BPS on CyberPanel on Linode

Home Forums BulletProof Security Pro BPS on CyberPanel on Linode

Viewing 15 posts - 1 through 15 (of 35 total)
  • Author
    Posts
  • #40104
    Ljubomir Manojlovic
    Participant

    WP site on CyberPanel on CentOS 8 on Linode.

    Like usually, I have message about to enable htaccess files manually in setup wizard options tab. When I do it, appear several other warnings, mainly pointing on Root Folder BulletProof Mode Activate button (should be manually activated first) and Folder BulletProof Mode Activate button (should be activated second). Neither this was unusual case for me.

    However, problem is that manually cannot be activated ANYTHING (on entire tab page of B-Core Security Modes).

    What now?

    #40105
    AITpro Admin
    Keymaster

    Did you run the Pre-Installation Wizard and Setup Wizard after enabling htaccess files on the Setup Wizard Options page?  If you are unable to manually submit any Forms then the most likely cause for that problem is ModSecurity > https://forum.ait-pro.com/forums/topic/mod-security-common-known-problems/. Several BPS forms have Encrypt/Decrypt buttons to evade/bypass ModSecurity.

    #40107
    Ljubomir Manojlovic
    Participant

    Well, I’m not sure how that could be the issue as I have on Google Cloud Platform on Ubuntu 20 same CyberPanel and there was no such issues despite that ModSecurity is enabled. As you know (I guess that you know), on CyberPanel cannot be done itself uninstallation (cli mess only), so I just disabled all tree sections of ModSecurity (so, complete) and nothing changed in BPS.

    My conclusion is that CentOS is reason, probably is security policy issue, as Ubuntu doesn’t have such feature. Maybe not even ContOS itself, but for sure is policy as we cannot know what did with policy CyberPanel packager (LST).

    Briefly, any advice?

    #40108
    AITpro Admin
    Keymaster

    I can’t really offer an advice because I am not sure what the cause of the problem is.  If you want me to login to this website and take a look at things to see if I can figure out the cause of the problem then send a WordPress Administrator login to this website to:  info at ait-pro dot com.

    #40109
    AITpro Admin
    Keymaster

    I just thought of something that could be the cause of the problem > file/folder permissions or more likely a file/folder Ownership problem.  Go to the BPS > System Info page > all of your Script Owner User ID’s (UID) and File Owner User ID’s should be identical/the same ID/number.

    #40110
    Ljubomir Manojlovic
    Participant

    I set you access to all infrastructure and sent you email.

    #40111
    Ljubomir Manojlovic
    Participant

    Your email server not accept emails.

    ANSWER ON EMAIL

    You missed part where I wrote that credentials are same for CyberPanel and for WordPress. So, just try.

    #40112
    AITpro Admin
    Keymaster

    Ok I am logged into the WordPress website now.  My host uses Spam Assassin.  If there are a lot of links in an email Spam Assassin will reject the email.

    #40113
    AITpro Admin
    Keymaster

    The reason you are seeing the htaccess Files Disabled Notice on first time installation of BPS Pro is that the necessary Apache Modules are not loaded or there is a server configuration problem with Apache modules.  This is what I see when I check the BPS Pro > System Info page.  I have not run the Setup Wizards on this site.  There is no point in doing that until the Apache Module issue/problem is fixed first.

    Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No):
    200:200:200:200: mod_access_compat and mod_authz_core or mod_rewrite are not Loaded
    200: mod_security Module is not Loaded|Enabled|IfModule: Yes

    #40114
    Ljubomir Manojlovic
    Participant

    To be honest, I’m without any idea what to do now. I asked support by Linode, but ….

    I’m actually completely confused.

    1) On ‘apachectl -M’ I have

    # apachectl -M
    AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using li291-196.members.linode.com. Set the 'ServerName' directive globally to suppress this message
    Loaded Modules:
    core_module (static)
    so_module (static)
    http_module (static)
    access_compat_module (shared)
    actions_module (shared)
    alias_module (shared)
    allowmethods_module (shared)
    auth_basic_module (shared)
    auth_digest_module (shared)
    authn_anon_module (shared)
    authn_core_module (shared)
    authn_dbd_module (shared)
    authn_dbm_module (shared)
    authn_file_module (shared)
    authn_socache_module (shared)
    authz_core_module (shared)
    authz_dbd_module (shared)
    authz_dbm_module (shared)
    authz_groupfile_module (shared)
    authz_host_module (shared)
    authz_owner_module (shared)
    authz_user_module (shared)
    autoindex_module (shared)
    brotli_module (shared)
    cache_module (shared)
    cache_disk_module (shared)
    cache_socache_module (shared)
    data_module (shared)
    dbd_module (shared)
    deflate_module (shared)
    dir_module (shared)
    dumpio_module (shared)
    echo_module (shared)
    env_module (shared)
    expires_module (shared)
    ext_filter_module (shared)
    filter_module (shared)
    headers_module (shared)
    include_module (shared)
    info_module (shared)
    log_config_module (shared)
    logio_module (shared)
    macro_module (shared)
    mime_magic_module (shared)
    mime_module (shared)
    negotiation_module (shared)
    remoteip_module (shared)
    reqtimeout_module (shared)
    request_module (shared)
    rewrite_module (shared)
    setenvif_module (shared)
    slotmem_plain_module (shared)
    slotmem_shm_module (shared)
    socache_dbm_module (shared)
    socache_memcache_module (shared)
    socache_shmcb_module (shared)
    status_module (shared)
    substitute_module (shared)
    suexec_module (shared)
    unique_id_module (shared)
    unixd_module (shared)
    userdir_module (shared)
    version_module (shared)
    vhost_alias_module (shared)
    watchdog_module (shared)
    dav_module (shared)
    dav_fs_module (shared)
    dav_lock_module (shared)
    lua_module (shared)
    mpm_event_module (shared)
    proxy_module (shared)
    lbmethod_bybusyness_module (shared)
    lbmethod_byrequests_module (shared)
    lbmethod_bytraffic_module (shared)
    lbmethod_heartbeat_module (shared)
    proxy_ajp_module (shared)
    proxy_balancer_module (shared)
    proxy_connect_module (shared)
    proxy_express_module (shared)
    proxy_fcgi_module (shared)
    proxy_fdpass_module (shared)
    proxy_ftp_module (shared)
    proxy_http_module (shared)
    proxy_hcheck_module (shared)
    proxy_scgi_module (shared)
    proxy_uwsgi_module (shared)
    proxy_wstunnel_module (shared)
    systemd_module (shared)
    cgid_module (shared)
    http2_module (shared)
    proxy_http2_module (shared)

    2) On ‘systemctl status httpd’ I have

    # systemctl status httpd
    ● httpd.service - The Apache HTTP Server
    Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
    Active: inactive (dead)
    Docs: man:httpd.service(8)

    Any idea what it mean?

    #40115
    AITpro Admin
    Keymaster

    I could take some logical guesses, but they would only be guesses since I have never heard of CyberPanel before.  I think the best place to get answers to CyberPanel questions is on the CyberPanel forum site > https://forums.cyberpanel.net/

    #40116
    Ljubomir Manojlovic
    Participant

    Problem is buggy marketplace package. Raw OS image and new install script solve all issues. Remaining question is only about htaccess enable/disable. As CyberPanel run on OpenLiteSpeed server and not on Apache, should I to enable htaccess or not? If I enable it, I have warnings about bulletproof modes, but it can be now manually activate.

    So, should I manually to enable htaccess or not?

    #40117
    AITpro Admin
    Keymaster

    This forum site is using LiteSpeed (not OpenLiteSpeed) and Apache…

    Server Type: Apache
    Operating System: Linux
    WP Filesystem API Method: direct
    Server API: litespeed CGI Host Server Type

    The Apache Module checking code is actually checking htaccess code as well.  Typically you would see something similar to this below on the BPS Pro > System Info page if htaccess code tests/checks show that htaccess code is working on a website.

    Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No):
    403: mod_access_compat is Loaded|Order, Allow, Deny directives are supported|IfModule: Yes
    403: mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
    403: mod_authz_host is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
    200: mod_rewrite Module is Loaded|IfModule: Yes
    403: mod_security2 Module is Loaded|Enabled|IfModule: Yes

    So yes, you can try and manually enable htaccess files on the BPS Pro > Setup Wizard > Setup Wizard Options page. Let me know what happens.

    #40118
    AITpro Admin
    Keymaster

    LiteSpeed Web Server vs OpenLiteSpeed and Apache info.

    https://blog.litespeedtech.com/2020/01/21/litespeed-web-server-or-openlitespeed/

    OLS and LSWS both have the ability to understand Apache rewrite rules, configuration files, and ModSecurity, making it easy to switch from Apache to LiteSpeed.

    #40119
    Ljubomir Manojlovic
    Participant

    Well … it is not exactly my area. However, I did as follow:

    1. Manually enabled htaccess write
    2. On new warning, manually activated BP mode and folder
    3. Applied Preinstallation wizard (all green)
    4. Applied Installation wizard (all green)
    5. Output on info is

    Server Type: LiteSpeed
    Operating System: Linux
    WP Filesystem API Method: direct
    Server API: litespeed CGI Host Server Type
    Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No):
    200:200:200:200: mod_access_compat and mod_authz_core or mod_rewrite are not Loaded
    200: mod_security Module is not Loaded|Enabled|IfModule: Yes
    cURL: cURL Extension is Loaded Version: 7.61.1
    cURL OpenSSL Version (Used by PayPal, etc.): OpenSSL/1.1.1g
    OpenSSL Library: OpenSSL 1.1.1g FIPS 21 Apr 2020
    Zend Engine Version: 3.4.0
    Zend Guard|Optimizer: A Zend Extension is Not Loaded
    Zend OPcache: Zend OPcache is Enabled Version: 7.4.15
    ionCube Loader: ionCube Loader Extension is Loaded Version: 100404
    Suhosin: Suhosin is Not Installed|Loaded
    APC: APC Extension is Not Loaded
    eAccelerator: eAccelerator Extension is Not Loaded
    XCache: XCache Extension is Loaded but Not Enabled
    Varnish: Varnish Extension is Not Loaded
    Memcache: Memcache Extension is Not Loaded
    Memcached: Memcached Extension is Loaded

    However, it seems that BPS working.

Viewing 15 posts - 1 through 15 (of 35 total)
  • You must be logged in to reply to this topic.