Ling

Maybe next year?

There are several bugs in the user panel under File Management / Directory Protection The directory protection manipulates the .htaccess and .htpasswd files in a user directory in order to limit the access from the web to these directories. 1. The predefined .htaccess file contains a typo error "memebers only" instead of members only 2. The mechanism fails completely if there is a .htaccess file already present. Instead of scanning the existing .htaccess and appending the predefined blocking content, no action is performed at all. Only the .htpassword file is generated, which is useless as such without the blocking content in .htaccess 3. If removing the block, an existing .htaccess file is not scanned and only the blocking content is removed. If there is additional content in the .htaccess file, again nothing happens. 4. If there is only the predefined content available, it will be removed. However, then a .htaccess file with length 0 remains on the server. This means all files in this directory and below are defined as unprotected regardless of the content of .htaccess files in upper directories. This is undesired and the .htaccess file should be deleted completely if empty (as it was before the protection action). Also, because of the bugs above this now prevents all further protection actions in this directory by CWP. 5. Unprotection actions leave the generated .htpassword files there as garbage. Those should be removed. I hope you could fix those errors, as they generate needless trouble for the users who expected them to work flawlessly and for sure cannot understand, why a repeated protect/unprotect operation makes the whole process not only dysfunctional from now on at all but also generates an unwanted security risk by disabling higher directories global protection commands for this particular subdirectory from now on.

Hi Master Could you please enlighten us how to install mod_qos against the now so popular slow loris attacks on our Apache server.

With menu key I mean the possibility to access DNS functions ---> dns zone editor inside the user panel This appears totally without any effect Whatever I edit here, even I delete all is ignored by websites and CWP root So best to remove DNS functions

Yes, thats possible. But the menu key sure was not migrated.

So what's the point of having the menu DNSZONES in /home/userblablabla/dnszones with completely useless entries reflecting nothing. Even the user modifies them, no effect at all. I would understand if those would be links to /var/named contents but they are just meaningless copies. Would be better to remove this menu entry rather than creating wrong expectations.

I am aware of this, i just had followed your recommendation on this board how to install it and it worked. DNS attacks have dissapeared now. So I think DNSSEC would be an important future asset of CWP. What I found out is that the CWP user refers to DNS according to the contents of /home/userblablabla/dnszones But the system refers to dns according to /etc/named.conf (the zone files) and then /var/named where the zone files are Apparently the zone files in /home/userblablabla/dnszones are redundant and are completely ignored. Even I delete them nothing happens. Please clarify if I am wrong in this topic, or maybe I did the installation in a wrong way?

Now I have jumped over my shadow: I did a rollback to the corrupted version, as I was sure I had found a way out before. I had applied your patch CWP-Control Web Panel 500 Internal server Error/Expir above, but only for the user. I can confirm, that even it throw a lot of errors, it worked. I can login over the user panel now and also have DNSSEC back as I have installed it before. So the problem is solved. The only thing remains: The user panel is still not aware that there is DNSSEC installed on the server, but apparently without consequences. So THANKYOU

No. I did a complete server roll back to a 2 weeks earlier version which clearly and definitely worked for sure. This was the 1156 version To my whole surprise, even then I could not log into the userpanel, same as above !!!! How can that be.... Then I did an upgrade back to the 1170 version. Then everything worked again, suddenly. No idea why either. Now I will reapply the DNSSEC modification I did before. If it stops working, that was the reason. I dont think this was the reason but I will investigate this weird case and keep you posted. I remember, I had this case long time ago. Unfortunately my brain is getting Alzheimer so I forgot how I solved it. I am really tempted to roll back to the faulty case and try your fix above if it works or not. What I noticed during the process, is that even I modified the DNSSEC and the websites are using it, the user control panel still is not aware of the modification and searching for the old unsigned files and for sure can not find them. But no errors are produced and the websites work signed according to dig. If there is any connection to the error above, no idea. In prinicple it is not good that I dont know why it did not work even it works now. Usually those errors will reappear, knock on wood.... Anyway I will keep you posted.

# # /etc/fstab # Created by anaconda on Tue Feb 28 12:59:30 2023 # # Accessible filesystems, by reference, are maintained under '/dev/disk/'. # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info. # # After editing this file, run 'systemctl daemon-reload' to update systemd # units generated from this file. # UUID=30cfcfc6-6c1f-4203-975d-120ff2e0552c / ext4 usrjquota=quota.user,jqfmt=vfsv0 1 1 UUID=31e0d1f8-5b9a-46d9-b3fb-49b823209c65 /boot ext4 usrjquota=quota.user,jqfmt=vfsv0 1 1 See, I have installed diskquota now, as it was not there before, but no change. NB. Only the direct access over port https://blablabla.com:2083/login/?acc=logon gives an error 500/blank white page The access over "list accounts" click on the "open panel" wrench symbol (temporary link) works flawlessly and opens the user panel. If I click logout the same blank page opens with error 500.

[18-Sep-2023 19:26:09] WARNING: [pool cwpsrv] child 184941 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: fast_login in /usr/local/cwpsrv/htdocs/admin/login/index.php on line 120" [18-Sep-2023 19:31:14] WARNING: [pool cwpsrv] child 190665 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: logout in /usr/local/cwpsrv/htdocs/admin/login/index.php on line 28" [18-Sep-2023 19:31:14] WARNING: [pool cwpsrv] child 190665 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: login in /usr/local/cwpsrv/htdocs/admin/login/index.php on line 30" [18-Sep-2023 19:31:14] WARNING: [pool cwpsrv] child 190665 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: fast_login in /usr/local/cwpsrv/htdocs/admin/login/index.php on line 120" [18-Sep-2023 19:36:28] WARNING: [pool cwpsrv] child 191065 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: logout in /usr/local/cwpsrv/htdocs/admin/login/index.php on line 28" [18-Sep-2023 19:36:28] WARNING: [pool cwpsrv] child 191065 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: login in /usr/local/cwpsrv/htdocs/admin/login/index.php on line 30" [18-Sep-2023 19:36:28] WARNING: [pool cwpsrv] child 191065 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: fast_login in /usr/local/cwpsrv/htdocs/admin/login/index.php on line 120" [18-Sep-2023 19:41:34] WARNING: [pool cwpsrv] child 191496 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: logout in /usr/local/cwpsrv/htdocs/admin/login/index.php on line 28" [18-Sep-2023 19:41:34] WARNING: [pool cwpsrv] child 191496 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: login in /usr/local/cwpsrv/htdocs/admin/login/index.php on line 30" [18-Sep-2023 19:41:34] WARNING: [pool cwpsrv] child 191496 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: fast_login in /usr/local/cwpsrv/htdocs/admin/login/index.php on line 120" [18-Sep-2023 19:46:13] WARNING: [pool login] child 191981 said into stderr: "NOTICE: PHP message: PHP Fatal error: <br>The encoded file <b>/usr/local/cwpsrv/var/services/users/login/index.php</b> has expired. in Unknown on line 0" [18-Sep-2023 19:46:39] WARNING: [pool cwpsrv] child 192028 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: logout in /usr/local/cwpsrv/htdocs/admin/login/index.php on line 28" [18-Sep-2023 19:46:39] WARNING: [pool cwpsrv] child 192028 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: login in /usr/local/cwpsrv/htdocs/admin/login/index.php on line 30" [18-Sep-2023 19:46:39] WARNING: [pool cwpsrv] child 192028 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: fast_login in /usr/local/cwpsrv/htdocs/admin/login/index.php on line 120" [18-Sep-2023 19:47:09] WARNING: [pool cwpsrv] child 192086 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: logout in /usr/local/cwpsrv/htdocs/admin/login/index.php on line 28" [18-Sep-2023 19:47:09] WARNING: [pool cwpsrv] child 192086 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: login in /usr/local/cwpsrv/htdocs/admin/login/index.php on line 30" [18-Sep-2023 19:47:09] WARNING: [pool cwpsrv] child 192086 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: fast_login in /usr/local/cwpsrv/htdocs/admin/login/index.php on line 120" [18-Sep-2023 19:47:12] WARNING: [pool cwpsrv] child 192086 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: logout in /usr/local/cwpsrv/htdocs/admin/login/index.php on line 28" [18-Sep-2023 19:47:12] WARNING: [pool cwpsrv] child 192086 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: login in /usr/local/cwpsrv/htdocs/admin/login/index.php on line 30" [18-Sep-2023 19:47:12] WARNING: [pool cwpsrv] child 192086 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: fast_login in /usr/local/cwpsrv/htdocs/admin/login/index.php on line 120" [18-Sep-2023 19:47:14] WARNING: [pool cwpsrv] child 192086 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: logout in /usr/local/cwpsrv/htdocs/admin/login/index.php on line 28" [18-Sep-2023 19:47:14] WARNING: [pool cwpsrv] child 192086 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: login in /usr/local/cwpsrv/htdocs/admin/login/index.php on line 30" [18-Sep-2023 19:47:14] WARNING: [pool cwpsrv] child 192086 said into stderr: "NOTICE: PHP message: PHP Notice: Undefined index: fast_login in /usr/local/cwpsrv/htdocs/admin/login/index.php on line 120" [18-Sep-2023 19:47:14] WARNING: [pool cwpsrv] child 192086 said into stderr: "cp: cannot stat '/usr/local/cwpsrv/htdocs/adminOLD/lib/phpMyAdmin': No such file or directory" [18-Sep-2023 19:47:14] WARNING: [pool cwpsrv] child 192086 said into stderr: "cp: cannot stat '/usr/local/cwpsrv/htdocs/adminOLD/lib/roundcube': No such file or directory" [18-Sep-2023 19:47:15] WARNING: [pool cwpsrv] child 192086 said into stderr: "ln: failed to create symbolic link '/etc/init.d/mysqld': File exists" [18-Sep-2023 19:47:15] WARNING: [pool cwpsrv] child 192086 said into stderr: "Redirecting to /bin/systemctl status crond.service" [18-Sep-2023 19:47:15] WARNING: [pool cwpsrv] child 192086 said into stderr: "Redirecting to /bin/systemctl start crond.service" [18-Sep-2023 19:47:15] WARNING: [pool cwpsrv] child 192086 said into stderr: " % Total % Received % Xferd Average Speed Time Time Time Current" [18-Sep-2023 19:47:15] WARNING: [pool cwpsrv] child 192086 said into stderr: " Dload Upload Total Spent Left Speed" [18-Sep-2023 19:47:15] WARNING: [pool cwpsrv] child 192086 said into stderr: " 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0" [18-Sep-2023 19:47:15] WARNING: [pool cwpsrv] child 192086 said into stderr: " 100 112 0 83 100 29 912 318 --:--:-- --:--:-- --:--:-- 1230" [18-Sep-2023 19:47:15] WARNING: [pool cwpsrv] child 192086 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe" [18-Sep-2023 19:47:22] WARNING: [pool cwpsrv] child 192404 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe" [18-Sep-2023 19:47:27] WARNING: [pool cwpsrv] child 192086 said into stderr: "cat: /usr/local/cwp/.conf/quota_part.conf: No such file or directory" [18-Sep-2023 19:47:27] WARNING: [pool cwpsrv] child 192208 said into stderr: "sed: couldn't write 75 items to stdout: Broken pipe" [18-Sep-2023 19:47:37] WARNING: [pool cwpsrv] child 192086 said into stderr: "sed: couldn't write 75 items to stdout: Broken pipe" [18-Sep-2023 19:47:42] WARNING: [pool cwpsrv] child 192404 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe" [18-Sep-2023 19:47:47] WARNING: [pool cwpsrv] child 192086 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe" The webbrowser sees an error 500

Recently I can not login to CWP user panel anymore over the side server:2083/login/ Just a blank page appears, no content Tried rollback to earlier versions, no effect. Checked different browsers, no effect Disabled modsecurity, firewall, no effect A login over the root panel / list users works without problem, as the login page is circumvented here Initially this clearly worked in 1170 version with 2FA. Now the whole thing dissapeared, really dont know why this happened.

Thanks for updating the recipe. You also should make clear that repeated use of this procedure will most likely lead to errors in the bind file and prevent bind from restart. Even the syntax checker can not find those errors. So this only works with a virgin config not using dnssec yet. Best practice is to make a backup of all config files and roll back from there, if bind refuses to restart due to a typo in the domain name or something like that. Or you write a script which does all this. DNSSEC and mod_evasive helped significantly to reduce overload attacks on our server and is definitely a must for CWP, so you should move this thread over there.

Now I can confirm that your recipe still works after removing the line dnssec-lookaside auto; from it, as it is not supported any longer. The main problem was that this recipe only can be applied one single time. After rollback to virgin I tried it again without above line and bind can be started now.

Now I can confirm that your recipe still works after removing the line dnssec-lookaside auto; from it, as it is not supported any longer. The main problem was that this recipe only can be applied one single time. After rollback to virgin I tried it again without above line and bind can be started now.