Policyd - Limit emails per hour

Policyd is used to limit incoming and outgoing emails per hour. Installation instructions Install it from cwp.admin by rebuilding the mail server with option policyd Left Menu->Email->MailServer Manager and select policyd other options is to do the manual installation over ssh command: sh /scripts/install_cbpolicyd * Run this command from the ssh If needed to set […]

Read More

How to install KernelCare on CWP servers

KernelCare is a service that provides automated kernel security updates to your running kernel alleviating the need to reboot the server. It promptly delivers the latest security patches for different Linux distributions applied automatically to the running kernel in just nanoseconds. KernelCare works in both, live and staging environments, and for servers located behind the […]

Read More

Cgroups - Limits per User

This module in CWP allows you to Limit Server Resources per User using cgroups. Video instructions Example of cgroups in action on CWP servers Dedicated Servers Limits Available - CPU, Memory, Disk VPS: KVM Limits Available - CPU, Memory, Disk VPS: OpenVZ Limits Available - Memory Please note that some Cloud/VPS providers have a custom […]

Read More

How to disable dangerous php functions

These functions can be potentially dangerous in some scenarios for the security of your scripts and server you can always disable them. Run the below command for the PHP versions you need to disable those functions. PHP switcher : echo "disable_functions = exec, system, popen, proc_open, shell_exec, passthru, show_source" > /usr/local/php/php.d/disabled_function.ini PHP-CGI selector : echo […]

Read More

suPHP Detailed info

suPHP Detailed info Configuration files: /usr/local/etc/suphp.conf (Detailed suPHP configuration) /usr/local/apache/conf.d/suphp.conf (suPHP configuration for Apache) There is also suphp configuration in the vhost files for each vhost. /usr/local/apache/conf.d/vhosts/DOMAIN.COM.conf /usr/local/apache/conf.d/vhosts/DOMAIN.COM.ssl.conf If you don't want to allow users to modify and use custom php.ini per folder you can do that by placing an empty php.ini file into users […]

Read More

PHP open_basedir

How to enabled PHP open_basedir in CWP We have two options - global config, one config file in the include folder /usr/local/php/php.d/ and in php selector include folders - per user config, the securest option as it restricts user to his /home/USERNAME folder and also disables users from using a custom php.ini files. Global Configuration […]

Read More

How to get chain certificates

When purchasing SSL from the SSL providers in many cases you will not get the chain certificates and you need to find them on they site, to make things easier we will add some easier instructions here. For start check your domain certificates https://www.sslshopper.com/ssl-checker.html or https://www.sslshopper.com/ssl-checker.html?hostname=YOUR-DOMAIN If you get a broken end (red arrow) this […]

Read More

How to change ssh port

How to change ssh port for sshd and CSF Firewall Video instructions for CWP Edit /etc/ssh/sshd_config and uncomment line "# Port 22", example for port 8123 nano /etc/ssh/sshd_config Port 8123 Replace TCP_IN and TCP_OUT port 22 with the new port number nano /etc/csf/csf.conf Restart ssh and csf service sshd restart csf -r ** Don't forget […]

Read More

CWP Secure CentOS Kernel

CWP custom kernel with security level similar to SeLinux. Since this protection is MAC at the kernel level meaning all not allowed by the policy by default is denied and that provides the highest security for your system. Not supported systems: openVZ, cloudlinux Supported: All servers having ability to run & install default centos kernel. […]

Read More

CSF Firewall command line

CSF/LFD Firewall is installed by default on all CWP servers. Here you can find useful commands you can use from your terminal. To get the list of all options please use this commands csf --help man csf Configuration location is in the folder /etc/csf/ Main configuration file: /etc/csf/csf.conf Enable CSF Firewall csf -e Disable CSF […]

Read More

CWP Security Instructions

Website Protection ======================== Please note that by allowing users to have week site security your server overall security can be compromised. Most of the hackers will be denied by ModSecurity and FileSystemLock. Set for all .php files permissions to 640. You can also use in cwp admin left menu User Accounts -> Fix Permissions - […]

Read More

Hide system processes from users

How to hide all Linux processes not owned by the user in CWP In Security Center of the cwp.admin you have additional options to have your server even more secure. One of the options is to have all server processes hidden from users if they are the not owner of the process. This is great […]

Read More

Service log paths

Location of the logs on the CWP servers Apache logs are in folder /usr/local/apache/logs (main logs) /usr/local/apache/domlogs (per domain logs are in the same file for apache&nginx) Nginx logs are in folder /var/log/nginx/ /usr/local/apache/domlogs (per domain logs are in the same file for apache&nginx) Mod Security (per domain logs, replace DOMAIN.COM) /usr/local/apache/domlogs/DOMAIN.COM.error.log CWP server logs […]

Read More

Hostname SSL with Letsencrypt

Letsencrypt SSL Installation for Hostname - How to guide This is guide for cwp versions 0.9.8.2xx with autoSSL In cwp.admin left menu go to --> CWP Settings --> Change Hostname save there your hostname. SSL will be automatically installed, the only condition is that you have DNS A records set for the hostname. Please note […]

Read More

Letsencrypt Free SSL on CWP

Let's Encrypt is a certificate authority that launched on April 12, 2016 that provides free X.509 certificates for Transport Layer Security (TLS) encryption via an automated process designed to eliminate the current complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites. You can check the list of supported browsers […]

Read More

CWP Auto Logout

If you have an issue when you login into CWP and you are automatically logged-out, that issue is probably related with you IP change. In this case we are talking about the IP you have from your ISP which your device (browser) has. You should check with your provider if they are changing you ip […]

Read More

mod_security for CWP

Installation and management of the mod_security with CWP are very simple, you can install it with a single click. To install mod_security you only need to click on the "install mod security" button in your cwp.admin --> Security --> Mod Security With the installation of mod_security, you are also getting OWASP set of rules. OWASP […]

Read More

CSF/LFD Firewall configuration

With CWP you can simply configure CSF/LFD firewall by using CSF Firewall module. In CWP.admin go to: Left-Menu --> Security --> CSF Firewall Here you can whitelist, block or unblock IPs. For additional configuration you can click on Firewall Configuration button and there you can check or edit CSF firewall configuration. ** Don't forget to […]

Read More

Check if SSL certificate matches the key file

To check if your certificate file matches with the key, you can use the following commands. openssl rsa -noout -modulus -in FILENAME.key openssl req -noout -modulus -in FILENAME.csr openssl x509 -noout -modulus -in FILENAME.cert If you get different output, then you files do NOT match and you will need to reissue your certificate. To make […]

Read More

Track SPAM infected scripts

All this tools can help you to track spam and infected scripts but experienced admin assistance is always needed. Check this for tracking setup by using headers Using maldet (Malware scanner) Update Maldet maldet -u Scan public_html folder of infected user account maldet -a /home/USERNAME/public_html Using ClamAV (Clam Antivirus) clamscan -r /home/USERNAME/public_html | grep FOUND […]

Read More