MariaDB 10.3 launched

Hi,

The Webuzo Team has launched MariaDB 10.3 the latest version in the 10.x series.

Maria DB is an open-source alternative to MySQL by the original developer of MySQL.

Get more info on the Maria DB project at the following link: MariaDB Org

You can check if Maria DB fits your needs or not by checking the Release Notes & Change Logs

Upgrades from the following versions of MySQL and MariaDB is allowed:

MySQL – 5.5 – 5.6
Maria DB – 5.5, 10.0 – 10.2

And of course, you can install Maria DB 10.3 as a fresh installation.

Note: After Upgrading or Installing Maria DB 10.3 you cannot downgrade to any version of MySQL or MariaDB

Let me know if you have any questions in the comment section.

Regards,
The Webuzo Team

How to configure Mod Security with Apache 2.2

Hi,

ModSecurity™ is a web application firewall engine that provides protection from XSS attacks as well as SQL injection attacks.

Before starting the configuration please make sure you have git installed, if you don’t have installed it on your server, install it via the following command:
For Ubuntu:

apt-get install git

For Cent OS:

yum install git

Follow the below steps to configure:

  • First the Download the rules required for ModSecurity™ configuration via following link:
    git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
  • Navigate into the downloaded directory. Rename crs-setup.conf.example to crs-setup.conf. Then move the rules/ directory as well as the crs-setup.conf file to the Apache configuration directory.
    cd owasp-modsecurity-crs
    mv crs-setup.conf  /usr/local/apps/apache/etc/conf.d/
    mv rules/ /usr/local/apps/apache/etc/conf.d
  • Create a file named security.conf in the Apache Configuration Directory: /usr/local/apps/apache/etc/conf.d/ and add the following content
    LoadModule security2_module modules/mod_security2.so
    LoadModule unique_id_module modules/mod_unique_id.so
    
    <IfModule security2_module>
            SecDataDir /var/cache/modsecurity
            Include /usr/local/apps/apache/etc/conf.d/rules/*.conf
    </IfModule>
  • Finally create a configuration file named mod_security.conf in the Apache Configuration Directory: /usr/local/apps/apache/etc/conf.d/ for the module itself, add the following content to the file
    Content for mod_security.conf
  • Now restart Apache to load all the configuration files using the following command:
    service httpd restart

Testing the configuration :

Once everything is configured properly, test mod_security module by sending some malicious requests to Apache web server and see if the requests are being blocked or not.

Visit the following URL in the browser

 http://your-doamin/?q="><script>alert(1)</script> 

You should see a 403 Forbidden response displayed by the browser.



403 Forbidden

Forbidden

You don't have permission to access / on this server.


Apache Server at {YOUR_IP} Port 80

Note: Please make sure you have index.php or index.html in the root directory of your domain

Webuzo System Application: MySQL (5.5 – 5.6) Updated

Hi,

The Webuzo team has launched updated version of MySQL in 5.5 & 5.6 branch.

Change log for MySQL 5.5.60 can be checked at the following link:
https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html

Change log for MySQL 5.6.40 can be checked at the following link:
https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-40.html

Let me know in the comments if you are facing any issues with the upgrade, I will try to answer as many as I can.

Regards,
The Webuzo Team

Webuzo System Applications : PHP (5.6 – 7.2) Updated

Hi,

The last update to the all the PHP versions was supposed to fix the Hard Reboot issue if PHP was running as a FPM service.

Due to a bug the issue was not fixed and it continued to exist, today after reviewing the bug the team has launched all the PHP versions with updated service file to fix the Hard Reboot issue.

If you have installed multiple PHP version’s we encourage you to update all the PHP’s instead of the default one as the fix requires all the PHP’s installed on your server to have the updated service for the fix to work correctly.

Lastly, we have an version update for PHP 7.2:
Change log for PHP 7.2 can be checked at the following link:
http://sg2.php.net/ChangeLog-7.php#7.2.7

We hope this update fixes most of the 50x errors encountered for your websites.

Let me know in the comments if you are facing any issues with the upgrade or want to know more about the new service file, I will try to answer as many as I can.

Regards,
The Webuzo Team

Webuzo System Application: phpMyAdmin 4.8.2 Launched

Hi,

The Webuzo Team has launched phpMyAdmin 4.8.2 the latest version in the release branch.

Please check the change log below:

The urgent vulnerability allows an authenticated attacker to exploit a phpMyAdmin feature to show and potentially execute files on the server. PHP open_basedir restrictions mitigate the effect of this flaw. For further details, see the PMASA announcement.

A second flaw was also fixed allowing an attacker to use a specially crafted database name to trick a user in to executing a cross-site scripting (XSS) attack in the Designer feature.

In addition to the security fixes, this release also includes these bug fixes as part of our regular release cycle:

  • WHERE 0 clause causes a fatal error
  • Fix missing “INDEX” icon

Known issues:

  • Unable to log in with MySQL 8.0.11 (bug #14220, see also https://bugs.php.net/bug.php?id=76243)
  • A few users have reported being unable to log in with a persistent error message “Failed to set session cookie. Maybe you are using HTTP instead of HTTPS”. In some cases, clearing the phpMyAdmin cookies (‘pma*’) resolves the issue.

If you have any questions regarding the upgrade or any issues after upgrade let me know in the comments.

Regards,
The Webuzo Team

Webuzo System Application: Exim and Dovecot updated

Hi,

We are glad to announce that we have added SSL/TLS as well as SMTP AUTH support for Exim and Dovecot.

By default the self-signed certificate generated by Webuzo will be used to configure SSL/TLS but if you are using any 3rd party or Let’s Encrypt certificate for Webuzo panel then that certificate will be used.

We have also enabled SMTP AUTH by default so that all accounts must verify themselves with the mail server before sending any emails.

You can refer this guide to configure your email account with Thunderbird:
https://www.webuzo.com/wiki/Email_Account_Mozilla_Thunderbird

And refer this link to configure your email account with Outlook:
https://www.webuzo.com/wiki/Email_Account_Outlook

We will be adding more guides in the coming weeks for Web-based email clients like: WebMail Lite, RoundCube and RainLoop

The Next release of Webuzo i.e 2.7.1 will include a GUI manager to configure certificates for Email SSL/TLS.

Let me know if you have any questions in the comment section, I will try to answer as many as I can.

Regards,
The Webuzo Team

Webuzo System Applications : PHP (5.6 – 7.2) Updated

Hi,

The Webuzo Team has updated the PHP’s provided with Webuzo with internal configuration changes as well as version update.

PHP 5.6 and 7.0 :
5.6 and 7.0 don’t have any version updates but we have included a new service file for PHP-FPM which fixes an issue where the service won’t start after hard reboot.

PHP 7.1 and 7.2
7.1 and 7.2 receive minor version update as well as the new service file to fix start-up issues.

Change log for PHP 7.1 can be checked at the following link:
http://sg2.php.net/ChangeLog-7.php#7.1.18

Change log for PHP 7.2 can be checked at the following link:
http://sg2.php.net/ChangeLog-7.php#7.2.6

We hope this update fixes most of the 50x errors encountered for your websites.

Let me know in the comments if you are facing any issues with upgrade or want to know more about the new service file, I will try to answer as many as I can.

Webuzo System Application phpMyAdmin 4.8.1 Launched

Hi,

The Webuzo Team has launched phpMyAdmin 4.8.1 the latest version in the release branch.

Please check the change log below:

* Fix to the scrollbar functionality and Browse table CSS overflow
* Dropping indexes and keys fails
* Show two factor (2FA) secret code next to QR image
* Configuration for DefaultLang and Lang
* MariaDB 10.2 ‘current_timestamp()’
* Remember table sorting is broken

If you have any questions regarding the upgrade or any issues after upgrade let me know in the comments.

Regards,
The Webuzo Team

MySQL 5.7 launched

Hi,

The Webuzo team has launched MySQL 5.7 the latest version in the 5.x series.

You can read about the new features added, deprecated and changed in MySQL 5.7 at the Official Website

Since MySQL 5.7 incorporates number of changes to the Database structure as well as the Password mechanism please consider the following points before installing:

  • Currently, We are not providing upgrades to MySQL 5.7 from any version of MySQL, Percona or MariaDB.
  • Only Fresh installation’s of MySQL 5.7 are allowed, so If you have an existing Database then you may not be able to install MySQL 5.7
  • During the initial launch MySQL 5.7 will be available on Cent OS and gradually support will be rolled out on Ubuntu
  • Since we are installing MySQL 5.7 from the Vendor’s repo itself, MySQL will update itself whenever the OS updates.

For existing user’s using MySQL 5.6 we will provide an upgrade mechanism in a future release, so stay tuned.

Let me know if you have any questions in the comment section.

Regards,
The Webuzo Team

Webuzo 2.7.0 Launched

Hi,

The Webuzo Team has released Webuzo 2.7.0.
This version introduces a major new Feature and some improvements.

Features:

1) Remote Backup and Restore support added in Webuzo.

2) Added Quick Install option for scripts which will ask minimal install options and use the default values for the remaining options. This is added for a quick installation experience. Admin can set Quick Install option as the default install option from Webuzo Admin Panel -> Settings page.

3) Added option to backup installations to Google Drive. Google Drive backup location can be added from the add backup location page. Click here for guide.

4) Endusers can now select what to backup while upgrading an installation from Softaculous Enduser Panel i.e. Full Backup, Backup Files, Backup Database, etc.

Improvements:

5) Added support for Tomcat 8 configuration.

6) Space usage for all email accounts will be cached to reduce page load time.

7) Now you will be able to configure CRON Jobs on even-odd days.

8) Added a notice on the script install form for the scripts that are not updated for more than 2 years. This is to make sure that the user is aware before installing the script that the script has not been updated for long time. Admins can disable the outdated scripts from Webuzo Admin Panel -> Software page.

9) Allowed to use . (dot) in the data directory name for scripts that need a non web accessible data directory. This will let users make the data directory a hidden directory.

10) When redirecting a user to the SitePad editor server it will check the language selected in Webuzo and by default that language will be selected in SitePad.

Bug Fixes:

11) Minor navigation fix for universal search bar.

12) Fixed an issue where Squirrel Mail login used to fail with the following error : “0: php_network_getaddresses: getaddrinfo failed: Name or service not known”

13) If PHP 7.2 was the only installed PHP then Apache Web Server was unable to run under suPHP and FastCGI. This is fixed now

14) Remote Import was not working for scripts that had data directory e.g. Moodle. This is fixed now.

15) The Related Scripts section on the script overview page did not load properly in Chrome and Opera. This is fixed now.

App Updates:

16) Added support for Ubuntu 16.04 LTS in MariaDB 10.0 and 10.1

17) We have added Python 3 with PiP and SSL support.

18) Updated Django to the latest version. Refer this Guide to create a starter project.

19) Updated ImageMagick to the latest version and added support for PNG delegate.

The upcoming version will bring more exciting UI Changes, features and changes.

Regards,
The Webuzo Team