Softaculous http://www.softaculous.com/board/index.php? <![CDATA[domain problem]]> http://www.softaculous.com/board/index.php?tid=5311&tpg=1#p19289 I am use VPS server installing webuzo . I am add domin my vps server  . i make link my www.example.com.  driect go to vps IP show number. xxx.xxx.xxx.xxx  not show www.example.com.  why?

i buy  domain from namecheap . ]]>
Sun, 20 Apr 2014 17:36:11 GMT http://www.softaculous.com/board/index.php?tid=5311&tpg=1#p19289
<![CDATA[Heartbleed Vulnerability]]> http://www.softaculous.com/board/index.php?tid=5264&tpg=1#p19288 Background:

If I understood Heartbleed correctly, there was a pointer assignment without a bounds check in the C source code of the heartbeat extension to OpenSSL, leading to a buffer overflow attack wherein a correctly crafted heartbeat request would make a vulnerable server dump upto 64k blocks of RAM with no checks on whether that 64k block crosses over into RAM areas of other apps.

This means HB allows an attacker to slowly read the RAM contents of the server.

This means the following are possibly compromised (assuming worst case):
1. unix usernames - so if you made any smart username to get some additional security, that's gone. Not only that if /etc/passwd is read, then all additional users by and for OS services are also exposed.
2. unix password hash - depending on how good the attacker is at reversing / matching hashes, your password is gone. If there is an area in RAM (timing is important) that your password is being compared with the hash (you are logging in) then your password is in plaintext - for computing the hash to compare with the stored one.
3. SSL certificates, private keys - this is the real blow.
The attacked does nothing, just reads your certs and keys and henceforth copies all encrypted traffic between you and the server, and puts a couple of servers to the task of decrypting your entire traffic. In maybe 10MB of traffic that you cause in one session logged in to any secure app, at 2-3 locations passwords will be moved around. This is what he is looking for.
Slowly, he builds a database of all your information.
Attacker does this for every server that is HB vulnerable and attacks communication and all users of all such servers.
Now he has a huge DB of private info to sell. He may also sell the certs and keys on the darknet.

Effectively, you as a user, and worse, as a server administrator, have no idea how much data has been slowly accumulated by some random node on the internet between you and the server. Or if you are not paying attention to your logs, maybe someone has logged in and read everything.
And you wont know a thing about it.

Question:

The most worrying part is that your certificates and keys that you use, thinking that you have patched the HB vulnerability are still known to the attacker.

So any Heartbleed vulnerable server is not cleaned up until every password of every user is changed AFTER every SSL key and SSL cert is revoked and reissued. Am i right?

I deleted and re-issued all my Apache SSL keys and certs.

However, I am unable to delete and re-issue the control panel certificate. Please instruct as to how that is done. I changed all certs and keys from IP to primary domain to all addon domains.
But the SSL cert I get on the control ports has not changed.

I guess this is the cert with webuzo's nginx and it might have a separate location from certs for the web server?

Thanks in advance.
optsoft]]>
Sun, 20 Apr 2014 11:33:42 GMT http://www.softaculous.com/board/index.php?tid=5264&tpg=1#p19288
<![CDATA[Broken installs using Softaculous]]> http://www.softaculous.com/board/index.php?tid=5310&tpg=1#p19287 Sun, 20 Apr 2014 08:24:26 GMT http://www.softaculous.com/board/index.php?tid=5310&tpg=1#p19287 <![CDATA[CentOS and root access (Webuzo 2.2.1)]]> http://www.softaculous.com/board/index.php?tid=5308&tpg=1#p19286 (Network is unreachable, invalid IP addresses, etc)

This thread details my struggle and some links I found useful in solving similar issues:
http://www.softaculous.com/board/index.php?tid=3824

Hope they help.]]>
Sat, 19 Apr 2014 18:56:34 GMT http://www.softaculous.com/board/index.php?tid=5308&tpg=1#p19286
<![CDATA[APC - could not find extension]]> http://www.softaculous.com/board/index.php?tid=5309&tpg=1#p19285
i downloaded the version for thread safe and it seems to be working ok now]]>
Sat, 19 Apr 2014 14:38:31 GMT http://www.softaculous.com/board/index.php?tid=5309&tpg=1#p19285
<![CDATA[APC - could not find extension]]> http://www.softaculous.com/board/index.php?tid=5309&tpg=1#p19284
extension="D:\Ampps\php\ext\apc_3113_beta_php54_vc9_win7-2008_nts.dll"

and the error is:

PHP Strtup: Unable to load dynamic library 'D:\Ampps\php\ext\apc_3113_beta_php54_vc9_win7-2008_nts.dll' - The specified module could not be found.]]>
Sat, 19 Apr 2014 14:13:34 GMT http://www.softaculous.com/board/index.php?tid=5309&tpg=1#p19284
<![CDATA[APC - could not find extension]]> http://www.softaculous.com/board/index.php?tid=5309&tpg=1#p19283
I've installed AMPPS to use as my webstack for developing in symfony2

Ive downloaded the apc extention and put it in my X:\AMPPS\php\ext folder

I have added
PHP Code

 extension="D:Amppsphpextapc_3113_beta_php54_vc9_win7-2008_nts.dll" 

to the php.ini file

when i start up apache i get could not find extention
PHP Code

 D:Amppsphpextapc_3113_beta_php54_vc9_win7-2008_nts.dll 

I have checked that the extension folder is correct, the php.ini file i have edited is correct, otherwise it wouldn't try to load the APC extention.

any ideas as to why this isn't working.

Symfony2 says it is reccomended to have this extension, i am using php 5.4.25 as my development environment is PHPstorm v6 and that requires php5.4 for the debugging facilities.
]]>
Sat, 19 Apr 2014 14:08:35 GMT http://www.softaculous.com/board/index.php?tid=5309&tpg=1#p19283
<![CDATA[Hetzner - The viifbr0 is not started. Please run service virtnetwork start]]> http://www.softaculous.com/board/index.php?tid=4909&tpg=1#p19282 Virtualizor's techs have tried and failed so far.
Hetzner is not helpful at all (as always) in matters like these.

Regards,
Spyros]]>
Sat, 19 Apr 2014 13:45:02 GMT http://www.softaculous.com/board/index.php?tid=4909&tpg=1#p19282
<![CDATA[Create LVG, ovh...]]> http://www.softaculous.com/board/index.php?tid=4903&tpg=1#p19281 Sat, 19 Apr 2014 13:37:13 GMT http://www.softaculous.com/board/index.php?tid=4903&tpg=1#p19281 <![CDATA[Hetzner - The viifbr0 is not started. Please run service virtnetwork start]]> http://www.softaculous.com/board/index.php?tid=4909&tpg=1#p19280
Here is what my files look like. Hope it helps someone.

my /etc/sysconfig/network-scripts/ifcfg-eth0 (changed the netmask and originally added the gateway)
Code
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
HWADDR=xx:xx:xx:9f:63:86
IPADDR=xx.xx.29.239
#GATEWAY=xxx.xx.29.225
NETMASK=255.255.255.224
SCOPE="peer xxx.xx.29.225"
IPV6INIT=yes
IPV6ADDR=xxxx:xxx:xxx:20ee::2/64
IPV6_DEFAULTGW=fe80::1
IPV6_DEFAULTDEV=eth0

And my route-eth0 (made no changes to this file)
Code
# routing for eth0
ADDRESS0=0.0.0.0
NETMASK0=0.0.0.0
GATEWAY0=xxx.xx.29.225

And my virtualizor ip pool NETMASK is set to 255.255.255.0 as per the previous solution.

Side note.  I contacted Hetzner and got this response.
Quote
Dear Client,

we are not able to help you here further because we don't offer any software
support for root servers. Please have a look at our wiki for information about IP
addresses: http://wiki.hetzner.de/index.php/Zusaetzliche_IP-Adressen/en

Mit freundlichen Grüßen / Best Regards

Dirk Vetter

Hetzner Online AG
08223 Falkenstein / Germany

Not exactly helpful. lol. But with the help of this post I got it figured out. Thanks!

]]>
Sat, 19 Apr 2014 13:08:15 GMT http://www.softaculous.com/board/index.php?tid=4909&tpg=1#p19280