Home › Forums › BulletProof Security Pro › BPS on CyberPanel on Linode
- This topic has 34 replies, 2 voices, and was last updated 3 years ago by Ljubomir Manojlovic.
-
AuthorPosts
-
Ljubomir ManojlovicParticipant
WP site on CyberPanel on CentOS 8 on Linode.
Like usually, I have message about to enable htaccess files manually in setup wizard options tab. When I do it, appear several other warnings, mainly pointing on Root Folder BulletProof Mode Activate button (should be manually activated first) and Folder BulletProof Mode Activate button (should be activated second). Neither this was unusual case for me.
However, problem is that manually cannot be activated ANYTHING (on entire tab page of B-Core Security Modes).
What now?
AITpro AdminKeymasterDid you run the Pre-Installation Wizard and Setup Wizard after enabling htaccess files on the Setup Wizard Options page? If you are unable to manually submit any Forms then the most likely cause for that problem is ModSecurity > https://forum.ait-pro.com/forums/topic/mod-security-common-known-problems/. Several BPS forms have Encrypt/Decrypt buttons to evade/bypass ModSecurity.
Ljubomir ManojlovicParticipantWell, I’m not sure how that could be the issue as I have on Google Cloud Platform on Ubuntu 20 same CyberPanel and there was no such issues despite that ModSecurity is enabled. As you know (I guess that you know), on CyberPanel cannot be done itself uninstallation (cli mess only), so I just disabled all tree sections of ModSecurity (so, complete) and nothing changed in BPS.
My conclusion is that CentOS is reason, probably is security policy issue, as Ubuntu doesn’t have such feature. Maybe not even ContOS itself, but for sure is policy as we cannot know what did with policy CyberPanel packager (LST).
Briefly, any advice?
AITpro AdminKeymasterI can’t really offer an advice because I am not sure what the cause of the problem is. If you want me to login to this website and take a look at things to see if I can figure out the cause of the problem then send a WordPress Administrator login to this website to: info at ait-pro dot com.
AITpro AdminKeymasterI just thought of something that could be the cause of the problem > file/folder permissions or more likely a file/folder Ownership problem. Go to the BPS > System Info page > all of your Script Owner User ID’s (UID) and File Owner User ID’s should be identical/the same ID/number.
Ljubomir ManojlovicParticipantI set you access to all infrastructure and sent you email.
Ljubomir ManojlovicParticipantYour email server not accept emails.
ANSWER ON EMAIL
You missed part where I wrote that credentials are same for CyberPanel and for WordPress. So, just try.
AITpro AdminKeymasterOk I am logged into the WordPress website now. My host uses Spam Assassin. If there are a lot of links in an email Spam Assassin will reject the email.
AITpro AdminKeymasterThe reason you are seeing the htaccess Files Disabled Notice on first time installation of BPS Pro is that the necessary Apache Modules are not loaded or there is a server configuration problem with Apache modules. This is what I see when I check the BPS Pro > System Info page. I have not run the Setup Wizards on this site. There is no point in doing that until the Apache Module issue/problem is fixed first.
Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No):
200:200:200:200: mod_access_compat and mod_authz_core or mod_rewrite are not Loaded
200: mod_security Module is not Loaded|Enabled|IfModule: YesLjubomir ManojlovicParticipantTo be honest, I’m without any idea what to do now. I asked support by Linode, but ….
I’m actually completely confused.
1) On ‘apachectl -M’ I have
# apachectl -M AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using li291-196.members.linode.com. Set the 'ServerName' directive globally to suppress this message Loaded Modules: core_module (static) so_module (static) http_module (static) access_compat_module (shared) actions_module (shared) alias_module (shared) allowmethods_module (shared) auth_basic_module (shared) auth_digest_module (shared) authn_anon_module (shared) authn_core_module (shared) authn_dbd_module (shared) authn_dbm_module (shared) authn_file_module (shared) authn_socache_module (shared) authz_core_module (shared) authz_dbd_module (shared) authz_dbm_module (shared) authz_groupfile_module (shared) authz_host_module (shared) authz_owner_module (shared) authz_user_module (shared) autoindex_module (shared) brotli_module (shared) cache_module (shared) cache_disk_module (shared) cache_socache_module (shared) data_module (shared) dbd_module (shared) deflate_module (shared) dir_module (shared) dumpio_module (shared) echo_module (shared) env_module (shared) expires_module (shared) ext_filter_module (shared) filter_module (shared) headers_module (shared) include_module (shared) info_module (shared) log_config_module (shared) logio_module (shared) macro_module (shared) mime_magic_module (shared) mime_module (shared) negotiation_module (shared) remoteip_module (shared) reqtimeout_module (shared) request_module (shared) rewrite_module (shared) setenvif_module (shared) slotmem_plain_module (shared) slotmem_shm_module (shared) socache_dbm_module (shared) socache_memcache_module (shared) socache_shmcb_module (shared) status_module (shared) substitute_module (shared) suexec_module (shared) unique_id_module (shared) unixd_module (shared) userdir_module (shared) version_module (shared) vhost_alias_module (shared) watchdog_module (shared) dav_module (shared) dav_fs_module (shared) dav_lock_module (shared) lua_module (shared) mpm_event_module (shared) proxy_module (shared) lbmethod_bybusyness_module (shared) lbmethod_byrequests_module (shared) lbmethod_bytraffic_module (shared) lbmethod_heartbeat_module (shared) proxy_ajp_module (shared) proxy_balancer_module (shared) proxy_connect_module (shared) proxy_express_module (shared) proxy_fcgi_module (shared) proxy_fdpass_module (shared) proxy_ftp_module (shared) proxy_http_module (shared) proxy_hcheck_module (shared) proxy_scgi_module (shared) proxy_uwsgi_module (shared) proxy_wstunnel_module (shared) systemd_module (shared) cgid_module (shared) http2_module (shared) proxy_http2_module (shared)
2) On ‘systemctl status httpd’ I have
# systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: man:httpd.service(8)
Any idea what it mean?
AITpro AdminKeymasterI could take some logical guesses, but they would only be guesses since I have never heard of CyberPanel before. I think the best place to get answers to CyberPanel questions is on the CyberPanel forum site > https://forums.cyberpanel.net/
Ljubomir ManojlovicParticipantProblem is buggy marketplace package. Raw OS image and new install script solve all issues. Remaining question is only about htaccess enable/disable. As CyberPanel run on OpenLiteSpeed server and not on Apache, should I to enable htaccess or not? If I enable it, I have warnings about bulletproof modes, but it can be now manually activate.
So, should I manually to enable htaccess or not?
AITpro AdminKeymasterThis forum site is using LiteSpeed (not OpenLiteSpeed) and Apache…
Server Type: Apache
Operating System: Linux
WP Filesystem API Method: direct
Server API: litespeed CGI Host Server TypeThe Apache Module checking code is actually checking htaccess code as well. Typically you would see something similar to this below on the BPS Pro > System Info page if htaccess code tests/checks show that htaccess code is working on a website.
Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No):
403: mod_access_compat is Loaded|Order, Allow, Deny directives are supported|IfModule: Yes
403: mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
403: mod_authz_host is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
200: mod_rewrite Module is Loaded|IfModule: Yes
403: mod_security2 Module is Loaded|Enabled|IfModule: YesSo yes, you can try and manually enable htaccess files on the BPS Pro > Setup Wizard > Setup Wizard Options page. Let me know what happens.
AITpro AdminKeymasterLiteSpeed Web Server vs OpenLiteSpeed and Apache info.
https://blog.litespeedtech.com/2020/01/21/litespeed-web-server-or-openlitespeed/
OLS and LSWS both have the ability to understand Apache rewrite rules, configuration files, and ModSecurity, making it easy to switch from Apache to LiteSpeed.
Ljubomir ManojlovicParticipantWell … it is not exactly my area. However, I did as follow:
- Manually enabled htaccess write
- On new warning, manually activated BP mode and folder
- Applied Preinstallation wizard (all green)
- Applied Installation wizard (all green)
- Output on info is
Server Type: LiteSpeed
Operating System: Linux
WP Filesystem API Method: direct
Server API: litespeed CGI Host Server Type
Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No):
200:200:200:200: mod_access_compat and mod_authz_core or mod_rewrite are not Loaded
200: mod_security Module is not Loaded|Enabled|IfModule: Yes
cURL: cURL Extension is Loaded Version: 7.61.1
cURL OpenSSL Version (Used by PayPal, etc.): OpenSSL/1.1.1g
OpenSSL Library: OpenSSL 1.1.1g FIPS 21 Apr 2020
Zend Engine Version: 3.4.0
Zend Guard|Optimizer: A Zend Extension is Not Loaded
Zend OPcache: Zend OPcache is Enabled Version: 7.4.15
ionCube Loader: ionCube Loader Extension is Loaded Version: 100404
Suhosin: Suhosin is Not Installed|Loaded
APC: APC Extension is Not Loaded
eAccelerator: eAccelerator Extension is Not Loaded
XCache: XCache Extension is Loaded but Not Enabled
Varnish: Varnish Extension is Not Loaded
Memcache: Memcache Extension is Not Loaded
Memcached: Memcached Extension is LoadedHowever, it seems that BPS working.
-
AuthorPosts
- You must be logged in to reply to this topic.