Dev {Tricks}

  • Home
  • WordPress
  • OJS
  • Oxwall
  • Server and Hosting
You are here: Home / Archives for Server and Hosting

June 20, 2026 by dev

How to secure CWP (CentOS Web Panel)

CWP (CentOS Web Panel) is powerful but not secure by default. If you leave it as-is, it will get attacked.

Here’s a practical hardening guide:


🔒 1. Change Default Ports (VERY IMPORTANT)

CWP runs on:

  • 2030 (HTTP)
  • 2031 (HTTPS)

👉 Bots scan these ports constantly.

Change it:

Edit config:

vi /usr/local/cwpsrv/conf/cwpsrv.conf

Change:

listen 2031 ssl;

➡️ Example:

listen 2087 ssl;

Then restart:

service cwpsrv restart

🔐 2. Enable Firewall (CSF) Properly

CWP comes with CSF (ConfigServer Firewall)

Go to:
👉 CWP → Security → CSF Firewall

Recommended:

  • Enable TESTING = 0
  • Enable:
    • SYN Flood Protection
    • Port Scan Tracking
    • Connection Tracking

Allow only needed ports:

22 (SSH)
80 (HTTP)
443 (HTTPS)
YOUR NEW CWP PORT

🚫 3. Disable Root Login (SSH)

Edit:

vi /etc/ssh/sshd_config

Change:

PermitRootLogin no

Restart:

systemctl restart sshd

👉 Create a sudo user instead.


🔑 4. Use SSH Key (No Password Login)

vi /etc/ssh/sshd_config

Set:

PasswordAuthentication no

👉 This alone blocks 90% of brute-force attacks.


🧱 5. Enable ModSecurity + OWASP Rules

Go to:
👉 CWP → Security → ModSecurity

Enable:

  • ModSecurity = ON
  • OWASP rules = ON

👉 Protects against:

  • SQL injection
  • XSS
  • common exploits

🌍 6. Restrict CWP Access by IP (BEST MOVE)

If only you use the panel:

Allow only your IP:

In CSF:

csf -a YOUR_IP

Then block panel port for others.

👉 This is one of the strongest protections.


🔄 7. Keep System Updated

yum update -y

And update CWP:

sh /scripts/update_cwp

🛡️ 8. Install Fail2Ban (Extra Layer)

yum install fail2ban -y
systemctl enable fail2ban
systemctl start fail2ban

👉 Protects:

  • SSH
  • login brute force

🔐 9. Secure PHP & Disable Dangerous Functions

Edit php.ini:

vi /usr/local/php/php.ini

Disable:

exec,passthru,shell_exec,system,proc_open,popen

📂 10. Fix File Permissions

chmod 755 /home/*
chmod 644 public_html files

🔒 11. SSL for Panel

Make sure you use:

https://your-ip:PORT

👉 You can install Let’s Encrypt inside CWP panel.


🚨 12. Change Default Login URL (Optional but smart)

Use firewall rules to restrict /login access or proxy it.


💡 Bonus (Highly Recommended)

  • Disable unused services:
systemctl disable ftp
  • Remove unused PHP versions
  • Monitor logs:
/var/log/secure

✅ Minimum Must-Do Checklist

If you do nothing else, do these 5:
✔ Change port
✔ Enable CSF firewall
✔ Disable root SSH
✔ Use SSH key
✔ Restrict IP access

 

 

Filed Under: CentOS Web Panel

June 19, 2026 by dev

How to delete “Ghost Account” from CWP or CWPpro

If a user does not appear in the CWP List Accounts section, it is usually a “Ghost Account.” This happens when the user profile is corrupted or partially deleted from the CWP panel database, but the actual files, system user, or configuration files still remain on your server.

To completely delete this ghost user, you must remove them manually using the root user.

1. Delete the Linux System User

userdel -r username

2. Remove Leftover CWP Database Entries

 

3. Delete Residual Web Server Configurations

  • Go to WebServer Settings > WebServers Conf Editor.
  • Check the Apache and Nginx tabs.
  • If you see any active configuration files or Include lines tied to that specific username, delete or comment them out, then rebuild/restart your web server.

4. Clear the DNS Zones

Navigate to DNS Functions > Delete DNS Zone.

 

Filed Under: CentOS Web Panel Tagged With: Ghost Account

January 30, 2026 by dev

WordPress site with WooCommerce is down with Mod Security

  • Mod Security Configuration in CWP User Panel
  • Woocommerce API problem with CWP Panel
  • mod_security issues
  • WooCommerce REST API does not work with OWASP ModSecurity Core Rules
  • WordPress site with WooCommerce is down in Plesk: 403 Forbidden
  • WooCommerce 8.5.1 issues with Web Application Firewall (ModSecurity)
  • Securing WordPress with ModSecurity

Cause:
WooCommerce triggers the web application firewall rule 218500 from the Comodo ruleset, blocking access.

Solution:
Disable rule 218500 on the affected domains.

  • Plesk: Go to Domains > example.com > Web Application Firewall (ModSecurity).
    • By rule IDs “218500”
  • CWP:
    • Log into your CWP User Panel.
    • Navigate to the CWP Settings.
    • Click on Mod Security to access the Mod Security configuration settings.
    • Edit rules
    • Add Id Rules “218500”
    • Done.

 

Filed Under: Almalinux, AWS, Bluehost, CentOS, CentOS Web Panel, Cloudcone, Contabo, Debian, Digitalocean, Hetzner, HostGator, Hostinger, How to, Linux Distribusion, Plesk, Plugins, Providers, RackNerd, Server and Hosting, Ubuntu, VPSDime, Web Control Panel, Woocommerce, Wordpress Tagged With: cwp, cwp shop, cwp woocommerce issue, firewall, mod security, mod security issue, plesk, woocommerce

September 21, 2024 by dev

How to install Maldet alert?

Step 1: Install Zenity

sudo apt update
sudo apt upgrade
sudo apt -y install zenity

Step 2: Create the Maldet Popup script

mkdir /home//scripts
cd /home//scripts
mkdir log

…and in this /home//scripts directory, create a new file called maldet_popup.sh containing the following.

#!/bin/bash
# AUTHOR: Max Meinhardt. 05/30/23.
# DESCRIPTION: This script parses “maldet –report list” for any scan report lines that have HITS > 0, and displays a popup dialog showing those lines.

DAYS_THRESHOLD=7 # Max number of days to look back for a maldet scan

# Get the current date and the date two days ago
CURRENT_DATE=$(date +%Y-%m-%d)
THRESHOLD_DATE=$(date -d “$DAYS_THRESHOLD days ago” +%Y-%m-%d)

# Run the maldet command and process the output
maldet_output=$(maldet –report list)

# Variables to store triggering lines and the flag to track if there are any triggering lines
triggered=false
triggering_lines=””

# Set the IFS to newline
IFS=$’\n’

# Iterate over the maldet output and check for triggering lines
while IFS= read -r line; do
if [[ $line == *SCANID:* ]]; then
HITS=$(echo “$line” | awk -F’|’ ‘{print $5}’ | awk -F’HITS:’ ‘{print $2}’ | awk ‘{print $1}’)
DATE=$(echo “$line” | awk ‘{print $1″ “$2” “$3}’)
LINE_DATE=$(date -d “$DATE” +%Y-%m-%d)
if [[ “$LINE_DATE” > “$THRESHOLD_DATE” ]]; then
if [ “$HITS” -gt 0 ]; then
triggered=true
triggering_lines+=”\n$line”
fi
fi
fi
done <<< “$maldet_output”

# Display the popup dialog if there are any triggering lines
if [ “$triggered” = true ]; then
# Display the popup dialog with buttons to open maldet reports
zenity –info –width=0 –display=:0.0 –title=”Malware Detected” –text=$USER”: Malware has been detected in the last $DAYS_THRESHOLD days:\n$triggering_lines \
\n\nTo view a malware scan report, type \”maldet –report SCANID\” in a terminal window.” \
–ok-label=”Close”
fi

Then, add permissions to execute it.

chmod +x maldet_popup.sh

Filed Under: Almalinux, AWS, Bluehost, CentOS, Cloudcone, Contabo, Debian, Digitalocean, Hetzner, HostGator, Hostinger, Linux Distribusion, Providers, RackNerd, Ubuntu, VPSDime

September 20, 2024 by dev

How to Install Maldet and Run a Scan | Maldetect

Download the current version of maldet at https://www.rfxn.com/downloads/maldetect-current.tar.gz

wget https://www.rfxn.com/downloads/maldetect-current.tar.gz

Extract the downloaded file

tar -xvf maldetect-current.tar.gz

Go to the extracted directory

cd maldetect-1.6.5

Now install it

./install.sh

You done!

Maldet update command

maldet -u
maldet -d

Maldet Configuration Files

  • exec file: /usr/local/maldetect/maldet
  • exec link: /usr/local/sbin/maldet
  • exec link: /usr/local/sbin/lmd
  • cron.daily: /etc/cron.daily/maldet

How to USE maldet ?

Scan

maldet -a /path/to/scan

OR

maldet --scan-all /path/to/scan

View the scan report

maldet -e SCANID
maldet --report SCANID

How to setup Email Alert on Maldet?

vi /usr/local/maldetect/conf.maldet

 

 

 

 

Filed Under: aaPanel, Almalinux, AWS, Bluehost, CentOS, CentOS Web Panel, Cloudcone, Contabo, cPanel, CyberPanel, Debian, Digitalocean, DirectAdmin, Hetzner, HostGator, Hostinger, ISPConfig, KeyHelp, Plesk, RackNerd, Security, Ubuntu, Virtualmin, VPSDime, WHM

  • 1
  • 2
  • 3
  • …
  • 44
  • Next Page »
  • Upwork
  • Freelancer
  • Fiverr
  • Guru

www.ojsexpert.com
www.ojsdev247.com

Recent Posts

  • How to secure CWP (CentOS Web Panel)
  • How to delete “Ghost Account” from CWP or CWPpro
  • SMTP and eSMTP error code list
  • CWP – Nginx Reverse Proxy Server Failed
  • OJS Create a Custom Page + Custom Template
  • Self-hosted GrassBlade LRS – A complete installation guideline
  • ঘরে বসে ডলার আয় করুন এই ৩০ টি ওয়েবসাইট ব্যবহার করে
  • What is JavaScript? | Learn JavaScript from Scratch | Introduction, History, Uses & Prerequisites | Day01
  • WordPress site with WooCommerce is down with Mod Security
  • To get your email for castamodel.com going to the right place, you need to update your DNS settings.
  • Security and WordPress
  • ROR
  • How do we copy google form to google workspace?
  • Install ImageMagick – Almalinux
  • How to remove /public/ from URL in Laravel
  • How to install Maldet alert?
  • How to Install Maldet and Run a Scan | Maldetect
  • Where is Roundcube location on CWP control panel?
  • How To Add Node.js Projects In aaPanel?
  • SPF/DKIM/DMARC Tools

Categories

  • Affiliate Marketing (2)
  • Customization (4)
    • CSS (2)
  • Email Solutions (24)
    • FrontApp (2)
    • Google Spreadsheet (2)
    • Microsoft Outlook (1)
    • PHP Email Form (3)
    • PolyMail (2)
    • Recaptcha (1)
    • Roundcube (4)
    • Thunderbird (3)
    • WebMail (5)
  • Games (1)
  • How to (89)
  • Joomla (6)
    • Akeeba (1)
    • Fix & Tricks (3)
  • jQuery (4)
  • jQuery Plugins (4)
    • BX Slider (1)
    • Slick (1)
  • Laravel (5)
  • Marketplace (6)
  • Miscellaneous (32)
  • MultiSaaS (1)
  • OJS (56)
    • Crossref (1)
    • Help (37)
    • Installation (10)
      • Issues (5)
    • Plugins (8)
    • Scholar Indexing (2)
    • Theme (7)
      • Templates (7)
        • Frontend (6)
        • legacy (1)
    • Theme Customization (10)
    • Theme Development (14)
    • TPL CSS JS (2)
    • Upgrade (11)
  • OSTAD (17)
  • Oxwall (3)
  • Payment Methods (1)
    • Paypal (1)
  • PC Tips and Tricks (14)
    • MS Office (2)
      • PowerPoint (1)
    • Windows (4)
  • PHP Parse error (2)
  • phpBB (2)
  • Server and Hosting (216)
    • Billing and Management (10)
      • Blesta (5)
      • Boxbilling (2)
      • WHMCS (5)
    • Email (10)
      • Postfix (3)
    • Error and Fix (17)
    • FTP (2)
    • Linux Distribusion (29)
      • Almalinux (14)
      • CentOS (18)
      • Debian (22)
      • Ubuntu (20)
    • Mail Server Solusion (7)
      • iRedMain (6)
    • MySQL (12)
    • Providers (70)
      • AWS (38)
      • Bluehost (38)
      • Cloudcone (27)
      • Contabo (41)
      • Digitalocean (69)
      • Hetzner (4)
      • HostGator (37)
      • Hostinger (9)
      • RackNerd (11)
      • VPSDime (39)
    • Security (21)
      • SSH (8)
    • VPS Management (72)
    • Web Control Panel (150)
      • aaPanel (14)
      • CentOS Web Panel (49)
      • cPanel (33)
      • CyberPanel (7)
      • DirectAdmin (96)
        • Find & fix (38)
      • ISPConfig (17)
      • KeyHelp (7)
      • Plesk (27)
      • Webmin (25)
        • Usermin (2)
        • Virtualmin (13)
      • WHM (18)
  • Tutorials (1)
    • JavaScript – ProjuktiPlus (1)
  • Uncategorized (22)
  • Wordpress (90)
    • Elementor (2)
    • Find and Fix (11)
    • Functions (5)
    • Genesis (9)
    • Glossary (1)
    • How to (22)
    • Neuron TD (15)
      • Console Error (1)
      • functions (5)
        • register_post_type (1)
        • register_sidebar (1)
        • theme_files (1)
        • theme_supports (1)
      • Image Directory (1)
      • Menu (2)
      • Query (4)
    • Plugins (14)
      • Contact Form 7 (5)
      • Duplicator (1)
      • Essential Grid (2)
    • Softaculous (3)
    • Speed and Security (4)
    • Stock Theme Development (6)
      • Header Footer (1)
      • PHP (1)
      • VC (1)
    • Theme Development (2)
      • Issues (1)
      • Menu (1)
    • Timer Theme Development (3)
    • Update (2)
    • Woocommerce (3)
    • WP Basic Guideline (8)

Important DEV links

  • Premium Themes
    • Themeforest
    • Envato Market
  • Built With (What Theme is That?)
    • What WP theme is that
    • Joomla Template Detector
    • Drupal Template Detector
    • Prestashop Template Detector
    • Shopify Theme Detector
    • Squarespace Template Detector
    • OpenCart Detector
    • WordPress.com Theme Detector
  • Domain/IP history checker
    • Who IS request
    • Hosting Info
  • Check DNS Propagation
    • DNS Checker
    • intoDNS
  • What is my IP
    • What is My IP Address
    • What is My IP
    • IP location
    • What is My IP
    • Porkbun
  • SEO Tools
    • Visitor Traffic
    • Broken Link
    • Website Speed Test
      • SEMrush
      • GTmetrix
      • Pingdom
      • PageSpeed Insights
      • DebugBear
      • keyCDN
  • Photo Image
    • Remove Background 50 Free Preview Image 375 × 666 per month
  • Domain Registrars
    • 123-Reg
    • Porkbun
    • Freenom
    • Namecheap NEWCOM598
  • Hosting Providers
    • Bluehost
    • Hostgator
    • Inmotion
  • Hosting Control Panel
    • CWPpro (FREE)
    • DirectAdmin (Trial 60 Days, One account $2/month)
    • ISPConfig (Free)
  • Webmaster Tools
    • Google
    • Bing
    • Yandex
  • Miscellaneous
    • Time Calculator

 

Categories

  • Affiliate Marketing (2)
  • Customization (4)
    • CSS (2)
  • Email Solutions (24)
    • FrontApp (2)
    • Google Spreadsheet (2)
    • Microsoft Outlook (1)
    • PHP Email Form (3)
    • PolyMail (2)
    • Recaptcha (1)
    • Roundcube (4)
    • Thunderbird (3)
    • WebMail (5)
  • Games (1)
  • How to (89)
  • Joomla (6)
    • Akeeba (1)
    • Fix & Tricks (3)
  • jQuery (4)
  • jQuery Plugins (4)
    • BX Slider (1)
    • Slick (1)
  • Laravel (5)
  • Marketplace (6)
  • Miscellaneous (32)
  • MultiSaaS (1)
  • OJS (56)
    • Crossref (1)
    • Help (37)
    • Installation (10)
      • Issues (5)
    • Plugins (8)
    • Scholar Indexing (2)
    • Theme (7)
      • Templates (7)
        • Frontend (6)
        • legacy (1)
    • Theme Customization (10)
    • Theme Development (14)
    • TPL CSS JS (2)
    • Upgrade (11)
  • OSTAD (17)
  • Oxwall (3)
  • Payment Methods (1)
    • Paypal (1)
  • PC Tips and Tricks (14)
    • MS Office (2)
      • PowerPoint (1)
    • Windows (4)
  • PHP Parse error (2)
  • phpBB (2)
  • Server and Hosting (216)
    • Billing and Management (10)
      • Blesta (5)
      • Boxbilling (2)
      • WHMCS (5)
    • Email (10)
      • Postfix (3)
    • Error and Fix (17)
    • FTP (2)
    • Linux Distribusion (29)
      • Almalinux (14)
      • CentOS (18)
      • Debian (22)
      • Ubuntu (20)
    • Mail Server Solusion (7)
      • iRedMain (6)
    • MySQL (12)
    • Providers (70)
      • AWS (38)
      • Bluehost (38)
      • Cloudcone (27)
      • Contabo (41)
      • Digitalocean (69)
      • Hetzner (4)
      • HostGator (37)
      • Hostinger (9)
      • RackNerd (11)
      • VPSDime (39)
    • Security (21)
      • SSH (8)
    • VPS Management (72)
    • Web Control Panel (150)
      • aaPanel (14)
      • CentOS Web Panel (49)
      • cPanel (33)
      • CyberPanel (7)
      • DirectAdmin (96)
        • Find & fix (38)
      • ISPConfig (17)
      • KeyHelp (7)
      • Plesk (27)
      • Webmin (25)
        • Usermin (2)
        • Virtualmin (13)
      • WHM (18)
  • Tutorials (1)
    • JavaScript – ProjuktiPlus (1)
  • Uncategorized (22)
  • Wordpress (90)
    • Elementor (2)
    • Find and Fix (11)
    • Functions (5)
    • Genesis (9)
    • Glossary (1)
    • How to (22)
    • Neuron TD (15)
      • Console Error (1)
      • functions (5)
        • register_post_type (1)
        • register_sidebar (1)
        • theme_files (1)
        • theme_supports (1)
      • Image Directory (1)
      • Menu (2)
      • Query (4)
    • Plugins (14)
      • Contact Form 7 (5)
      • Duplicator (1)
      • Essential Grid (2)
    • Softaculous (3)
    • Speed and Security (4)
    • Stock Theme Development (6)
      • Header Footer (1)
      • PHP (1)
      • VC (1)
    • Theme Development (2)
      • Issues (1)
      • Menu (1)
    • Timer Theme Development (3)
    • Update (2)
    • Woocommerce (3)
    • WP Basic Guideline (8)
  • Home
  • WordPress
  • OJS
  • Oxwall
  • Server and Hosting

Copyright © 2026 · Executive Pro Theme on Genesis Framework · WordPress · Log in