> -x 116.202.219.96 +short @8.8.8.8;; global options: +cmd;; connection timed out; no servers could be reached

kindly guide me please

thanks.

Hi, I hope you are doing well.

whenever i ran this command all things goes as expected well.

curl -s -L https://www.alphagnu.com/upload/centos7-repo-fix.sh | bash

but when trying to update the system by:

yum update:

I getting the bellow error.

yum update

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

* epel: d2lzkl7pfhq30w.cloudfront.net

No packages marked for update

kindly guide me what is the issue

thank you

HI, dear Master Sandeep for your nice help and your precious time.

Kindly what about the below ink tutor I mean is it necessary or your solution will be enough

https://www.superspeedyplugins.com/kb/performance-optimization/stack-guides-tips/configuring-nginx-pass-real-ip-addresses-cloudflare-compatible-fail2ban-wordpress/

thank you so much

regards

Hi, Dear support team I facing a very strange issue for 3 past days, the problem that I’m facing is showing me just the Cloudflare IP, not the real IP that connects to our server and our websites. It happened 3 days ago and it continued, before this issue the real IP that connected to each website was shown and visible on the security center incident and log files but right now just showing Cloudflare IP: https://www.cloudflare.com/ips-v4/ that we are using it as proxy and some other security measures.

I don’t know what is happening because I don’t bring any changes.

I did some research on X-Forwarded-For or CF-Connecting-IP but I can’t find solutions for cwp and this specific problem

Kindly guide me on how can resolve this issue

I have attached a screenshot for your further help.

Regards.

On 7/9/2024 at 7:44 PM, Sandeep B. said:

you need to remove this line and paste as it is

default_storage_engine = MyISAM

HI, Dear Mr Sandeep I hope you and your honor family are safe and rounded by Gold bless.

I have two question about my.cnf

what if I add this line into my.cnf: 

init-connect='SET NAMES utf8'

Because I would to support fully UTF8???

second ad you advice I have to remove this line:

default_storage_engine = MyISAM

or just remove MyISAM from the end of the line??? or I have to remove completely the line???

thank you very much for you answer in advance

regards.

Thank you so much it's work perfectly, and it save me. thank you so much from both of your gentleman!

Hi, thank you so much Dear Sandeep,  it not work fine, it's work perfectly.

Appreciated!

Hi, sorry I forgot to ask you it's deploy able  in centos7? 

Salute, Gold Bless you. thanks

On 6/2/2023 at 3:38 PM, Sandeep B. said:

MariaDB is an open source relational database management system (DBMS) that is a compatible drop-in replacement for the widely used MySQL database technology. MariaDB is based on SQL and supports ACID-style data processing with guaranteed atomicity, consistency, isolation and durability for transactions.

To Install Mariadb 10.11 in Centos 9 stream/almalinux 9/rockylinux 9 do this :
Now edit/create the Repo file :

Ensure you don’t have any other MariaDB repo file in /etc/yum.repos.d if exists delete or backup the existing repo file then create the repo file :

nano /etc/yum.repos.d/mariadb.repo

add this lines and save it :

[mariadb]
name = MariaDB
baseurl = https://rpm.mariadb.org/10.11/centos/$releasever/$basearch
module_hotfixes = 1
gpgkey = https://rpm.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck = 1

After that update Mariadb 10.11 :

yum clean all
yum install MariaDB-server MariaDB-client net-snmp perl-DBD-MySQL -y
yum update -y

No follow on screen setup by running this command :

mysql_secure_installation

** if you installed fresh copy of MAriadb just now and this command is asking password just hit Enter button

To login to the MariaDB server, enter the following command with the password that was set previously,

mysql -u root -p

Done you’ve installed Mariadb 10.11 on Centos 9/EL9

salute, and thank you so much for your very brief guide, just one more question please: what if would to use the latest Mariadb I mean(11.4.2).

secondly: there is no need to take back from old Mariadb?

thank you

On 7/11/2024 at 3:42 AM, Netino said:

Before running this script, I just would run:

sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
sed -i 's|#\s*baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*

Regards,

Netino
 

Dear Netio please describe your bash? what is this for this bash? and what it will execute in the server??