If you have frequent problems with your users getting blocked by the firewall the safest way to prevent that would be by adding your country to the ignore list. In the file /etc/csf/csf.conf under CC_IGNORE = "" add your country, example for Croatia CC_IGNORE = "HR" You can check for your country code here (two-character […]
Category: Security
ClamAV Issues
ERROR: Can't download daily.cvd from database.clamav.net WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.101.2 Recommended version: 0.103.5 DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav main.cld is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) WARNING: getpatch: Can't download daily-26440.cdiff from database.clamav.net WARNING: getpatch: Can't download daily-26440.cdiff from database.clamav.net ERROR: getpatch: Can't download daily-26440.cdiff […]
PHP Defender - Snuffleupagus
PHP Defender - Snuffleupagus This is a PHP security module that has a custom configuration for each PHP version Supported PHP versions are PHP 7 and PHP 8. Configuration locations MAIN PHP-CGI /usr/local/php/php.d/snuffleupagus.ini Configuration locations PHP-FPM /opt/alt/php-fpm70/usr/php/php.d/snuffleupagus.ini /opt/alt/php-fpm71/usr/php/php.d/snuffleupagus.ini /opt/alt/php-fpm72/usr/php/php.d/snuffleupagus.ini /opt/alt/php-fpm73/usr/php/php.d/snuffleupagus.ini /opt/alt/php-fpm74/usr/php/php.d/snuffleupagus.ini /opt/alt/php-fpm80/usr/php/php.d/snuffleupagus.ini /opt/alt/php-fpm81/usr/php/php.d/snuffleupagus.ini Configuration locations PHP-CGI /opt/alt/php70/usr/php/php.d/snuffleupagus.ini /opt/alt/php72/usr/php/php.d/snuffleupagus.ini /opt/alt/php74/usr/php/php.d/snuffleupagus.ini /opt/alt/php71/usr/php/php.d/snuffleupagus.ini /opt/alt/php73/usr/php/php.d/snuffleupagus.ini /opt/alt/php80/usr/php/php.d/snuffleupagus.ini /opt/alt/php81/usr/php/php.d/snuffleupagus.ini Configuration files […]
CWP Security Advisor Config
You can managed CWP alerts and notification of security advisor in this file: /usr/local/cwp/.conf/.security_advisor.conf What is listed in the file that has disabled notifications: modsec = 1 lfd = 1 hidepid = 1 * This example disables notifications for mod_security, LFD firewall, and hidden processes. If you want to re-enable notifications just delete that line […]
Policyd - Limit emails per hour
Policyd is used to limit incoming and outgoing emails per hour. Video instructions Installation instructions Install it from cwp.admin by rebuilding the mail server with option policyd Left Menu->Email->MailServer Manager and select policyd other options is to do the manual installation over ssh command: sh /scripts/install_cbpolicyd * Run this command from the ssh If needed […]
How to install KernelCare on CWP servers
KernelCare is a service that provides automated kernel security updates to your running kernel alleviating the need to reboot the server. It promptly delivers the latest security patches for different Linux distributions applied automatically to the running kernel in just nanoseconds. KernelCare works in both, live and staging environments, and for servers located behind the […]
Cgroups - Limits per User
This module in CWP allows you to Limit Server Resources per User using cgroups. Video instructions Example of cgroups in action on CWP servers Dedicated Servers Limits Available - CPU, Memory, Disk VPS: KVM Limits Available - CPU, Memory, Disk VPS: OpenVZ Limits Available - Memory Please note that some Cloud/VPS providers have a custom […]
How to disable dangerous php functions
These functions can be potentially dangerous in some scenarios for the security of your scripts and server you can always disable them. Run the below command for the PHP versions you need to disable those functions. PHP switcher : echo "disable_functions = exec, system, popen, proc_open, shell_exec, passthru, show_source" > /usr/local/php/php.d/disabled_function.ini PHP-CGI selector : echo […]
suPHP Detailed info
suPHP Detailed info Configuration files: /usr/local/etc/suphp.conf (Detailed suPHP configuration) /usr/local/apache/conf.d/suphp.conf (suPHP configuration for Apache) There is also suphp configuration in the vhost files for each vhost. /usr/local/apache/conf.d/vhosts/DOMAIN.COM.conf /usr/local/apache/conf.d/vhosts/DOMAIN.COM.ssl.conf If you don't want to allow users to modify and use custom php.ini per folder you can do that by placing an empty php.ini file into users […]
PHP open_basedir
How to enabled PHP open_basedir in CWP ** Note this is only for PHP-CGI We have two options - global config, one config file in the include folder /usr/local/php/php.d/ and in PHP selector include folders - per-user config, the securest option as it restricts the user to his /home/USERNAME folder and also disables users from […]
How to get chain certificates
When purchasing SSL from the SSL providers in many cases you will not get the chain certificates and you need to find them on they site, to make things easier we will add some easier instructions here. For start check your domain certificates https://www.sslshopper.com/ssl-checker.html or https://www.sslshopper.com/ssl-checker.html?hostname=YOUR-DOMAIN If you get a broken end (red arrow) this […]
How to change ssh port
How to change ssh port for sshd and CSF Firewall Video instructions for CWP Edit /etc/ssh/sshd_config and uncomment line "# Port 22", example for port 8123 nano /etc/ssh/sshd_config Port 8123 Replace TCP_IN and TCP_OUT port 22 with the new port number nano /etc/csf/csf.conf Restart ssh and csf service sshd restart csf -r ** Don't forget […]
CWP Secure CentOS Kernel
CWP Secure Kernel checking each action and request: Video instructions CWPsecure kernel when in use provides the highest security possible on the market for the shared hosting, no other control panel has something similar integrated to compare with. We can only compare it with Cloudlinux/CageFS. CWP custom kernel with security level similar to SeLinux. Since […]
CSF Firewall command line
CSF/LFD Firewall is installed by default on all CWP servers. Here you can find useful commands you can use from your terminal. To get the list of all options please use this commands csf --help man csf Configuration location is in the folder /etc/csf/ Main configuration file: /etc/csf/csf.conf Enable CSF Firewall csf -e Disable CSF […]
CWP Security Instructions
Website Protection ======================== Please note that by allowing users to have week site security your server overall security can be compromised. Most of the hackers will be denied by ModSecurity and FileSystemLock. Set for all .php files permissions to 640. You can also use in cwp admin left menu User Accounts -> Fix Permissions - […]
Hide system processes from users
How to hide all Linux processes not owned by the user in CWP In Security Center of the cwp.admin you have additional options to have your server even more secure. One of the options is to have all server processes hidden from users if they are the not owner of the process. This is great […]
Service log paths
Location of the logs on the CWP servers Apache logs are in folder /usr/local/apache/logs (main logs) /usr/local/apache/domlogs (per domain logs are in the same file for apache&nginx) Nginx logs are in folder /var/log/nginx/ /usr/local/apache/domlogs (per domain logs are in the same file for apache&nginx) Mod Security (per domain logs, replace DOMAIN.COM) /usr/local/apache/domlogs/DOMAIN.COM.error.log CWP server logs […]
Hostname SSL with Letsencrypt
Letsencrypt SSL Installation for Hostname - How to guide This is guide for cwp versions 0.9.8.2xx with autoSSL In cwp.admin left menu go to --> CWP Settings --> Change Hostname save there your hostname. SSL will be automatically installed, the only condition is that you have DNS A records set for the hostname. If you […]
Letsencrypt Free SSL on CWP
Let's Encrypt is a certificate authority that launched on April 12, 2016 that provides free X.509 certificates for Transport Layer Security (TLS) encryption via an automated process designed to eliminate the current complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites. You can check the list of supported browsers […]
CWP Auto Logout
If you have an issue when you login into CWP and you are automatically logged-out, that issue is probably related with you IP change. In this case we are talking about the IP you have from your ISP which your device (browser) has. You should check with your provider if they are changing you ip […]