Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


CENTOS WEBPANEL IMPROVEMENTS (CWP) - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

CENTOS WEBPANEL IMPROVEMENTS (CWP)

24

Comments

  • What about backups?

    Thanked by 1eol
  • AlwaysSkintAlwaysSkint Member
    edited December 2018

    The bug that keeps jumping to the "High Performace WebServers Configuration" page is annoying - the demo displays the fault - but I eventually managed to activate the required modules on my servers. I had to run them multiple times, to be rid of the aforementioned page popping up. The current online Demo version is the same as what I run, whose File Manager doesn't look like the screenshot above.

    Thanked by 1JamesF
  • yongsikleeyongsiklee Member, Patron Provider

    List Domain: ---blank---
    When trying to add Domain, I got an error, "Domain already exists,"

    I am puzzled.

  • AlwaysSkint said: The bug that keeps jumping to the "High Performace WebServers Configuration" page is annoying - the demo displays the fault - but I eventually managed to activate the required modules on my servers. I had to run them multiple times, to be rid of the aforementioned page popping up. The current online Demo version is the same as what I run, whose File Manager doesn't look like the screenshot above.

    Note that that is not a bug, it is designed to force you to complete the setup process, otherwise the system cant work without.

    The website demo has not been updated, and all that will take place after the new website has been setup...

  • yongsiklee said: List Domain: ---blank---

    When trying to add Domain, I got an error, "Domain already exists,"

    I am puzzled.

    When you create a new account, you are asked to enter the domain name, which is displayed on the user dashboard as the main domain. so you can not add that agin.

    You can view the dns records of the domains.

    Thanked by 1yongsiklee
  • jvnadr said: What about backups?

    backups works fine.. have you tested....

  • Guys, kindly consider paying for the CWP Pro version, as the little amount goes towars development and supporting the project.

    You can also make use of the support plans, which gives you a dedicated support personell for your server.

  • I tried CentOS web panel a while back and really wanted to like it, but honestly it looks thrown together. As if it's been done in a rush, which is scary for a product that paramount to the stable running of your server.

    Checking your latest iteration of the site the panel still has the same cluttered appearance, is there any plans to overhaul the interface of the panel at all?

    Does anyone here use this in either a personal/business capacity? I'd love to hear your thoughts on how the panel performs and its features (forgetting the UI).

    Thanked by 1yongsiklee
  • @austenite did you not read any of the content above...
    CWP is certainly not a product thrown in together.. trust me
    Alot of the features and functions have gone through detailed planning and careful mapping to make sure that it is better than any other control panel out there.

    As for the user interface.. That has been redesigned completely..
    web server rebuilt....
    performance and speed improved...

    From a business perspective, i would use CWP than Cpanel.. and many people use CWP for business. especially with the new redesign.

    Install it on your server.. play around with it and give us feedback

    We hope you will like it..

  • @austenite said:
    I tried CentOS web panel a while back and really wanted to like it, but honestly it looks thrown together. As if it's been done in a rush, which is scary for a product that paramount to the stable running of your server.

    Checking your latest iteration of the site the panel still has the same cluttered appearance, is there any plans to overhaul the interface of the panel at all?

    Does anyone here use this in either a personal/business capacity? I'd love to hear your thoughts on how the panel performs and its features (forgetting the UI).

    I did. I use it for business , and personal use. I even sell hosting on it. That is until my server get auto updated into unstable beta testing development version of cwp.

    Good thing it has auto backup , I change into Vesta , restore from backup , and never look back.

    Thanked by 2austenite Wolveix
  • carcosacarcosa Member
    edited December 2018

    Tried setting this up and following the instructions and Bind doesnt seem to honor changes when im trying to setup DNS, Spent well over an hour trying to sort it and just pulled the plug. May try again soon but jesus that was painful.
    After the Vesta episodes it's really hard to trust using a panel for me.

    Thanked by 2austenite yongsiklee
  • What kind of challenges were you gacing while setting up DNS, and by that do you mean the NAmeservers..
    For that, make sure the relevant A records are pointing to the ip address, otherwise it will not work.
    the new version makes its own queries to validated records....

  • @ginner159 said:
    can you make a module for blesta billing? will have a look if so..

    Hello,

    We arehappy to Announce that Bblesta billing is now supported on Blesta billing 4.4
    This you can activate under Settings > Company > Modules > Available.

    Kindly check it out and let us know.

  • AlwaysSkintAlwaysSkint Member
    edited December 2018

    So how do you upgrade from CWPpro version: 0.9.8.746 to whatever version this is?

    sh /scripts/update_cwp
    service cwpsrv restart
    Redirecting to /bin/systemctl restart cwpsrv.service

    Same version.

  • as at now 0.9.8.746 is the latest version of CWP.

  • Neither of the File Managers look like your version.. :confused:

  • AlwaysSkint said: Neither of the File Managers look like your version..

  • In the screenshot he published here, he is using the dark skin. Have you changed the default white skin to the dark one?

  • if the version on the admin panel displayed is latest, the go to user panel and click file manager....

    you should get new file manager...
    make sure you have the new user panel... if not run this...

    wget http://repo.centos-webpanel.com/repo/7/beta/cwpsrv-1.12.1-6.src.rpm
    rpm -Uvh cwpsrv-1.12.1-6.src.rpm

    service cwpsrv restart

    Thanked by 1AlwaysSkint
  • Don't use this software.

    I just installed the new version because I saw the words "rewrite" in the same sentence with "security" and got excited.

    It's so bad.

    I should not be able to install software and gain root in less than 10 minutes, that should not be a thing in 2018. This is like shit I would expect in the early 2000's where people were still figuring out how to securely code in PHP with multi-user environments...

    What should I do? I feel like I could sit here for a couple hours and find dozens of security vulnerabilities. Do I waste more of my time and send them off to the developers?

    Don't get me wrong, the developers are nice guys... but I feel like this is all just a waste of time. My time and your (the end-users) time because I doubt they are going to get this garbage fixed. I don't know, throw me some suggestions I guess. :/

  • SecNinja said: should not be able to install software and gain root in less than 10 minutes, that should not be a thing in 2018. This is like shit I would expect in the early 2000's where people were still figuring out how to securely code in PHP with multi-user environments...

    your context is not understood.
    what do you mean that you should not be able to gain root access in les than 10 minutes...

  • SecNinja said: I should not be able to install software and gain root in less than 10 minutes, that should not be a thing in 2018. This is like shit I would expect in the early 2000's where people were still figuring out how to securely code in PHP with multi-user environments...

    your context is not understood. what do you mean you should not be able to gain root access in less than 20 minutes of installing...

    Also if you have security sugestions, or would like to contribute.
    write an email to [email protected]
    you will help suggest the security issue, and can receive payment for finding security issues.

  • I currently use CWP on VPS with IPv4
    Can I use CWP on VPS with NAT IP ?

  • AlwaysSkintAlwaysSkint Member
    edited December 2018

    @jvnadr said:
    In the screenshot he published here, he is using the dark skin. Have you changed the default white skin to the dark one?

    Nope 'cos only the "original" theme is shown, in User Accounts, Themes & Languages - though it's the Admin side. :-/ Additionally, a black background harks back to the '80s (https://github.com/rayleesg/dark_cwp)

    Don't get me wrong, CentOSWebPanel is good, for what it is, it's just full of irky bugs and inconsistencies; new tabs opening instead of same page, for one example. Unable to assign a user as part of the server (FQDN) domain - no reason why not to, is another. DKIM/SPF is also quirky, if not impossible for the hostname; how to apply for root@, is the prime candidate.

  • @nitramoneito said:

    SecNinja said: I should not be able to install software and gain root in less than 10 minutes, that should not be a thing in 2018. This is like shit I would expect in the early 2000's where people were still figuring out how to securely code in PHP with multi-user environments...

    your context is not understood. what do you mean you should not be able to gain root access in less than 20 minutes of installing...

    Also if you have security sugestions, or would like to contribute.
    write an email to [email protected]
    you will help suggest the security issue, and can receive payment for finding security issues.

    Where do I begin?

    There are so many file operations as root under user accessible directories leading to countless symlink attacks. For example:

    POC 1: https://paste2.org/2VhvzwEp

    I have many other similar flaws that do not require any sort of root intervention...

    What about some arbitrary command executions? I won't give the exact POC but let's just say, when deleting a MySQL database it is possible to run ANY command as root. Literally, instant root access in less than 15 seconds and any script kiddie would be able to figure out how it's done.

    Speaking of MySQL... if the server isn't using CloudLinux or restricting the process output in any way, it is incredibly easy for a user to capture the MySQL root password:

    POC 2: https://paste2.org/Pw9sKxGB

    ...

    I can go on, and on and on...

    My advice would be to rewrite your software again, make sure that there are no root file operations taking place under user accessible directories, ensure that all input is properly validated and escaped to prevent arbitrary command executions and make sure no passwords are being disclosed to the process list.

    It's so bad, ugh... I really hope no one is using your software outside of personal use with no random users on it.

  • nitramoneitonitramoneito Member
    edited December 2018

    SecNinja said: I should not be able to install software and gain root in less than 10 minutes, that should not be a thing in 2018. This is like shit I would expect in the early 2000's where people were still figuring out how to securely code in PHP with multi-user environments...

    Being a security expert,

    you can make suggesttions and be paid for mentioning any security vulnurabilities you find...

    What do you mean by you should not be able to install software or login as root after CWP installation, do you mean a normal user can be able to do this...

    kindly write your findings to [email protected] for further investigation

  • AlwaysSkint said: Nope 'cos only the "original" theme is shown, in User Accounts, Themes & Languages - though it's the Admin side. :-/ Additionally, a black background harks back to the '80s (https://github.com/rayleesg/dark_cwp)

    Don't get me wrong, CentOSWebPanel is good, for what it is, it's just full of irky bugs and inconsistencies; new tabs opening instead of same page, for one example. Unable to assign a user as part of the server (FQDN) domain - no reason why not to, is another. DKIM/SPF is also quirky, if not impossible for the hostname; how to apply for root@, is the prime candidate.

    The new file manager is only available on the user panel, file management.
    under the admin panel, it is still the old one

  • warih said: I currently use CWP on VPS with IPv4

    Can I use CWP on VPS with NAT IP ?

    yes, go under settings and you will see the option.. instructions also on the wiki

    Thanked by 1warih
  • deankdeank Member, Troll

    Security Ninja (Secninja) is a reputed guy in security audits.

    If he says not to touch it, then you guys shouldn't.

  • @nitramoneito said:
    @yokowasis sorry for any inconviniences caused. If you faced any challenges, alot of the issue have been fixed.
    You might have installed developer version for some reasons, if you say new version installed but wp installer was not working.
    Currently the system works fine, and if you need to force upgrade run the script
    sh /scripts/update_cwp
    then
    service cwpsrv restart

    trust me you will love this new version, and even vestacp cnt even come close.

    Well Vesta at least let you add IP's using the control panel, do you have that already on the new version? Last time I used was no capable of doing that... I like CWP but the logs management is really bad specially using Varnish, Nginx etc.

Sign In or Register to comment.