Softaculous <![CDATA[Softaculous Billing for NOC patner]]> Mon, 21 Aug 2017 13:32:17 GMT <![CDATA[Security week: Login Logs and Logorate]]> Know that the login log are automatically hidden, deleted or just archived in a way that cannot be anymore consulted from Webuzo cannot made me happy.

Also telling me that I should login every day to check this page before will be erased, archived from the automatic process seems to me not a good reply. People are busy. Also if you have the time to login every day you can connect after the cleaning has been done and you loose some important logs.

Webuzo has not currently big issue or security know issue except this.
You have also to consider that there are no mail alert if someone log in there is no check in if some suspect access is done, there is no two authenticator support so ... decide to add an auto clean process to the login log is not a good idea and create a security issue on my server where I loose control of the access.

I cannot connect by SFTP in mobility, download the zip file and check the text log. This is very stressful and has no much sense when I was doing all check without issue from the Webuzo login logs interface. Once all log has been checked only me was able to decide when remove manually with the relative button .. now since you introduced auto clean for this ... it's a big problem. I hope a solution can be done from Webuzo Team and I really hope this can be fixed.
Mon, 21 Aug 2017 09:37:37 GMT
<![CDATA[Security week: Login Logs and Logorate]]> since more than two year I AM reporting security issue to Webuzo Team and all the time the Security Issue was fixed: this is good.

Also this forum has a security issue because there are log-in on top not secured by SSL. If you want log-in in security you have to click on the link "login" and not login from the forum. This is not the top of the security also because my forum credentials are the same of the Scrofulous license so login should be more secure and always protected but is not.

For me security is very important also in the Webuzo Panel.

There are a new issue introduced with the Logorate function used for reduce the use of the space from the Webuzo Panel.

Reduce the use of the space by the panel is a very great feature but this should not create issues or security weakness.

Logorate seems to be active for all user and from some month also login logs are elaborated once a week, once a week seems the login log file is zipped so all logs will be not visible anymore from the Webuzo Interface... this mean if this job is planned to be on Saturday and you login into Webuzo Sunday or check login logs you will see a empty list or just the login of the day so you feel safe as no one has tried, from the log, to login into the panel... but this is not true... previous logs are only hidden because zip file are not read by the panel.

I have discussed this in private with the support as since a month or more I start to see issue on the login log page because no all log are here.

I think strongly that login log should be excluded from to be zipped or the option to be zipped should be optional and not active by default.

This because:
  • for security reason login log should not be erased in a week or without admin know this is done in automatic or you can login on Sunday and see all is ok you think no new login needs to be cheked when this is not true because logorate has deleted the day before.
  • no one will check the login log zip file except some hacking has been happen but is too late so I think is much better do the best prevention by keeping log into Webuzo panel. User should really check this page once a week or a month (always better to never check), once the page are checked record should be removed manually.
  • if user want save space also on login logs should have options in the panel (optional) to disable this feature (bad idea) or decide to not exlude from logorate (not really a good idea)
The login log is a text file, I do not think this will take much space. Can be maybe erased automatically after 12 month but not in a week also one month will be not enough, auto delete this log or zip as no one will read it is a bad idea.
I think there are no many users that care about login logs page. Webuzo does not provide two step authentication or alert by email so it's a very bad idea decide now to auto delete or archive logs after a week or a month by default for all users.
Since this issue (who seems to be not an issue for Webuzo) has been introduced I loosed the possibility to check Security of login of my VPS because I never goes into zip ... now I AM on mobility and I have issue to connect by SSH SFTP or FTP with mobile connection: port are not allowed so ... I AM very deluded to see this issue and cannot check logs into Webuzo.
I really hope a solution can come, edit just a file into Webuzo will be not the fix because on first update all edits can be loosed and issue come back again.
Also ths file can be edited in the future and if this happen from Webuzo the removed line for the fix will come back again and start to create issue again.
I really hope a solution will be found or developers will re-consider this.It's ok to logorate Webuzo error log and all other elements but not login logs.

I AM asking if WebStats have the same issue... loose statistics because file are logarated zip.

Mon, 21 Aug 2017 09:22:41 GMT
<![CDATA[Problems enabling FUSE]]> First of all, OpenVZ do not allow loading or listing kernel modules within containers so you will not be able to load modules within. You have to load these modules on the node.

If you enable fuse for a container, then to verify if its really enabled is to check the output of within container:

ls -lah /dev/fuse

If you get the fuse device listed, that means FUSE is enabled for that container.

I followed guide in below link:

and installed fuse-sshfs on both node and container and I was able to mount remote directory through sshfs

Try it and let us know
Mon, 21 Aug 2017 08:13:35 GMT
<![CDATA[New to ampps]]>
put a.php in /path/to/Ampps/www folder.]]>
Mon, 21 Aug 2017 06:55:41 GMT
<![CDATA[Aloow emails only within the hosted domain]]>
Mon, 21 Aug 2017 03:57:18 GMT
<![CDATA[New to ampps]]> Just a stupid question: after the installation, if I'd create a .php file where I have to put it in order to open it?

Thank you very much]]>
Sun, 20 Aug 2017 11:56:07 GMT
<![CDATA[Advanced Backup System]]> Sun, 20 Aug 2017 03:08:07 GMT <![CDATA[WHMCS - Module Command Error]]> ]]> Sat, 19 Aug 2017 18:19:20 GMT <![CDATA[403 Forbidden with Movable Type]]>
However, when I try to access the admin script in my browser, I get a 403 Forbidden error.

If I was using Linux I would guess that this was a file permissions problem, but as I'm on Windows and Softalicious should have set permissions for me if that was needed, I have no idea what the problem might be.

Can anyone help?
Sat, 19 Aug 2017 14:45:35 GMT