Open balrng opened 6 months ago
PersonalIguana
commented
6 months ago Location of error logs can depend on setup. Since you are using CWP, you may be able to find the proper log file(s) according to this information: https://wiki.centos-webpanel.com/service-log-paths, https://forum.centos-webpanel.com/centos-webpanel/access-and-error-logs/.
balrng
commented
6 months ago I have found some errors on apache's error log file, dunno it is related:
`[Mon May 06 10:20:35.730022 2024] [:error] [pid 6508:tid 140169176856320] [client 43.153.214.195:55032] File does not exist: /usr/local/apache/htdocs/global.php [Mon May 06 10:20:37.221931 2024] [:error] [pid 10811:tid 140169344710400] [client 43.153.214.195:55040] File does not exist: /usr/local/apache/htdocs/information.php [Mon May 06 10:20:37.690715 2024] [:error] [pid 6507:tid 140169344710400] [client 43.153.214.195:55042] File does not exist: /usr/local/apache/htdocs/local-phpinfo.php [Mon May 06 10:20:39.044794 2024] [:error] [pid 10811:tid 140169311139584] [client 43.153.214.195:55048] File does not exist: /usr/local/apache/htdocs/foo.php [Mon May 06 10:20:39.464505 2024] [:error] [pid 10811:tid 140169277568768] [client 43.153.214.195:55050] File does not exist: /usr/local/apache/htdocs/infophp.php [Mon May 06 10:20:40.654579 2024] [:error] [pid 6509:tid 140169269176064] [client 43.153.214.195:55056] File does not exist: /usr/local/apache/htdocs/env.php [Mon May 06 10:20:42.639659 2024] [:error] [pid 6507:tid 140169210427136] [client 43.153.214.195:55060] File does not exist: /usr/local/apache/htdocs/info.php [Mon May 06 10:20:45.036815 2024] [:error] [pid 6507:tid 140169277568768] [client 43.153.214.195:55068] File does not exist: /usr/local/apache/htdocs/isadmin.php [Mon May 06 10:20:45.390134 2024] [:error] [pid 10811:tid 140169218819840] [client 43.153.214.195:55070] File does not exist: /usr/local/apache/htdocs/global.inc.php [Mon May 06 10:20:47.376716 2024] [:error] [pid 10811:tid 140169252390656] [client 43.153.214.195:55078] File does not exist: /usr/local/apache/htdocs/php.php
[Mon May 06 10:20:52.657017 2024] [:error] [pid 10811:tid 140169277568768] [client 43.153.214.195:55096] [client 43.153.214.195] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".asax"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "68.183.65.36"] [uri "/Global.asax"] [unique_id "ZjivBKtt0_OxwXsbdxW3ngAAAMg"]
[Mon May 06 10:20:58.978313 2024] [:error] [pid 10811:tid 140169243997952] [client 43.153.214.195:55106] [client 43.153.214.195] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "68.183.65.36"] [uri "/web.config"] [unique_id "ZjivCqtt0_OxwXsbdxW3nwAAAMw"]
[Mon May 06 10:21:02.105822 2024] [:error] [pid 6509:tid 140169193641728] [client 43.153.214.195:55114] File does not exist: /usr/local/apache/htdocs/pi.php
[Mon May 06 10:21:07.693129 2024] [:error] [pid 10811:tid 140169151678208] [client 43.153.214.195:55126] File does not exist: /usr/local/apache/htdocs/infos.php
[Mon May 06 10:21:16.241646 2024] [:error] [pid 10811:tid 140169176856320] [client 43.153.214.195:55132] [client 43.153.214.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\A|[^\\d])0x[a-f\\d]{3,}[a-f\\d]*)+" at ARGS:0x[]. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "55"] [id "981260"] [rev "2"] [msg "SQL Hex Encoding Identified"] [data "Matched Data: 0x0da found within ARGS:0x[]: 0x0day"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "68.183.65.36"] [uri "/"] [unique_id "ZjivHKtt0_OxwXsbdxW3pAAAANQ"]`
PersonalIguana
commented
6 months ago That looks to be the Apache error log. You would need to find the PHP error log. You may try to look for this file (as well in adjacent directories): "/usr/local/apache/logs/suphp_log". I found this from further Googling on CWP, other than that, I'm not sure.
balrng
commented
6 months ago Thanks , i have also checked suphp_log via cwp panel, the last log line was created 2 weeks ago. As i am using php-fpm, I think php-fpm is not using suphp module/engine. By the way i have disabled mod_security for domain and firewall also. Still has same issue.
I have noticed that, on the admin page of avs , the green loading line at top and loading indicator remains active even for system settings and it tooks about 2 to 3 minutes to finish loading and sometimes it looks like stucked. If I try to save settings before indicator is loaded it does not save the settings:
Here is my php info: https://www.onlineoyna.site/info.php
PersonalIguana
commented
6 months ago Your PHP info shows the error_log directive having no value, meaning PHP doesn't know where to log. You should be able to set this to a valid path on the server (such as /var/logs/php_errors) and get some output. The slowness of the page could really be caused any number of issues.
balrng
commented
6 months ago I have enabled error_log via php-fpm php.ini but error_log file is not created. Give up within php-fpm its configuration complicated like hell. Converting back to apache-nginx cgi/suphp configuration
PersonalIguana
commented
6 months ago Understandable. I'm sorry I couldn't help more. If you ever want to give it another try, it might be better to post on the CWP forums, I'd assume they'd know more about that specific setup/software.
Hello,
On video grabber tab after i enter the link , i can able to see all the details like title, source video file's url , size etc.. all are ok and valid. Manually tried to download video with the link and it is valid. When i click grab video , download progress bar is not filling even for 5mb sized videos. Waited about 15-20 minutes nothing happened. uploadprogress php extension is also enabled.
As an info i am using php-fpm 7.1.4 with apache-ngnix web server (cwp - centos 7.5 ) on vps that has 4gb ram
What could be the problem? Is there any error log about it?