ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2017-08-10T20:10:39Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3650Cannot modify mail domain when owner2017-08-10T20:10:39ZAlexis LahouzeCannot modify mail domain when ownerHi,
I tried to update the name of a domain using the user who created it and there is a permission issue.
Diving in the code, in interface/web/mail/mail_domain_edit.php, line 278 in tag 3.0.5.4p6, I think there is a typo in the con...Hi,
I tried to update the name of a domain using the user who created it and there is a permission issue.
Diving in the code, in interface/web/mail/mail_domain_edit.php, line 278 in tag 3.0.5.4p6, I think there is a typo in the condition. A '!' is missing just before $app->tform->checkPerm($this->id, 'u').
In master, the line seems to be 335.3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3648deleted2017-08-10T20:10:39ZAnonymousdeletedspamspamhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3646When "domain limit for client" is enabled, the domain listbox is empty on the...2017-08-10T20:10:39ZEmmanuel BrauxWhen "domain limit for client" is enabled, the domain listbox is empty on the "add/edit Web Domain"Test :
- a client is defined
- 2 DNS-Zone are defined, and assigned to the client.
Creating a webdomain :
- When "domain limit for client" is disabled, any domain name can filled. It's OK
- But when "domain limit for client" ...Test :
- a client is defined
- 2 DNS-Zone are defined, and assigned to the client.
Creating a webdomain :
- When "domain limit for client" is disabled, any domain name can filled. It's OK
- But when "domain limit for client" is enabled, the list-box for 'domain' is empty. The web-dmain can not be created.
Modifying a webdomain :
- When "domain limit for client" is disabled, the field "domain" is prefilled with the domain. The web-domain can be modified.
- When "domain limit for client" is enabled, the list-box for 'domain' is empty. If I try to leave the panel, an error message appears, asking me validate my change.
It have noticed that 'domain' mysql table is empty.
The "DNS" management interface seem to use the tble "dns_soa" to store DNS Zone informations (/var/www/ispconfig/dns/dns_soa_edit.php, /var/www/ispconfig/dns/dns_wizard.php)
But the "web-domain" management interface seem to use the table "domain" to get information
- /usr/local/ispconfig/interface/web/sites/web_domain_edit.php
-> "$domains = $app->tools_sites->getDomainModuleDomains();"
- /usr/local/ispconfig/interface/lib/classes/tools_sites.inc.php
-> "SELECT domain_id, domain FROM domain WHERE domain_id = " . $app->functions->intval($domain_id);https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3645MySQL unavailability causes "The number of ISPConfig administrator users has ...2017-08-10T20:10:39ZBen JohnsonMySQL unavailability causes "The number of ISPConfig administrator users has changed. Old: 0 New: 1"I've noticed that whenever MySQL is unavailable, ISPConfig reports "The number of ISPConfig administrator users has changed. Old: 1 New: 0". When MySQL is again available, the last part of the message is reversed: "The number of ISPConfi...I've noticed that whenever MySQL is unavailable, ISPConfig reports "The number of ISPConfig administrator users has changed. Old: 1 New: 0". When MySQL is again available, the last part of the message is reversed: "The number of ISPConfig administrator users has changed. Old: 0 New: 1". (I may have the message order backwards, but it's probably irrelevant.)
Until it happened a couple of times over a period of months, I didn't bother to search-out an explanation. I started to grow a bit concerned, given that I definitely hadn't modified the administrative user(s), and I found this thread, which explains the issue:
https://www.howtoforge.com/community/threads/alert-security-alert-from-server.66721/
Hopefully, it's not too difficult to add an exception handler that catches the database issue and doesn't cause this false-positive.
Thanks for looking into it!3.1Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3642forms / javascript2017-08-10T20:10:39ZFlorian Schaalforms / javascriptThe current javascript-files do not user "enter" as "ok" or "save". You must use the button on all forms.The current javascript-files do not user "enter" as "ok" or "save". You must use the button on all forms.3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3641dns-wizard2017-08-10T20:10:39ZFlorian Schaaldns-wizardThe DNS-Wizard just does nothing.The DNS-Wizard just does nothing.Florian SchaalFlorian Schaalhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3638Email Catchall not run2017-08-10T20:10:39ZNilton OSEmail Catchall not runEmail Catchall not run
OS: Ubuntu 14.04 64BitsEmail Catchall not run
OS: Ubuntu 14.04 64Bitshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4316Incorrect names of fields in DNS DMARC form2017-09-06T10:01:04ZMiroslav StaroňIncorrect names of fields in DNS DMARC formFrom dns_dmarc_edit.htm
**dmarc_fo1 field:**
`<input type="checkbox" value="1" id="dmarc_fo0" name="dmarc_fo0" {tmpl_var name='dmarc_fo1'}/>`
**dmarc_rf_afrf field:**
`<input type="checkbox" value="1" id="dmarc_rf_afrf" name="dmarc_fo0...From dns_dmarc_edit.htm
**dmarc_fo1 field:**
`<input type="checkbox" value="1" id="dmarc_fo0" name="dmarc_fo0" {tmpl_var name='dmarc_fo1'}/>`
**dmarc_rf_afrf field:**
`<input type="checkbox" value="1" id="dmarc_rf_afrf" name="dmarc_fo0" {tmpl_var name='dmarc_rf_afrf'}/>`
When editing an existing DMARC record there is missing checkbox active and instead displays the text CHECKED.
![dmarc-ispconfig](/uploads/ba70198b2ed6f88a545b3c21a142e6d5/dmarc-ispconfig.jpg)3.1.7https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3632False order in processing sites_database_add2017-08-10T20:10:39ZMaurus CaflischFalse order in processing sites_database_addThe processing order for the method sites_database_add should be changed for the following lines in remoting.in.php.
```
$app->sites_database_plugin->processDatabaseInsert($this);
$retval = $this->insertQueryExecute($sql, $params);
...The processing order for the method sites_database_add should be changed for the following lines in remoting.in.php.
```
$app->sites_database_plugin->processDatabaseInsert($this);
$retval = $this->insertQueryExecute($sql, $params);
```
Without parameters of the insertQueryExecute the processDatabaseInsert cannot work correct. The resulting effect is, that the database has no client assigned.
This processing order is also present in the GIT/Master-Repo sites.inc.php.3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3631Check if suphp.conf on apache 2.4 needs to be modified2017-08-10T20:10:39ZTill BrehmCheck if suphp.conf on apache 2.4 needs to be modifiedhttp://www.tehfear.com/2009/04/07/apache-addtype-and-addhandler/
or remove the:
AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml
line.http://www.tehfear.com/2009/04/07/apache-addtype-and-addhandler/
or remove the:
AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml
line.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3620Login admin/client error2017-08-10T20:10:39ZAndreiLogin admin/client errorAfter inserting data in form, refreshing page only and nothing happeningAfter inserting data in form, refreshing page only and nothing happeninghttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3601Invalid sendmail "from" in php_fpm_pool.conf.master2017-08-10T20:10:39ZMichael EpsteinInvalid sendmail "from" in php_fpm_pool.conf.masterActual code:
php_admin_value[sendmail_path] = "/usr/sbin/sendmail -t -i -fwebmaster@<tmpl_var name='domain'>"
If should be:
php_admin_value[sendmail_path] = "/usr/sbin/sendmail -t -i -f webmaster@<tmpl_var name='domain'>"
Please ...Actual code:
php_admin_value[sendmail_path] = "/usr/sbin/sendmail -t -i -fwebmaster@<tmpl_var name='domain'>"
If should be:
php_admin_value[sendmail_path] = "/usr/sbin/sendmail -t -i -f webmaster@<tmpl_var name='domain'>"
Please note the missing space between the -f and webmaster@3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3600PHP-FPM permission problem after latest ISP upgrade2017-08-10T20:10:39ZGrzegorz BrzezinkaPHP-FPM permission problem after latest ISP upgradeProblems applies to ISPConfig 3 running with NGINX+PHP-FPM. After the latest ISP + PHP upgrade, the security issue was fixed. The PHP changelog for this version has the following information under the FPM section: Fixed bug #67060 (possi...Problems applies to ISPConfig 3 running with NGINX+PHP-FPM. After the latest ISP + PHP upgrade, the security issue was fixed. The PHP changelog for this version has the following information under the FPM section: Fixed bug #67060 (possible privilege escalation due to insecure default configuration). (CVE-2014-0185)
As stated herehttp://websistent.com/fix-connect-to-php5-fpm-sock-failed-13-permission-denied-while-connecting-to-upstream-nginx-error/: The default value of the listen.mode was 0666 prior 5.5.12. To fix the CVE-2014-0185 vulnerability this was changed to 0660.
And actual bug. As a consequence, when a new website is added, the website user eg. web12 is not added to the owner of the WWW server process (in my case: grep 'user' /etc/nginx/nginx.conf is www-data). It results in the 502 error when trying to open any php file in the browser and the
connect() to unix:/var/lib/php5-fpm/web12.sock failed (13: Permission denied) while connecting to upstream
error in error.log of the client.
The fix is easy: add website user to WWW server process owner group (in my case: add web12 to www-data group). I think this should be added to the website creation script in ISPConfig 3.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3598ispconfig error on Jessie2017-08-10T20:10:39Zfredispconfig error on JessieReason for Apache restart failure: Failed to restart httpd.service: Unit httpd.service failed to load: No such file or directory.
Apache did not restart after the configuration change for website mch.be. Reverting the configuration. Sav...Reason for Apache restart failure: Failed to restart httpd.service: Unit httpd.service failed to load: No such file or directory.
Apache did not restart after the configuration change for website mch.be. Reverting the configuration. Saved non-working config as <folder>/<site>.err
Reason is that the file /usr/local/ispconfig/server/plugins-enabled/apache2_plugin.inc.php
on the line 1525 is "$retval = $app->services->restartService('httpd', 'restart'); // $retval['retval'] is 0 on success and > 0 on failure"
and should be $retval = $app->services->restartService('apache2', 'restart'); // $retval['retval'] is 0 on success and > 0 on failure
As the service is apache2 and not httpd.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3595OpenVZ: can't change privvmpages2017-08-10T20:10:39ZJesse NorellOpenVZ: can't change privvmpagesThe default privvmpages setting in the small template should be changed, as the limit (second number) should be higher than the barrier (first number). But when I try to change it from the default 131072:131072 to 131072:163840 and save...The default privvmpages setting in the small template should be changed, as the limit (second number) should be higher than the barrier (first number). But when I try to change it from the default 131072:131072 to 131072:163840 and save, there is no error, but the change is not saved; subsequently editing the template shows it back at 131072:131072 again. I haven't tried all the other settings, but at least some of them do retain changes made.3.1Florian SchaalFlorian Schaalhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3594Problem with editing IDN DNS Records as client2017-08-10T20:10:39ZTill BrehmProblem with editing IDN DNS Records as clienthttps://www.howtoforge.com/community/threads/error-when-trying-to-access-records-in-dns-with-idn-as-client.70299/#post-331101https://www.howtoforge.com/community/threads/error-when-trying-to-access-records-in-dns-with-idn-as-client.70299/#post-331101https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3593ISPConfig can not create a database if the name consists only of numbers.2017-08-10T20:10:40ZYuriISPConfig can not create a database if the name consists only of numbers.Debug log
2015-06-15 18:10 <servername> Debug Processed datalog_id 2797
2015-06-15 18:10 <servername> Debug GRANT ALL ON 6007.* TO '6007'@'localhost' IDENTIFIED BY PASSWORD '*password'; success? no
2015-06-15 18:10 <serve...Debug log
2015-06-15 18:10 <servername> Debug Processed datalog_id 2797
2015-06-15 18:10 <servername> Debug GRANT ALL ON 6007.* TO '6007'@'localhost' IDENTIFIED BY PASSWORD '*password'; success? no
2015-06-15 18:10 <servername> Debug GRANT for user 6007 at host localhost
2015-06-15 18:10 <servername> Debug Unable to create the database: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '6007' at line 1
2015-06-15 18:10 <servername> Debug Calling function 'db_insert' from plugin 'mysql_clientdb_plugin' raised by event 'database_insert'.
2015-06-15 18:10 <servername> Debug Processed datalog_id 2796
2015-06-15 18:10 <servername> Debug Calling function 'db_user_update' from plugin 'mysql_clientdb_plugin' raised by event 'database_user_update'.
2015-06-15 18:10 <servername> Debug Processed datalog_id 2795
2015-06-15 18:10 <servername> Debug Error while dropping MySQL database: 6007 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '6007' at line 1
2015-06-15 18:10 <servername> Debug REVOKE for user 6007 at host localhost
2015-06-15 18:10 <servername> Debug Calling function 'db_delete' from plugin 'mysql_clientdb_plugin' raised by event 'database_delete'.
2015-06-15 18:10 <servername> Debug Found 3 changes, starting update process.3.1Florian SchaalFlorian Schaalhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3587ERROR - CSRF attempt blocked.2017-08-10T20:10:40ZMislav Orsolicmislavorsolic@gmail.comERROR - CSRF attempt blocked.I was running on few servers version 3.0.5.4p6 and I've received email yesterday about new version 3.0.5.4p7, so I went to update now and it updated to 3.0.5.4p8.
Now, when I want to go in System -> server config -> server - I'm unabl...I was running on few servers version 3.0.5.4p6 and I've received email yesterday about new version 3.0.5.4p7, so I went to update now and it updated to 3.0.5.4p8.
Now, when I want to go in System -> server config -> server - I'm unable to enter any tab other then Server, every tab I click on - Mail/web/dns I get the following error:
ERROR
CSRF attempt blocked.
http://awesomescreenshot.com/0154yj1g49
I'm running Debian 7.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3586ispconfig_update.sh overwrites SSL Certificate Configuration for ISPConfig2017-08-10T20:10:40ZEsteban Marinesteban.marin@bithost.chispconfig_update.sh overwrites SSL Certificate Configuration for ISPConfigispconfig_update.sh overwrites SSL Certificate Configuration for ISPConfig even for
Create new ISPConfig SSL certificate (yes,no) [no]: no
therefore i have to change the certificate paths in
/etc/apache2/sites-available/ispconfig.vh...ispconfig_update.sh overwrites SSL Certificate Configuration for ISPConfig even for
Create new ISPConfig SSL certificate (yes,no) [no]: no
therefore i have to change the certificate paths in
/etc/apache2/sites-available/ispconfig.vhost
for every update.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3585System tab broken after update to ISPConfig 3.0.5.4p72019-10-14T17:26:57ZEricSystem tab broken after update to ISPConfig 3.0.5.4p7The "System" tab is broken in some parts after the update from 3.0.5.4p6 to 3.0.5.4p7:
- System -> Server Config does not show any data anymore
- When trying to switch between tabs under System -> Interface -> Main Config, an error o...The "System" tab is broken in some parts after the update from 3.0.5.4p6 to 3.0.5.4p7:
- System -> Server Config does not show any data anymore
- When trying to switch between tabs under System -> Interface -> Main Config, an error occurs ("CSRF attempt blocked.") which prevents switching the tabs3.0.5.4p8Till BrehmTill Brehmhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3577"Reset password" generates too short passwords2017-08-10T20:10:40Zoliver gmelch"Reset password" generates too short passwordsWhen trying to reset a password from ISPConfig main login screen, the user is prompted to enter his email address and username. Afterwards, he receives an email comprising his new password to log into ISPConfig.
In my case, the newly g...When trying to reset a password from ISPConfig main login screen, the user is prompted to enter his email address and username. Afterwards, he receives an email comprising his new password to log into ISPConfig.
In my case, the newly generated password consisted of only 3 letters, e.g. the following passwords were created automatically:
* 35#
* _@3
Since this password can indeed be used to log into the account afterwards, this presents a serious security risk since three-digits passwords can easily be guessed using brute force attacks and some users may be tempted to leave this password as-is.
More detailed information about the system configuration used:
* ISPConfig 3.0.5.4p6
* Operating system: Debian Wheezy (7.8)
* Used PHP version: PHP 5.4.39-0+deb7u2
Password generation settings within ISPConfig:
* minimum password length: 8
* minimum password complexity: medium
It appears as if the following line in interface/lib/classes/auth.inc.php -> get_random_password is the culprit for this behaviour:
$minLength = $minLength || 10;
Once deactivated, password generation worked as intended and resulted in passwords in line with the minimum password length policy.3.0.5.4p7Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3576Wrong home folder permisions after changing ssh username2017-08-10T20:10:40ZDaan HeemskerkWrong home folder permisions after changing ssh usernameI first created a ssh user and then changed the username.
when I login to the shell my home directory is:
/var/www/clients/client[n]/web[n]/home/new_username
but I can't write in this directory:
cd ..
ls -l
shows:
drwx...I first created a ssh user and then changed the username.
when I login to the shell my home directory is:
/var/www/clients/client[n]/web[n]/home/new_username
but I can't write in this directory:
cd ..
ls -l
shows:
drwxr-x--- 2 web2 client5 4096 May 25 12:42 old_username
drwxr-x--- 2 root client5 4096 May 25 12:43 new_username
repeating this shows another result of the bug:
the contents of /etc/passwd is one step behind; showing the details of the user created before.
opening and saving the user without modification fixes the contents of /etc/passwd.
but the folder permissions remain wrong.
I believe the expected behavior would be that ISPConfig renames the folder when an existing username changes or does not allow to change the username.3.0.5.4p7https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3574Admin is allowed to assign more clients to a reseller than the limit.2017-08-10T20:10:40ZDaan HeemskerkAdmin is allowed to assign more clients to a reseller than the limit.I just posted a solution to task #3471 and found a new problem:
There is no Validation on the amount of clients a reseller has at the moment I assign a client to a reseller as admin.
To repeat the problem:
1) Create a reseller.
...I just posted a solution to task #3471 and found a new problem:
There is no Validation on the amount of clients a reseller has at the moment I assign a client to a reseller as admin.
To repeat the problem:
1) Create a reseller.
2) Set the client limit to 1.
3) Create a client and assign the client to the reseller.
4) Repeat step 3.
I think the reseller should always be shown in the dropdown to avoid confusion as in #3471 but it should be disabled and there should be a small warning behind it
like "( above limit )".https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3573ISPConfig-3.0.5.4 unable to open any link from the email accounts menu and su...2017-08-10T20:10:40ZYassir ElnawISPConfig-3.0.5.4 unable to open any link from the email accounts menu and sub-menusEverything was working fine with the ISPConfig 3.0.5.4 all the sudden I couldn't access any link from the email accounts menu and sub-menu such as:
Email Accounts
Domain
Domain Alias
Email Mailbox
Email Alias...Everything was working fine with the ISPConfig 3.0.5.4 all the sudden I couldn't access any link from the email accounts menu and sub-menu such as:
Email Accounts
Domain
Domain Alias
Email Mailbox
Email Alias
Email Forward
Email Catchall
Email Routing
Mailing List
Mailing List
Spamfilter
Whitelist
Blacklist
User / Domain
Policy
Fetchmail
Fetchmail
Statistics
Mailbox quota
Mailbox traffic
Global Filters
Postfix Whitelist
Postfix Blacklist
Content Filter
Relay Recipients
I really don't know what to do I have an Ubuntu 14.10 and running sub-domains in a single server so please help!https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3570Invalid home dir for shell users2017-08-10T20:10:40ZIgor PilnikInvalid home dir for shell usersWhen I create shell user (c4_test for example), his home dir placed in /var/www/clients/client4/web5/home/c4_test.
But in the web interface specified /var/www/clients/client4/web5 (In Shell-user Options). It's only in 3.0.5.4p6 version,...When I create shell user (c4_test for example), his home dir placed in /var/www/clients/client4/web5/home/c4_test.
But in the web interface specified /var/www/clients/client4/web5 (In Shell-user Options). It's only in 3.0.5.4p6 version, 3.0.5.4p5 works fine.3.0.5.4p7https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3567backup - delete unused file (interval = none)2017-08-10T20:10:40ZTimo Boldtbackup - delete unused file (interval = none)It seems as if the daily cron got some problems.
If you configure ispconfig to create backups owned by root, the directory structure looks like:
root@srv1 /usr/local/ispconfig/server # ls -lha /var/backup
drwxr-x--- 2 web1 client1 ...It seems as if the daily cron got some problems.
If you configure ispconfig to create backups owned by root, the directory structure looks like:
root@srv1 /usr/local/ispconfig/server # ls -lha /var/backup
drwxr-x--- 2 web1 client1 4,0K Mai 16 14:56 web1
root@srv1 /usr/local/ispconfig/server # ls -lha /var/backup/web1/
-rwxr-x--- 1 root root 44K Mai 16 14:56 web1_2015-05-16_14-56.tar.gz
Alright, but now you choose your backup interval to none, so the daily_cron will try to delete theese files:
exec('sudo -u '.escapeshellarg($web_user).' rm -f '.escapeshellarg($web_backup_dir.'/*'));
--> sudo -u web1 rm -f '/var/backup/web1/*'
The problem will be first, that /var/backup is owned by root:root by 750 (no access by web1)...
If you fix the permissions (755), next time it will be reset:
if(isset($server_config['backup_dir_ftpread']) && $server_config['backup_dir_ftpread'] == 'y') {
$backup_dir_permissions = 0755;
} else {
$backup_dir_permissions = 0750;
}
So we need to differentiate 2 cases:
if only accessable by root , sudo should be not used, if by user, sudo -u usage.
Another solution is to set 755 without 2 cases, but I think it would be better to use sudo as prefix , if user access is configured.3.1Florian SchaalFlorian Schaalhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3563[IE10] PHP / SQL Error in Monitor Tab2017-08-10T20:10:40ZVANKO[IE10] PHP / SQL Error in Monitor TabI found a bug in monitor app which only exists when im accessing ISPConfig via Internet Explorer.
1. Log-in to your ISPConfig 3 admin account via Internet Explorer
2. Click "Monitor" tab
3. Click any menu position below "Hardware Info...I found a bug in monitor app which only exists when im accessing ISPConfig via Internet Explorer.
1. Log-in to your ISPConfig 3 admin account via Internet Explorer
2. Click "Monitor" tab
3. Click any menu position below "Hardware Information", "Server State" or "Logfiles".
https://www.howtoforge.com/community/threads/ispconfig-3-0-5-4p6-ie10-php-sql-error.70032/https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3562Additional PHP versions not shown for vhost subdomains2020-03-03T01:27:50ZMarius BurkardAdditional PHP versions not shown for vhost subdomainsIf the additional php versions are assigned to a single client, they are not shown on vhost subdomain php version selector.
It works, if the php version is not assigned to a client (available to all clients).If the additional php versions are assigned to a single client, they are not shown on vhost subdomain php version selector.
It works, if the php version is not assigned to a client (available to all clients).3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3559APS installer: String could not be parsed as XML2017-08-10T20:10:40ZTill BrehmAPS installer: String could not be parsed as XMLThe message "String could not be parsed as XML" appears in APS installer when the list of packages is updated.The message "String could not be parsed as XML" appears in APS installer when the list of packages is updated.3.0.5.4p6https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3558Missing variable check in module changer script.2017-08-10T20:10:40ZTill BrehmMissing variable check in module changer script.A XSS vulnerability has been found in the ISPConfig 3 module changer script.
The vulnerability requires a valid user login to ISPConfig, unauthenticated
users are not affected.
http://www.ispconfig.org/blog/1/entry-145-security-pa...A XSS vulnerability has been found in the ISPConfig 3 module changer script.
The vulnerability requires a valid user login to ISPConfig, unauthenticated
users are not affected.
http://www.ispconfig.org/blog/1/entry-145-security-patch-for-ispconfig-3054p5-released/https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3554The hostname has the wrong format when creating record with '_'2017-08-10T20:10:40ZfredThe hostname has the wrong format when creating record with '_'when you try to create a record with a _ (at least A and CNAME), you have an error message.
Exemple we are not able to create "k1._domainkey.dnstest.com. 86400 IN CNAME dkim.mcsv.net." through the ISPConfig web interface, t...when you try to create a record with a _ (at least A and CNAME), you have an error message.
Exemple we are not able to create "k1._domainkey.dnstest.com. 86400 IN CNAME dkim.mcsv.net." through the ISPConfig web interface, the only way is to do it directly in the bind domain config filehttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3546ispconfig LOGIN2017-08-10T20:10:40ZClaudiusispconfig LOGINOn last rev login into panel doesn't workat all.
if you login nothing change.
In logs I only see this:
Successful login for user 'admin' from 0.0.0.0 at 2015-04-26On last rev login into panel doesn't workat all.
if you login nothing change.
In logs I only see this:
Successful login for user 'admin' from 0.0.0.0 at 2015-04-26https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3544ispconfig php-cgi zombie processes2017-08-10T20:10:40ZAlexanderispconfig php-cgi zombie processesHello, I have noticed on two centos servers that multiple php-cgi processes are kept in memory even though the ispconfig server setting "FastCGI Children" is set to 1 or 2.
What i see on top are multiple php-cgi processes running with...Hello, I have noticed on two centos servers that multiple php-cgi processes are kept in memory even though the ispconfig server setting "FastCGI Children" is set to 1 or 2.
What i see on top are multiple php-cgi processes running with user name "ispconfi".
Info:
Http server Apache 2.2
OS: Centos 5.11
Isp Config V: ispconfig-3054p5
One server uses for host:
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
The other uses no host but a different port... Both have the same issue.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3534Maxlength DNS SPF Record fields2017-08-10T20:10:40ZBart GuijtMaxlength DNS SPF Record fieldsThe spf_id-field while adding an SPF-record to the DNS of a domain has a maxlength of 63. Today I had to add a value to this field exceeding this length. I can change this myself, but could this limit be set higher (e.g. 255) in a future...The spf_id-field while adding an SPF-record to the DNS of a domain has a maxlength of 63. Today I had to add a value to this field exceeding this length. I can change this myself, but could this limit be set higher (e.g. 255) in a future update, to avoid the "bug-fix" to be overwritten again?https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3530function processDatalog() server/lib/classes/modules.inc.php2017-08-10T20:10:40Zno namefunction processDatalog() server/lib/classes/modules.inc.phpispconfig-3.0.5.4p5
PHP 5.6.1
mysql Ver 14.14 Distrib 5.6.17, for Linux (x86_64)
mysqlnd 5.0.11-dev - 20120503 (mysqli)
In File: ispconfig/server/lib/classes/modules.inc.php (function processDatalog() )
On line about 138:
$...ispconfig-3.0.5.4p5
PHP 5.6.1
mysql Ver 14.14 Distrib 5.6.17, for Linux (x86_64)
mysqlnd 5.0.11-dev - 20120503 (mysqli)
In File: ispconfig/server/lib/classes/modules.inc.php (function processDatalog() )
On line about 138:
$tmp_sql1 = '';
$tmp_sql2 = '';
foreach($data['new'] as $fieldname => $val) {
$tmp_sql1 .= "`$fieldname`,";
$tmp_sql2 .= "'".$app->db->quote($val)."',";
}
$tmp_sql1 = substr($tmp_sql1, 0, -1);
Replace with:
$tmp_sql1 = '';
$tmp_sql2 = '';
foreach($data['new'] as $fieldname => $val) {
$tmp_sql1 .= "`$fieldname`,";
if (is_null($val))
$tmp_sql2 .= "NULL,";
else
$tmp_sql2 .= "'".$app->db->quote($val)."',";
}
$tmp_sql1 = substr($tmp_sql1, 0, -1);https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3529Shell users not deleted while php-fpm is used2017-08-10T20:10:40ZChris KesslerShell users not deleted while php-fpm is usedwhen a client creates a site using php-fpm and shell user, then deletes the shell user, the shell user is not deleted because php-fpm holds a process open under the uid of the shell user.
Solution: stop php-fpm during the removal of s...when a client creates a site using php-fpm and shell user, then deletes the shell user, the shell user is not deleted because php-fpm holds a process open under the uid of the shell user.
Solution: stop php-fpm during the removal of shell users and restart after.3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3528Users unable to write in home directory.2017-08-10T20:10:41ZChris KesslerUsers unable to write in home directory.This is an issue with non-jailed users not being able to write in their own home directory.
There is in fact several issues:
1) users cannot create directories for example to use ssh keys via ssh.
2) applications that store data...This is an issue with non-jailed users not being able to write in their own home directory.
There is in fact several issues:
1) users cannot create directories for example to use ssh keys via ssh.
2) applications that store data such as for irssi (~/.irssi) or znc (~/.znc), etc, cannot do so.
3) users cannot create a .bashrc script
I understand the security aspect, however I feel the private folder should be created as the users home directory to solve this issue.3.0.5.4p7https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3527mod_pagespeed breaks Save in Websites2017-08-10T20:10:41ZFlywheelmod_pagespeed breaks Save in WebsitesInstalled mod_pagespeed and configured it with pretty basic settings. Now, when I try to add a new website it doesn't show Default in the PHP options box and the save button doesn't work. I don't see how to disable pagespeed for the IS...Installed mod_pagespeed and configured it with pretty basic settings. Now, when I try to add a new website it doesn't show Default in the PHP options box and the save button doesn't work. I don't see how to disable pagespeed for the ISPConfig domain since it isn't in a normal vhost file. Disabling mod_pagespeed corrects the issue, but I need it for all hosted sites, just not for ISPConfig.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3525Missing secure and httponly attribute on PHP session cookie2017-08-10T20:10:41ZTill BrehmMissing secure and httponly attribute on PHP session cookieThe flaw is due to SSL cookie is not using 'secure' attribute, which allows cookie to be passed to the server by the client over non-secure channels (http) and allows attacker to conduct session hijacking attacks. remote systems.
many...The flaw is due to SSL cookie is not using 'secure' attribute, which allows cookie to be passed to the server by the client over non-secure channels (http) and allows attacker to conduct session hijacking attacks. remote systems.
many thanks to Alexander Norman <xh [at] xh [dot] se> for reporting this issue.3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3523Remote user permissions are lacking functions2017-08-10T20:10:41ZDjerk GeurtsRemote user permissions are lacking functionsNeeding to migrate from courier to dovecot I followed this post https://www.howtoforge.com/community/threads/changing-mail-software.57713/#post-281080 but I hit a problem with remote user permission.
With all tick-boxes ticked I ended...Needing to migrate from courier to dovecot I followed this post https://www.howtoforge.com/community/threads/changing-mail-software.57713/#post-281080 but I hit a problem with remote user permission.
With all tick-boxes ticked I ended up with the following functions enabled in the sql table:
client_get_all,client_get,client_add,client_update,client_delete,client_get_sites_by_user,client_get_by_username,client_change_password,client_get_id,client_delete_everything;domains_domain_get,domains_domain_add,domains_domain_delete,domains_get_all_by_user;server_get,get_function_list,client_templates_get_all,server_get_serverid_by_ip,server_ip_get,server_ip_add,server_ip_update,server_ip_delete;admin_record_permissions
This post listed a whole lot more, being stuck I created a new temporary remote user and replaced the functions with a list of functions found here https://www.howtoforge.com/community/threads/soap-api-problems-in-3-0-4-6.58894/.
After this "php courier_to_dovecot.php" ran successfully.
The error I otherwise encountered:
Logged successfull. Session ID:d73cf139a736817e8ece5f6b90052c96
```php
<?xml version="1.0" encoding="UTF-8"?>
```
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>permission_denied</faultcode><faultstring>You do not have the permissions to access this function.</faultstring></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
SOAP Error: You do not have the permissions to access this function.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3522Possible Traffic-Quota bypass2017-08-10T20:10:41ZChristianPossible Traffic-Quota bypassA Website owner can bypass the Traffic Quota mechanism by setting the "access_log off;" option. (nginx)
The owner should either not be able to set this option (=> override it) or we need another mechanism for traffic calculation.A Website owner can bypass the Traffic Quota mechanism by setting the "access_log off;" option. (nginx)
The owner should either not be able to set this option (=> override it) or we need another mechanism for traffic calculation.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3520IDN Web Domain2017-08-10T20:10:41ZMarco SchubertIDN Web DomainIn this example i use the Domain:
IDN: äüötest.de
ACE-String: xn--test-koa2itb.de
if i add a new Website with the Domain: xn--test-koa2itb.de all looks fine the website is added and translated to äüötest.de in the list of websites...In this example i use the Domain:
IDN: äüötest.de
ACE-String: xn--test-koa2itb.de
if i add a new Website with the Domain: xn--test-koa2itb.de all looks fine the website is added and translated to äüötest.de in the list of websites, and is accessible from the Browser.
After modifying this website with no change, just go to edit and click save then the URL changes to [strange-chars]test.de and is not accessible from Browser any more.
[strange-chars] is because i can´t post them here, got an Database error :-)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3515CRON-Error since last upgrade "monitor_tools::delOldRecords()"2017-08-10T20:10:41ZGabriel K.CRON-Error since last upgrade "monitor_tools::delOldRecords()"Cron.sh does not work anymore since my recent upgrade using "ispconfig_update.sh" using stable-branch.
```
[...]
Jobs next run is now 2015-03-23 21:25:0
PHP Fatal error: Call to undefined method monitor_tools::delOldRecords() in...Cron.sh does not work anymore since my recent upgrade using "ispconfig_update.sh" using stable-branch.
```
[...]
Jobs next run is now 2015-03-23 21:25:0
PHP Fatal error: Call to undefined method monitor_tools::delOldRecords() in /usr/local/ispconfig/server/lib/classes/cron.d/100-monitor_disk_usage.inc.php on line 152
```3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3513Unable to istall apache2.2-common and libapache2-mod-ruby on Ubuntu 14.042017-08-10T20:10:41ZVeshant ChettiarUnable to istall apache2.2-common and libapache2-mod-ruby on Ubuntu 14.04I get an error on installation when installing apache2.2-common and libapache2-mod-ruby on Ubuntu 14.04.I get an error on installation when installing apache2.2-common and libapache2-mod-ruby on Ubuntu 14.04.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3510APS crawler: Cannot read metadata from xxxxxxxx.app.zip2017-08-10T20:10:41ZVeshant ChettiarAPS crawler: Cannot read metadata from xxxxxxxx.app.zipI keep getting the error below. I noticed a few other people have had it when I searched around. The zip file contains the PKG_URL file but not the app_metadata file.
APS crawler: Cannot read metadata from xxxxxxxx.app.zipI keep getting the error below. I noticed a few other people have had it when I searched around. The zip file contains the PKG_URL file but not the app_metadata file.
APS crawler: Cannot read metadata from xxxxxxxx.app.zip3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3501Password is not updated in `mysql`.`user` table when read-only database user'...2017-08-10T20:10:41ZBen JohnsonPassword is not updated in `mysql`.`user` table when read-only database user's password is changedI happened upon what seems to be a bug in ISPConfig (v 3.0.5.4p5).
When I attempt to change the password for a read-only MySQL database user, the password (hash) in MySQL's `mysql`.`user` is not changed accordingly.
For what it's w...I happened upon what seems to be a bug in ISPConfig (v 3.0.5.4p5).
When I attempt to change the password for a read-only MySQL database user, the password (hash) in MySQL's `mysql`.`user` is not changed accordingly.
For what it's worth, I am able to change a fully-privileged user's password without issue; this problem occurs only when the user has read-only privileges.
I have tested this on two different (though similarly-configured) ISPConfig servers and the result is the same.
Steps to reproduce (ISPConfig client ID is assumed to be "1" for this purpose):
1.) Create a new database user (e.g., "user") and supply a known password.
2.) Create another new database user, which will have read-only privileges (e.g., "userro"). Supply the same password as for the first user.
3.) Create a new database and set "Database user" to "c1user", and set "Read-only database user" to "c1userro". Save the database.
We see three entries added to the Jobqueue:
2015-03-06 12:54 localhost Insert web_database
2015-03-06 12:54 localhost ubuntu-vm Update web_database_user
2015-03-06 12:54 localhost Update web_database_user
These changes are processed as such:
06.03.2015-12:55 - DEBUG - Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
06.03.2015-12:55 - DEBUG - Found 3 changes, starting update process.
06.03.2015-12:55 - DEBUG - Calling function 'db_user_update' from plugin 'mysql_clientdb_plugin' raised by event 'database_user_update'.
06.03.2015-12:55 - DEBUG - Processed datalog_id 234
06.03.2015-12:55 - DEBUG - Calling function 'db_user_update' from plugin 'mysql_clientdb_plugin' raised by event 'database_user_update'.
06.03.2015-12:55 - DEBUG - Processed datalog_id 235
06.03.2015-12:55 - DEBUG - Calling function 'db_insert' from plugin 'mysql_clientdb_plugin' raised by event 'database_insert'.
06.03.2015-12:55 - DEBUG - Created MySQL database: c1test
06.03.2015-12:55 - DEBUG - GRANT for user c1user at host localhost
06.03.2015-12:55 - DEBUG - GRANT ALL ON c1test.* TO 'c1user'@'localhost' IDENTIFIED BY PASSWORD '*9AEAFA390F7DCA63B36F16537095960E6196778A'; success? yes
06.03.2015-12:55 - DEBUG - GRANT for user c1userro at host localhost
06.03.2015-12:55 - DEBUG - GRANT SELECT ON c1test.* TO 'c1userro'@'localhost' IDENTIFIED BY PASSWORD '*9AEAFA390F7DCA63B36F16537095960E6196778A'; success? yes
06.03.2015-12:55 - DEBUG - Processed datalog_id 236
06.03.2015-12:55 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
So far, so good.
4.) Obtain the password hashes for both users, c1user and c1userro, so that we are able to compare them to the values after we change each user's password. Given that we supplied the same password for each user, the hashes should be identical.
# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1314
Server version: 5.6.19-0ubuntu0.14.04.1-log (Ubuntu)
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use mysql;
Database changed
mysql> SELECT `Host`, `User`, `Password` FROM `user` WHERE `User` IN('c1user', 'c1userro');
+-----------+----------+-------------------------------------------+
| Host | User | Password |
+-----------+----------+-------------------------------------------+
| localhost | c1userro | *9AEAFA390F7DCA63B36F16537095960E6196778A |
| localhost | c1user | *9AEAFA390F7DCA63B36F16537095960E6196778A |
+-----------+----------+-------------------------------------------+
2 rows in set (0.00 sec)
5.) Now, change the password for c1userro, to a different (but known) value.
Monitor the ISPConfig log (at DEBUG level) and ensure that the update is made before continuing; the relevant entries should look like this:
06.03.2015-13:03 - DEBUG - Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
06.03.2015-13:03 - DEBUG - Found 1 changes, starting update process.
06.03.2015-13:03 - DEBUG - Calling function 'db_user_update' from plugin 'mysql_clientdb_plugin' raised by event 'database_user_update'.
06.03.2015-13:03 - DEBUG - Changing MySQL user password for: c1user@localhost
06.03.2015-13:03 - DEBUG - Processed datalog_id 237
06.03.2015-13:03 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
6.) Repeat the same MySQL query to determine whether or not the password hash for the user whose password we changed in the previous step was, in fact, updated:
mysql> SELECT `Host`, `User`, `Password` FROM `user` WHERE `User` IN('c1user', 'c1userro');
+-----------+----------+-------------------------------------------+
| Host | User | Password |
+-----------+----------+-------------------------------------------+
| localhost | c1userro | *9AEAFA390F7DCA63B36F16537095960E6196778A |
| localhost | c1user | *4C367891B0E318002CA2EA353E87E0DB8EEF8263 |
+-----------+----------+-------------------------------------------+
2 rows in set (0.00 sec)
The c1user does indeed have a new password hash, so all is well thus far.
7.) This time, change the password for the read-only user, c1userro.
And, again, monitor the ISPConfig log to ensure that the change is processed. The relevant entries should look something like this:
06.03.2015-13:07 - DEBUG - Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
06.03.2015-13:07 - DEBUG - Found 1 changes, starting update process.
06.03.2015-13:07 - DEBUG - Calling function 'db_user_update' from plugin 'mysql_clientdb_plugin' raised by event 'database_user_update'.
06.03.2015-13:07 - DEBUG - Processed datalog_id 238
06.03.2015-13:07 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
At this point, the astute observer notices that this log excerpt is missing one line that is present in the excerpt from step 5:
Changing MySQL user password for: [user]
where [user] is the target user whose password is being changed.
8.) Again, repeat the MySQL query to compare the password hashes, as stored in MySQL.
mysql> SELECT `Host`, `User`, `Password` FROM `user` WHERE `User` IN('c1user', 'c1userro');
+-----------+----------+-------------------------------------------+
| Host | User | Password |
+-----------+----------+-------------------------------------------+
| localhost | c1userro | *9AEAFA390F7DCA63B36F16537095960E6196778A |
| localhost | c1user | *4C367891B0E318002CA2EA353E87E0DB8EEF8263 |
+-----------+----------+-------------------------------------------+
2 rows in set (0.00 sec)
The result is exactly the same as in step 6, confirming that the c1userro user's password was not changed.3.1Florian SchaalFlorian Schaalhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3496FTP user double name add2017-08-10T20:10:41ZOsin BOsinjakFTP user double name addWhen i add FTP account for existing user (who have no yet ftp) if account name is "vrtic" he will not request blank add(to use allready added user) he will ask to add username, when i add vrtic, it will create account vrticvrtic, i tried...When i add FTP account for existing user (who have no yet ftp) if account name is "vrtic" he will not request blank add(to use allready added user) he will ask to add username, when i add vrtic, it will create account vrticvrtic, i tried to change that several times, but it only lets me in FTP via double name of userhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3492Wrong Symlink for Subdomains (Vhost)2017-08-10T20:10:41ZEsteban Marinesteban.marin@bithost.chWrong Symlink for Subdomains (Vhost)When creating a subdomain (vhost), the symlink in /var/www/ points to the parent website, not to the subdomain folder.When creating a subdomain (vhost), the symlink in /var/www/ points to the parent website, not to the subdomain folder.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3491PHP-FPM Error 500 When adding new domain2017-08-10T20:10:41ZEsteban Marinesteban.marin@bithost.chPHP-FPM Error 500 When adding new domainhi
after adding a new domain, i got the following error when calling a php script:
[Tue Feb 24 11:01:02.408674 2015] [fastcgi:error] [pid 18683] (2)No such file or directory: [client 129.132.203.169:59218] FastCGI: failed to connec...hi
after adding a new domain, i got the following error when calling a php script:
[Tue Feb 24 11:01:02.408674 2015] [fastcgi:error] [pid 18683] (2)No such file or directory: [client 129.132.203.169:59218] FastCGI: failed to connect to server "/var/www/clients/client4/web55/cgi-bin/php5-fcgi-*-80-demo.domain.com": connect() failed
[Tue Feb 24 11:01:02.408750 2015] [fastcgi:error] [pid 18683] [client 129.132.203.169:59218] FastCGI: incomplete headers (0 bytes) received from server "/var/www/clients/client4/web55/cgi-bin/php5-fcgi-*-80-demo.domain.com"
hence in the browser i got an error 500
after a lot of research and restarting services etc i found that when doing
service php5-fpm reload/reload
i got
stop: Unknown instance:
php5-fpm start/running, process 5748
finally, the issue could be solved by
pkill -KILL php
service php5-fpm start
this i found here, where they had a similar issue:
http://i-mscp.net/index.php/Thread/5744-after-installation-php-sites-doesen-t-work-on-client-webs/
they provided a fix for their control panel:
https://github.com/i-MSCP/imscp/commit/49183aa1830b56e6b625fe37dc2bb34dee56649f
so this might also be the case with ispconfig?https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3487Remote API limiting all Web Domains to vhost2017-08-10T20:10:41ZDavid StillerRemote API limiting all Web Domains to vhostRequesting a list with sites_web_vhost_subdomain_get() is limited to all hosts of type "vhost". But the table web_domain also includes types alias and subdomain. So without removing the limitation "AND type = 'vhost'" we have no chance t...Requesting a list with sites_web_vhost_subdomain_get() is limited to all hosts of type "vhost". But the table web_domain also includes types alias and subdomain. So without removing the limitation "AND type = 'vhost'" we have no chance to get all domains of a client, including the Aliases. It would be a great solution to pass the type like this:
public function client_get_sites_by_user($session_id, $sys_userid, $sys_groupid, $vhost_type)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3476dbispconfig.dns_rr.data too short for 2048bit DKIM key2017-08-10T20:10:41ZPasidbispconfig.dns_rr.data too short for 2048bit DKIM keyHi,
When taking online our brand-new ScrolloutF1 mail gateway i notced that field for TXT-type data is too short for handling 2048bit key lengths.
Database field is only 255 characters when typical key in ScrolloutF1 is around 400 ch...Hi,
When taking online our brand-new ScrolloutF1 mail gateway i notced that field for TXT-type data is too short for handling 2048bit key lengths.
Database field is only 255 characters when typical key in ScrolloutF1 is around 400 chars.
While one can manually modify key generation in ScrolloutF1, other companies could be affect this also due Goole, Yahoo etc. moved to 2048bit back in 2012.
For example here in Finland it is fairly common to run MX on Google, but DNS in Finland.
VARCHAR-field can be 65,535 in MySQL 5.0.3 and later. I suggest for fix that data-field and related stuff is increased to around 500.
I did quick fix to my ISPConfig-cluster by modifying tables directly, but also seems like replication do not work correctly, it truncated data-record (could be that i did not give enough time to replicate.) I could not use qui tp save full lenght key, had to insert with command line and fool aoround to increase serial.
Also there is strong hints that BIND do no allow longer than 255 char records in TXT, which is why DKIM-record should be properly split to 255 char rows, which it did not do with my quick fix.3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3475Support for MariaDB2017-08-10T20:10:41ZPatrick OmlandSupport for MariaDBTitle says all.Title says all.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3474Unable to access Email Accounts Domain Domain Alias Email Mailbox Email Alias2017-08-10T20:10:41ZYassir ElnawUnable to access Email Accounts Domain Domain Alias Email Mailbox Email AliasI have newly installed ISPConfig on Ubuntu 14.10. Everything was working fine and all the sudden I could neither access Email from the mainmenu nor the side menu of Email Accounts such as Domain, Domain Alias, Email Mailbox, Email Alia...I have newly installed ISPConfig on Ubuntu 14.10. Everything was working fine and all the sudden I could neither access Email from the mainmenu nor the side menu of Email Accounts such as Domain, Domain Alias, Email Mailbox, Email Alias etc.....https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3472Reseller status disappears2017-08-10T20:10:41ZSami LahtinenReseller status disappearsIf I change resellers main template from limits as admin, then reseller status disappears and reseller is converted to client.If I change resellers main template from limits as admin, then reseller status disappears and reseller is converted to client.3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3464Mailman not detected2017-08-10T20:10:41ZFabian ZimmermannMailman not detectedHi,
mailman is not detected at Debian 7.0 because the mailman package doesn't contain any binary named "mailman" which is used to detect if mailman is installed by installer.
Ugly workaround: "ln -svf /usr/sbin/list_lists /usr/sbin...Hi,
mailman is not detected at Debian 7.0 because the mailman package doesn't contain any binary named "mailman" which is used to detect if mailman is installed by installer.
Ugly workaround: "ln -svf /usr/sbin/list_lists /usr/sbin/mailman"
Fabian3.1Florian SchaalFlorian Schaalhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3463Alias domains using the R=301,L flag redirect reversed2017-08-10T20:10:41ZLars van SanteAlias domains using the R=301,L flag redirect reversedHello,
The url redirects to the url I put in as aliasdomain while it should go to the parent website.
for example:
I put example.nl in aliasdomain and I expect it to redirect to the parent site which is example.com
But when I go ...Hello,
The url redirects to the url I put in as aliasdomain while it should go to the parent website.
for example:
I put example.nl in aliasdomain and I expect it to redirect to the parent site which is example.com
But when I go to example.nl the url doesn't change, instead when I go to .com it changes to .nl
Am I looking at this wrongfully? Is this just me?
Thanks!https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4179DNSSEC Key-Generation broken on mirrors2020-10-19T11:44:04ZAlex von FiresplashDNSSEC Key-Generation broken on mirrorsThis is a TODO-Issue for me.
DNSSEC-Implementation does not work correctly in mirrored environments.
Todo:
1. block mirrors from generating keys
2. store the keys in database (without need of new DB fields as 3.1-DB-structure is alread...This is a TODO-Issue for me.
DNSSEC-Implementation does not work correctly in mirrored environments.
Todo:
1. block mirrors from generating keys
2. store the keys in database (without need of new DB fields as 3.1-DB-structure is already locked)
3. read keys from DB before creating new ones (this implements a DB-Backup as a side-effect)
4. on Mirrors retry signing if the key was not available on soa_create
I pulled this out from ispconfig/ispconfig3#1491 as it went a bit offtopic.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3462database quota page content is websites2017-08-10T20:10:42ZNickdatabase quota page content is websitesI think, that in page where url text is "database quota" I see database list with database sizes, but not websites listI think, that in page where url text is "database quota" I see database list with database sizes, but not websites list3.1Florian SchaalFlorian Schaalhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3458new web interface layout for a 1366x768 fails2017-08-10T20:10:42ZNicknew web interface layout for a 1366x768 failsI have a notebook with 1366x768 and see, that columns and lines at client list and database list are crawl on each other, so content not readable anyway, when I zoom in/out page - content proportionally changed.I have a notebook with 1366x768 and see, that columns and lines at client list and database list are crawl on each other, so content not readable anyway, when I zoom in/out page - content proportionally changed.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3456no database restore with password containing special characters2017-08-10T20:10:42Zjayno database restore with password containing special charactersif you have special characters (like *) in your mysql root password it don't work to restore database.
The problem is here :
./server/plugins-available/backup_plugin.inc.php [line 120] :
```
$command = "gunzip --stdout ".escapeshel...if you have special characters (like *) in your mysql root password it don't work to restore database.
The problem is here :
./server/plugins-available/backup_plugin.inc.php [line 120] :
```
$command = "gunzip --stdout ".escapeshellarg($backup_dir.'/'.$backup['filename'])." | mysql -h '".escapeshellcmd($clientdb_host)."' -u '".escapeshellcmd($clientdb_user)."' -p'".escapeshellcmd($clientdb_password)."' '".$db_name."'";
```
with the use of escapeshellcmd wich change my#pass$word to my\#pass\*word
It seems that you have change it in [line 1268] :
/usr/local/ispconfig/server/cron_daily.php:
```
$command = "mysqldump -h ".escapeshellarg($clientdb_host)." -u ".escapeshellarg($clientdb_user)." -p".escapeshellarg($clientdb_password)." -c --add-drop-table --create-options --quick --result-file='".$db_backup_dir.'/'.$db_backup_file."' '".$db_name."'";
```
with the use of escapeshellarg and not escapeshellcmd.
(we saw that you have change this line from line 1267 commented and with the escapeshellcmd)
So work for me with :
./server/plugins-available/backup_plugin.inc.php:
```
$command = "gunzip --stdout ".escapeshellarg($backup_dir.'/'.$backup['filename'])." | mysql -h '".escapeshellcmd($clientdb_host)."' -u '".escapeshellcmd($clientdb_user)."' -p".escapeshellarg($clientdb_password)." '".$db_name."'";
```
may be doing the same for the 2 others escapeshellcmd in this file, allmost there are no other escapeshellcmd in the others file of this project ...
Thank you for this project. (using it for years)3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3454Error: mysqli_query Incorrect string value2017-08-10T20:10:42ZDanielError: mysqli_query Incorrect string valueHi,
I don't know how this is handled internally in ispconfig and I'm not a ispconfig developer, but I'm worried about if this bug could be possibly used for an sql-injection attack? - This is why I post this bug as critical.
Recent...Hi,
I don't know how this is handled internally in ispconfig and I'm not a ispconfig developer, but I'm worried about if this bug could be possibly used for an sql-injection attack? - This is why I post this bug as critical.
Recently I got 4 similar mails to my admin account including parts of the mail.log and following error message, I guess ispconfig sent them to me.
It happened on version 3.0.5.4p2 / Debian Wheezy, but I can't reproduce it because I don't know how it happened in the first place.
It looks like ispconfig failed parsing mail.log at some point because of maybe some unexpected characters in the message-id.
Some UTF-8 strings somehow found its way into the message-id, I don't know yet how this happened, maybe the sender of the mail had this in his setup.
But ispconfig should handle this case and not fail with this type of error.
Can an attacker manipulate this message-id in a way that a sql-injection is possible?
I don't want to post the whole mail-body, because it contains some sensitive data from my mail.log.
The mail-body looked like this (I replaced IPs, my hostnames and domains with example.com/examplehost and posted only relevant lines):
####mail-body-start#######################################################################################
05.01.2015-03:50 - WARNING - DB::query(REPLACE INTO monitor_data (server_id, type, created, data, state) VALUES (1, 'log_messages', UNIX_TIMESTAMP(), 's:14730:\"Jan 5 04:44:46 ....\n
Jan 5 04:44:47 examplehost postfix/cleanup[20328]: 49DEF78233E: message-id=<AC413-91496755-56732589-2015.01.05-12.44.36-mailbox#example.com@????-PC>\n
...
Jan 5 04:44:47 examplehost amavis[18961]: (18961-16) Passed SPAMMY {RelayedTaggedInbound}, [1.2.3.4]:24266 [1.2.3.4] <mailboxtcg@ibuythings.com> -> <mailbox@example.com>, Queue-ID: 2231A78233D, Message-ID: <AC413-91496755-56732589-2015.01.05-12.44.36-mailbox#example.com@\\302\\260\\303\\205\\302\\270\\302\\262-PC>, mail_id: OtxOcSTnSQU7, Hits: 15.973, size: 2191, queued_as: 49DEF78233E, 867 ms\n
...
Jan 5 04:44:47 examplehost dovecot: lda(info@example.com): sieve: msgid=<AC413-91496755-56732589-2015.01.05-12.44.36-mailbox#example.com@???-PC>: stored mail into mailbox \'INBOX\'\n
...
\";', 'no_state')) -> mysqli_query Incorrect string value: '\xC5?-PC>...' for column 'data' at row 1
####mail-body-end#########################################################################################
The error is: "mysqli_query Incorrect string value: '\xC5?-PC>...' for column 'data' at row 1"
So it looks like the SQL-REPLACE failed because of the UTF-8 string '\xC5?-PC>...'3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3451bastille firewall missing eno+ in Centos 7, its blocking all connections.2017-08-10T20:10:42Zjustin x.bastille firewall missing eno+ in Centos 7, its blocking all connections.Hi,
ISP3config 3 bastille firewall missing eno+ in Centos 7
Please add to the bastille firewall, here is the fix for anyone who has the firewall issue.
login to your server,
nano /usr/local/ispconfig/server/conf/bastille-fire...Hi,
ISP3config 3 bastille firewall missing eno+ in Centos 7
Please add to the bastille firewall, here is the fix for anyone who has the firewall issue.
login to your server,
nano /usr/local/ispconfig/server/conf/bastille-firewall.cfg.master
PUBLIC_IFACES="eth+ ppp+ slip+ venet+ bond+ eno+" # add eno+ at the end.
Hope it helps.
------------
Justin3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3449APS Installer package list duplicate entries2017-08-10T20:10:42ZTill BrehmAPS Installer package list duplicate entriesThe aps installer list contains sometimes duplicate entrys for a package (two different versions of the same package), when this happnes, none of the two packages is installable.The aps installer list contains sometimes duplicate entrys for a package (two different versions of the same package), when this happnes, none of the two packages is installable.3.1.7https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3442API function client_delete_everything does not delete domains associated with...2017-08-10T20:10:42ZHans-MartinAPI function client_delete_everything does not delete domains associated with a clientWhen calling client_delete_everything(), the domains connected to the sys_user entry of the client stay in the database.When calling client_delete_everything(), the domains connected to the sys_user entry of the client stay in the database.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3434Website Quota displays unlimited instead of quota size2017-08-10T20:10:42ZSilvano ZanchiWebsite Quota displays unlimited instead of quota sizeFirst of all, i am on the latest build (3.0.5.4p5), that was not selectable.
After creating a webdomain with quota (eg. 50 mb), the dashboard and the website quota (harddisk) view display unlimited instead of the real values. (admin a...First of all, i am on the latest build (3.0.5.4p5), that was not selectable.
After creating a webdomain with quota (eg. 50 mb), the dashboard and the website quota (harddisk) view display unlimited instead of the real values. (admin and client view)
I checked the db, the quotas are fine and saved. I also checked on the terminal with repquota -avug --> quotas are okay.
Can you tell me a way to check how the view loads those values and why they are wrong? (I am not sure if it is a bug, maybe i am just wrong?)
Thanks!https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3420Disable smtp checkbox in mailbox setting has no effect on courier servers2017-08-10T20:10:42ZTill BrehmDisable smtp checkbox in mailbox setting has no effect on courier serversDisable smtp checkbox in mailbox setting has no effect on courier servers as saslauthd uses pam smtp to authenticate users and pam does not respect the mysql setting.Disable smtp checkbox in mailbox setting has no effect on courier servers as saslauthd uses pam smtp to authenticate users and pam does not respect the mysql setting.3.1Florian SchaalFlorian Schaalhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3417reset queue error2017-08-10T20:10:42Zklondike-studioreset queue errorWhen you customize configuration files, or incorrectly entered data queue ispconfig stops.
To cancel and reset it through the admin interface is not possible.
The right button delete the entire queue of tasksWhen you customize configuration files, or incorrectly entered data queue ispconfig stops.
To cancel and reset it through the admin interface is not possible.
The right button delete the entire queue of taskshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3409404 to all mail config destinations on vanilla install debian wheezy2017-08-10T20:10:42ZMatthew Dresden404 to all mail config destinations on vanilla install debian wheezyUpon a fresh install of ispconfig as of Nov, 16th 2014, ISPConfig 3.0.5.4p5:
All links to and in the mail config link of the isp admin page and for clients 404.
When clicking any link under mail the page does not change from the la...Upon a fresh install of ispconfig as of Nov, 16th 2014, ISPConfig 3.0.5.4p5:
All links to and in the mail config link of the isp admin page and for clients 404.
When clicking any link under mail the page does not change from the last page and an empty pop up comes up with a time spinner and then disappears leaving the user on the last current page.
I have tried every link and captured the error log output for each.
I double checked the user permission and acls for the path to these php scripts, but again this is a fresh vanilla install.
Here is the log output
root@ispconfig.dresdencraft.com:/var/log/apache2
# cat other_vhosts_access.log | egrep -v '200|304|302' | sed -r 's/(.*])(.*)(Moz.*)/\2/'
"GET /mail/mail_domain_list.php HTTP/1.1" 404 571 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_domain_list.php HTTP/1.1" 404 571 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_domain_list.php HTTP/1.1" 404 571 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_aliasdomain_list.php HTTP/1.1" 404 575 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_user_list.php HTTP/1.1" 404 570 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_alias_list.php HTTP/1.1" 404 572 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_forward_list.php HTTP/1.1" 404 573 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_domain_catchall_list.php HTTP/1.1" 404 577 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_transport_list.php HTTP/1.1" 404 574 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_mailinglist_list.php HTTP/1.1" 404 573 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_mailinglist_list.php HTTP/1.1" 404 573 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/spamfilter_whitelist_list.php HTTP/1.1" 404 578 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/spamfilter_whitelist_list.php HTTP/1.1" 404 578 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/spamfilter_blacklist_list.php HTTP/1.1" 404 579 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/spamfilter_users_list.php HTTP/1.1" 404 575 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/spamfilter_policy_list.php HTTP/1.1" 404 576 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_get_list.php HTTP/1.1" 404 570 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_get_list.php HTTP/1.1" 404 570 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/user_quota_stats.php HTTP/1.1" 404 571 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/user_quota_stats.php HTTP/1.1" 404 571 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_user_stats.php HTTP/1.1" 404 571 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_whitelist_list.php HTTP/1.1" 404 572 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_whitelist_list.php HTTP/1.1" 404 572 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_blacklist_list.php HTTP/1.1" 404 573 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_content_filter_list.php HTTP/1.1" 404 577 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_relay_recipient_list.php HTTP/1.1" 404 577 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_domain_list.php HTTP/1.1" 404 571 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_domain_list.php HTTP/1.1" 404 571 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_aliasdomain_list.php HTTP/1.1" 404 575 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_user_list.php HTTP/1.1" 404 570 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_domain_list.php HTTP/1.1" 404 571 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_domain_list.php HTTP/1.1" 404 571 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_aliasdomain_list.php HTTP/1.1" 404 575 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_domain_list.php HTTP/1.1" 404 571 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_aliasdomain_list.php HTTP/1.1" 404 575 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_user_list.php HTTP/1.1" 404 3156 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_domain_list.php HTTP/1.1" 404 571 "https://ispconfig.dresdencraft.com:8080/index.php" "
"GET /mail/mail_user_list.php HTTP/1.1" 404 570 "https://ispconfig.dresdencraft.com:8080/index.php" "https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3407Bind slave file directory has wrong permissions2017-08-10T20:10:42ZTill BrehmBind slave file directory has wrong permissionshttp://www.howtoforge.com/forums/showthread.php?t=67573http://www.howtoforge.com/forums/showthread.php?t=675733.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3397Generated DKIM Selector has an invalid format2017-08-10T20:10:42ZDariusz KowalczykGenerated DKIM Selector has an invalid formathttp://dkimcore.org/specification.html
"A selector is a string of no more than 63 lower-case alphanumeric characters (a-z or 0-9) followed by a period “.”, followed by another string of no more than 63 lower-case alphanumeric characte...http://dkimcore.org/specification.html
"A selector is a string of no more than 63 lower-case alphanumeric characters (a-z or 0-9) followed by a period “.”, followed by another string of no more than 63 lower-case alphanumeric characters."3.1Florian SchaalFlorian Schaalhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3396check sql error message in log when databases are deleted.2017-08-10T20:10:42ZTill Brehmcheck sql error message in log when databases are deleted.https://www.howtoforge.de/forum/threads/fehlermeldung-beim-l%C3%B6schen-von-webseiten.8571/#post-43027https://www.howtoforge.de/forum/threads/fehlermeldung-beim-l%C3%B6schen-von-webseiten.8571/#post-430273.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3394SSL intermadiate certificate2017-08-10T20:10:42ZCédric CharletSSL intermadiate certificateHi,
Each update, i lost the configuration for the intermediate certificate in the /etc/apache2/sites-available/ispconfig.vhost file
It's possible to add a configuration for this file
ThaksHi,
Each update, i lost the configuration for the intermediate certificate in the /etc/apache2/sites-available/ispconfig.vhost file
It's possible to add a configuration for this file
Thakshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3392php-fpm brocken?2017-08-10T20:10:42Zalexalouitphp-fpm brocken?After migrating a chrooted vhost fast-cgi to php-fpm,
Apache vhost configuration seems ooks fine:
Action php5-fcgi /php5-fcgi
Alias /php5-fcgi /var/www/clients/client3/web3/cgi-bin/ph...After migrating a chrooted vhost fast-cgi to php-fpm,
Apache vhost configuration seems ooks fine:
Action php5-fcgi /php5-fcgi
Alias /php5-fcgi /var/www/clients/client3/web3/cgi-bin/php5-fcgi-*-80-x.com
FastCgiExternalServer /var/www/clients/client3/web3/cgi-bin/php5-fcgi-*-80-x.com -idle-timeout 300 -host 127.0.0.1:9012 -pass-header Authorization
</IfModule>
<IfModule mod_proxy_fcgi.c>
ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ fcgi://127.0.0.1:9012/var/www/clients/client3/web3/web/$1
</IfModule>
But the directory /var/www/clients/client3/web3/cgi-bin/ is empty, there should be a copy or symlink of /etc/php5/fpm/pool.d/web3.conf?
I haven't been able to find where is create the symbolic link/copy file, am I missing something?https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3391Cannot add a 'Aliasdomain for website' equal to a existing disabled website d...2017-08-10T20:10:42ZJustin AlbstmeijerCannot add a 'Aliasdomain for website' equal to a existing disabled website domainHi,
I expected to be able to disable the website domain "example.com" and than create a "example.com" 'Aliasdomain for website' poiting to an other website domain.
But then I get:
ERROR: There is already a website or sub / alias...Hi,
I expected to be able to disable the website domain "example.com" and than create a "example.com" 'Aliasdomain for website' poiting to an other website domain.
But then I get:
ERROR: There is already a website or sub / aliasdomain with this domain name.
Shouldn't disabled sites be ignored?
ps. I'm using 3.0.5.4p3 , had no time yet to upgrade.
Gr, Jhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3389SQL injection checker false positive alert in APS installer2017-08-10T20:10:42ZTill BrehmSQL injection checker false positive alert in APS installerhttp://www.howtoforge.com/forums/showthread.php?t=67337http://www.howtoforge.com/forums/showthread.php?t=673373.0.5.4p5https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3388apache vhost files are always generated with TCP for fpm2017-08-10T20:10:42Zsdafsadfsdapache vhost files are always generated with TCP for fpmUsing 3.0.5.4p4 vhost file is generated always for TCP, while fpm config respects the option. The problem is that by default that option is on, meaning that by default ISPConfig will generate invalid configuration files for PHP-FPM option.Using 3.0.5.4p4 vhost file is generated always for TCP, while fpm config respects the option. The problem is that by default that option is on, meaning that by default ISPConfig will generate invalid configuration files for PHP-FPM option.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3387.htaccess seems to take effect before ispconfig settings2017-08-10T20:10:42ZJason.htaccess seems to take effect before ispconfig settingsin the .htaccess for my Drupal website I have it set to redirect to www.
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
In my ispconf...in the .htaccess for my Drupal website I have it set to redirect to www.
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
In my ispconfig backend I have set "Aliasdomain for website"
to take old.domain.com and redirect to otherdomain.com
With those .htaccess rules I get www.old.domain.com which I do not have set up in my DNS so I get odd results.
Seems that those setting should send me over to the new domain before the .htaccess gets the chance to stick www. onto the domain name.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4106Mail quota sort by quota2020-10-30T20:24:24ZShafeekMail quota sort by quotaHello,
In the tab Statistics -> Mailbox Quota, we are unable to sort mailboxes by fields "Used Space" and "Used %". Sorting by other fields works great.
ISPConfig version 3.1 RC1.
Could someone check if they are encountering the sa...Hello,
In the tab Statistics -> Mailbox Quota, we are unable to sort mailboxes by fields "Used Space" and "Used %". Sorting by other fields works great.
ISPConfig version 3.1 RC1.
Could someone check if they are encountering the same issue?
Thanks
Shafeekhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3386mail_user_edit.php still has a code problem (related to client can set 0 for ...2017-08-10T20:10:43ZZsolt Radnaimail_user_edit.php still has a code problem (related to client can set 0 for quota)So before I updated to 3.0.5.4p3 the client could set its own quota to 0. I took some time and I figured out that the code is checking $this->oldDataRecord in onSubmit, but it will be set in onUpdate which is called from onSubmit later.
...So before I updated to 3.0.5.4p3 the client could set its own quota to 0. I took some time and I figured out that the code is checking $this->oldDataRecord in onSubmit, but it will be set in onUpdate which is called from onSubmit later.
After I installed 3.0.5.4p3 this has been fixed, but I see the problem still exists and it's been fixed by an added extra compare to $_POST['quota'] to make a workaround for the oldDataRecord check which is actually unnecessary:
169: if(isset($_POST["quota"]) && $client["limit_mailquota"] >= 0 && (($app->functions->intval($this->dataRecord["quota"]) * 1024 * 1024 != $this->oldDataRecord['quota']) || ($_POST["quota"] <= 0))) {
The only problem with this is that the $this->oldDataRecord is null, because it will be initialized later in onUpdate so this line of code can be simply replaced with this:
169: if(isset($_POST["quota"]) && $client["limit_mailquota"] >= 0) {
File: ispconfig/interface/web/mail/mail_user_edit.php3.1Florian SchaalFlorian Schaalhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3384Client DB credentials not escaped2017-08-10T20:10:43ZDaniel IancuClient DB credentials not escapedHello,
Upon updating a slave server to the new version (3.0.5.4p4), right after creating a backup, I received this error:
PHP Parse error: syntax error, unexpected '84' (T_LNUMBER) in /usr/local/ispconfig/server/lib/mysql_clientdb...Hello,
Upon updating a slave server to the new version (3.0.5.4p4), right after creating a backup, I received this error:
PHP Parse error: syntax error, unexpected '84' (T_LNUMBER) in /usr/local/ispconfig/server/lib/mysql_clientdb.conf on line 5
Opening the file, I realised that the problem was that the password was not escaped:
$clientdb_password = 'test'test';
when it must be:
$clientdb_password = 'test\'test';
Knowing that to fix it is very easy, I tried to create an account on gitlab (git.ispconfig.org).
I did received a confirmation e-mail saying "Account was created for you", but when I tried to log in it says "You have to confirm your account before continuing" (I tried with both my username and my email).
So, if you could please activate my account, I would be thankful (the username and the email address are the same as this account).
I have been using ISPConfig for a while now and I have to tell you that you've done a wonderful job, congratulations!
I would like to start developing on this project as well, I have some great ideas I want to implement.
I don't have time at all for it, but I love the project and the fact that is open source, makes me want to improve/contribute.
With this being sad, you too know the fix.
Just add the backslashes before storing the string. Use the php addslashes() function (http://php.net/manual/ro/function.addslashes.php).
Also, it needs to be corrected on systems that have the problem (loading the file as text and adding a slash).
I've set the severity to high (being used with the Debian severity tags) as it makes ISPConfig unable to use the client db connection (which plays a vital role, right?).
I'm also interested in the new IDS you've built (but I think I can have a look from gitlab, right?).
Best wishes, Daniel3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3383md5sum: /usr/local/ispconfig/server/temp/.ispconfig_lock: No such file or dir...2017-08-10T20:10:43ZDaniel Iancumd5sum: /usr/local/ispconfig/server/temp/.ispconfig_lock: No such file or directory, 3.0.5.4p4Hello,
Updating the slave servers to the new version (3.0.5.4p4), on one of them, after chosing to "Reconfigure Permissions in master database" and "Reconfigure Services", right after the mysql server restart, after "Checking for tabl...Hello,
Updating the slave servers to the new version (3.0.5.4p4), on one of them, after chosing to "Reconfigure Permissions in master database" and "Reconfigure Services", right after the mysql server restart, after "Checking for tables which need an upgrade, are corrupt or were not closed cleanly..", I get this error message:
md5sum: /usr/local/ispconfig/server/temp/.ispconfig_lock: No such file or directory
After it, "Update finished." is the final line.3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3382Bug with PHP-FPM configuration since 3.0.5.4 Patch 42017-08-10T20:10:43ZMaxime RouastBug with PHP-FPM configuration since 3.0.5.4 Patch 4Since the introduction of the Patch 4 I have noticed that when creating a website using "PHP-FPM" in the Domain tab and" Use Socket For PHP-FPM" in the Options tab the automatically generated Apache vhost file contains the wrong informat...Since the introduction of the Patch 4 I have noticed that when creating a website using "PHP-FPM" in the Domain tab and" Use Socket For PHP-FPM" in the Options tab the automatically generated Apache vhost file contains the wrong information:
it is wrongly configured to use the host to connect (-host 127.0.0.1:****) to the PHP-FPM "FastCgiExternalServer" directive.
Instead it should be using the socket to connect (using the directive -socket /var/lib/php5-fpm/web**.sock) on the "FastCgiExternalServer" line.
This misconfiguration of the Apache vhost file results in HTTP 500 errors because Apache could not connect to the PHP server.
This problem did not happen with Patch 3 but only since Patch 4.
Changing the directive by hand back to host it should be (using the directive -socket /var/lib/php5-fpm/web**.sock instead of -host 127.0.0.1:****) and restarting Apache2 and PHP-FPM resolves the problem.
OS: Ubuntu 14.04LTS3.0.5.4p5https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3379apps_instance_setting database storing details in plain text2017-08-10T20:10:43ZMatt Dinsdaleapps_instance_setting database storing details in plain textI was just browsing through the ispconfig database files and came across something rather disturbing. When a client has used the apps installer to setup wordpress, joomla or other available app the details are stored in plain text!! I ca...I was just browsing through the ispconfig database files and came across something rather disturbing. When a client has used the apps installer to setup wordpress, joomla or other available app the details are stored in plain text!! I can read usernames and passwords without even thinking about cracking! (not that i would want to anyway)
I see this as somewhat a bit of a security vulnerability especially if the database were to become compromised, can it be set so that it at least gets run through md5 before being stored3.0.5.4p4https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3377openvz container wont boot after new mounts added to fstab2017-08-10T20:10:43ZDavid Temesopenvz container wont boot after new mounts added to fstabUbuntu 12.04.5 LTS (Precise Pangolin)) ISPConfig 3.0.5.4p3
This machine running inside a vz container in a proxmox environment wont boot after the additions to the fstab done by ispconfig. Deleting or commenting the new mounts the mac...Ubuntu 12.04.5 LTS (Precise Pangolin)) ISPConfig 3.0.5.4p3
This machine running inside a vz container in a proxmox environment wont boot after the additions to the fstab done by ispconfig. Deleting or commenting the new mounts the machine boots just fine.3.0.5.4p4https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3371Server stops at boot with _netdev mount option in fstab on a Ubuntu 12.04 server2017-08-10T20:10:43ZTill BrehmServer stops at boot with _netdev mount option in fstab on a Ubuntu 12.04 serverhttps://www.howtoforge.de/forum/threads/system-bootet-nicht-fstab-fehler.8492/#post-42440https://www.howtoforge.de/forum/threads/system-bootet-nicht-fstab-fehler.8492/#post-42440https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3370SSH passwords with special chars not working on first try2017-08-10T20:10:43ZFalko Timmef.timme@timmehosting.deSSH passwords with special chars not working on first tryWhen you create an SSH user with speciual chars in the password, login does not work. If you edit the user and set the same password again in ISPConfig, then logins work.When you create an SSH user with speciual chars in the password, login does not work. If you edit the user and set the same password again in ISPConfig, then logins work.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3369Apache should use SSLCertificateChainFile instead of SSLCACertificateFile2019-01-02T12:29:52ZJulianApache should use SSLCertificateChainFile instead of SSLCACertificateFileISPconfig uses SSLCACertificateFile for SSL bundle certificates.
The Apache documentation prefers SSLCertificateChainFile:
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatechainfile
Is there a reason why SSLCACert...ISPconfig uses SSLCACertificateFile for SSL bundle certificates.
The Apache documentation prefers SSLCertificateChainFile:
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatechainfile
Is there a reason why SSLCACertificateFile is used?3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3368Interface SSL keys should be owned by root2017-08-10T20:10:43ZJulianInterface SSL keys should be owned by rootthe folder /usr/local/ispconfig/interface/ssl/ should not have a SETGID-BIT set.
because of this the ssl key for the ispconfig interface is owned by ispconfig:ispconfig (should be root:root). www-data is a member of the group ispconfi...the folder /usr/local/ispconfig/interface/ssl/ should not have a SETGID-BIT set.
because of this the ssl key for the ispconfig interface is owned by ispconfig:ispconfig (should be root:root). www-data is a member of the group ispconfig which could lead to a security problem.3.0.5.4p4https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3367htaccess deny/allow overruled by default config in vhost2017-08-10T20:10:43ZBart Dorlandthtaccess deny/allow overruled by default config in vhostHi,
the default config generated in the vhost config has the below on both directories (physical and symlink):
AllowOverride All
Order allow,deny
Allow from all
If I wish to use the following configuration in the hta...Hi,
the default config generated in the vhost config has the below on both directories (physical and symlink):
AllowOverride All
Order allow,deny
Allow from all
If I wish to use the following configuration in the htaccess, it wouldn't work because this has already been parsed.
order deny,allow
deny from all
allow from 92.111.222.233
thanks in advance.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3366Zend php configuration seen as invalid settings2017-08-10T20:10:43ZBart DorlandtZend php configuration seen as invalid settingsIn the previous version i had the following added to the 'Custom php.ini settings'. In the latest version this gives an error.
----
[Zend]
zend_extension="/etc/apache2/Zend/lib/ioncube_loader_lin_5.4.so"
----
Giving the followin...In the previous version i had the following added to the 'Custom php.ini settings'. In the latest version this gives an error.
----
[Zend]
zend_extension="/etc/apache2/Zend/lib/ioncube_loader_lin_5.4.so"
----
Giving the following error:
----
ERROR
Invalid php.ini settings
----https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3365sites_database_add doesn't set the sys_groupid parameter2017-08-10T20:10:43ZMaurus Caflischsites_database_add doesn't set the sys_groupid parameterThe Remote-API-Function sites_database_add doesn't set the sys_groupid.
Issue 1: Databases created over the API for a Client can't be deleted recursively with the Client.
Issue 2: Remote Function client_get_by_username din't work fo...The Remote-API-Function sites_database_add doesn't set the sys_groupid.
Issue 1: Databases created over the API for a Client can't be deleted recursively with the Client.
Issue 2: Remote Function client_get_by_username din't work for Databases created over the API.
Because of no entry in the database.tform.php there is no workaround to set it over the submitted parameters.
In the remoting.lib.php is a call $app->sites_database_plugin->processDatabaseInsert($this); who seems to do something about sys_groupid, but all the code in the sites_database_plugin.php is commented out.3.0.5.4p4Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3363Admin re-login after change admin password fails2017-08-10T20:10:43ZMaurus CaflischAdmin re-login after change admin password failsIn the same browser-session:
- Login as admin
- Change the admin password
- Go to client-module
- Log in as different user over the 'Log in as'-Button
- Log out the user
- Choose the 're-login as admin'-button
The relogin-proce...In the same browser-session:
- Login as admin
- Change the admin password
- Go to client-module
- Log in as different user over the 'Log in as'-Button
- Log out the user
- Choose the 're-login as admin'-button
The relogin-process will fail. Also the login with the changed credentials will fail after the unsuccessful relogin.
The only way is to completely logout the user and login as admin again.3.0.5.4p4Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3361Can't update Joomla on ISPConfig2017-08-10T20:10:43ZDenis MakarovCan't update Joomla on ISPConfigHi! I'm installed Joomla 3.3.3 on ISPConfig and want to update it to 3.3.4. But when I'm trying to update, I have error: ERROR:
AJAX Loading Error: Internal Server Error
In logs:
tail ~/log/error.log
Mon Sep 29 14:49:50.175528 ...Hi! I'm installed Joomla 3.3.3 on ISPConfig and want to update it to 3.3.4. But when I'm trying to update, I have error: ERROR:
AJAX Loading Error: Internal Server Error
In logs:
tail ~/log/error.log
Mon Sep 29 14:49:50.175528 2014] [fcgid:warn] [pid 19778] (104)Connection reset by peer: [client 89.169.143.161:42771] mod_fcgid: error reading data from FastCGI server, referer: https://sageit.ru/administrator/index.php?option=com_joomlaupdate&task=update.install
[Mon Sep 29 14:49:50.175593 2014] [core:error] [pid 19778] [client 89.169.143.161:42771] End of script output before headers: restore.php, referer: https://sageit.ru/administrator/index.php?option=com_joomlaupdate&task=update.install
If I install Joomla on LAMP without ISPConfig - Joomla updates correct.
Please, fix this problem.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3359Installer fails to create smtpd.cert2017-08-10T20:10:43ZJonathan SloanInstaller fails to create smtpd.certHey guys,
Just wanted to say that the software is awesome. But with the patch being installed on a fresh centos box it appears that the smtpd.cert for dovecot is not created, which causes the service to fail to start/restart.Hey guys,
Just wanted to say that the software is awesome. But with the patch being installed on a fresh centos box it appears that the smtpd.cert for dovecot is not created, which causes the service to fail to start/restart.3.0.5.4p4https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3358chattr breaks web reconfiguration on NFS shares even if protection is disabled2017-08-10T20:10:43ZChristoph Keplerchattr breaks web reconfiguration on NFS shares even if protection is disabledI get the error in /var/log/ispconfig/cron.log
chattr: Unpassender IOCTL (I/O-Control) für das Gerät beim Lesens der Flags in /var/www/clients/client1/web14
Which translates to "Inappropriate ioctl for device While reading flags on...I get the error in /var/log/ispconfig/cron.log
chattr: Unpassender IOCTL (I/O-Control) für das Gerät beim Lesens der Flags in /var/www/clients/client1/web14
Which translates to "Inappropriate ioctl for device While reading flags on".
The reason is, that the web root are mounted as NFS share. NFS doesn't support chattr.
As I read in http://www.howtoforge.com/forums/archive/index.php/t-64205.html, this security feature seems to be new in ISPConfig 3.0.5.4
I also read, that I can disable this feature in Server -> Web -> Permissions. But this error occures even, if the option is disabled:
[web]
security_level=10
set_folder_permissions_on_update=n
web_folder_protection=n
What can I do?https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3355New gtld - regex issue while defining alias emaildomains2017-08-10T20:10:43ZSebastian StelmasikNew gtld - regex issue while defining alias emaildomainsHi.
while trying to assign an alias emaildomain for an customer I found an issue in the reqex checking domain name validity (length):
./ispconfig/interface/web/mail/form/mail_aliasdomain.tform.php:89
'regex' => '/^\@[\w\.\-]{2,64...Hi.
while trying to assign an alias emaildomain for an customer I found an issue in the reqex checking domain name validity (length):
./ispconfig/interface/web/mail/form/mail_aliasdomain.tform.php:89
'regex' => '/^\@[\w\.\-]{2,64}\.[a-zA-Z0-9\-]{2,10}$/',
The domain of my customer had 11 chars .photography, so I change it to:
'regex' => '/^\@[\w\.\-]{2,64}\.[a-zA-Z0-9\-]{2,20}$/',
I don't know the length limits for the new tlds, but 10 chars is def. not enough. You should check that and extend it in future releases.
Best regards,
Sebastian Stelmasik3.0.5.4p4https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3353Application install error2017-08-10T20:10:43ZNickApplication install errordyt[ I try to install a some aaps oh a hosting account, have an error in a log:
PHP Warning: mysql_connect(): Access denied for user 'c287aps1'@'localhost' (using password: YES) in /var/www/clients/client287/web499/web/install_script...dyt[ I try to install a some aaps oh a hosting account, have an error in a log:
PHP Warning: mysql_connect(): Access denied for user 'c287aps1'@'localhost' (using password: YES) in /var/www/clients/client287/web499/web/install_scripts/db-util.php on line 66
Unable to connect to DB: Access denied for user 'c287aps1'@'localhost' (using password: YES)
as I see, install application script can't add a database or dbuser, because all application files unzipper properly.
at "wordpress" variant wp-config.php can't be created too (may be because db/dbuser can't properly configured)
(svn version)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3350Limit-tamplate no function2017-08-10T20:10:43ZAndres MejiaLimit-tamplate no functionWhen create limit-template and assing to client, this limit not set. if configuration a template with 61440MB (60GB) the The hard disk limit found unlimited.When create limit-template and assing to client, this limit not set. if configuration a template with 61440MB (60GB) the The hard disk limit found unlimited.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3348getting "error_no_server_id" on dns wizard dkim module on master2017-08-10T20:10:44ZDanielgetting "error_no_server_id" on dns wizard dkim module on masterIn
I’m having an error error_no_server_id
In code:
...
} else {
$settings = $app->getconf->get_global_config('dns');
$server_id = $app->functions->intval($settings['default_dnsserver']);
$post_server_id = false;
}
...
...In
I’m having an error error_no_server_id
In code:
...
} else {
$settings = $app->getconf->get_global_config('dns');
$server_id = $app->functions->intval($settings['default_dnsserver']);
$post_server_id = false;
}
...
If client only have one server $post_server_id is set automatic to false because there is no $_POST['server_id']
Line 49 to 59
In line 203 if cause
if post is false the is an error and dont allow client to proceed with wizard...
Best regards3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3346No error reporting from sysuser & sysgroup validation (SOAP)2017-08-10T20:10:44ZGeoffNo error reporting from sysuser & sysgroup validation (SOAP)check_sysuser() & check_sysgroup() (in class validate_systemuser) return only "<br>\r\n" when the 'system_user' or 'system_group' is invalid during a SOAP call (e.g. to sites_web_domain_add()).
This means the error returned by SOAP is...check_sysuser() & check_sysgroup() (in class validate_systemuser) return only "<br>\r\n" when the 'system_user' or 'system_group' is invalid during a SOAP call (e.g. to sites_web_domain_add()).
This means the error returned by SOAP is the unhelpful :
++++++++
SOAP Error: <br>
++++++++
This is because these fns are missing the conditional test for 'wordbook' language translation; i.e.
return $app->tform->wordbook[$errmsg]."<br>\r\n";
should be :
if(isset($app->tform->wordbook[$errmsg])) {
return $app->tform->wordbook[$errmsg]."<br>\r\n";
} else {
return $errmsg."<br>\r\n";
}
as per the other functions in this class.
Thanks3.0.5.4p4