Sorry has been installed and configured for weeks, just doesn't seem to work !!!

I'm from the hosting business and I know how to administer a server!

KrzysztofMaciejewski Nice that you want to help, but to make everyone look as if they were the first day in busines

    Domain has been changed!
    server
    {
    listen 80;
    listen 443 ssl http2;
    server_name solutions.de aapan.solutions.de *.solutions.de;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/solutions.de;
    if ($allowed_country = yes) { return 403; }
    #SSL-START SSL related configuration, do NOT delete or modify the next line of commented-out 404 rules
    #error_page 404/404.html;
    limit_conn perserver 400;
    limit_conn perip 15;
    limit_rate 1024k;
    #HTTP_TO_HTTPS_START
    if ($server_port !~ 443){
    rewrite /.*$ https://$host$1 permanent;
    }
    #HTTP_TO_HTTPS_END
    ssl_certificate /www/server/panel/vhost/cert/solutions.de/fullchain.pem;
    ssl_certificate_key /www/server/panel/vhost/cert/solutions.de/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    error_page 497 https://$host$request_uri;

    #SSL-END
    #Directory protection rules, do not manually delete
    include /www/server/panel/vhost/nginx/dir_auth/solutions.de/*.conf;
    
    #ERROR-PAGE-START  Error page configuration, allowed to be commented, deleted or modified
    #error_page 404 /404.html;
    #error_page 502 /502.html;
    #ERROR-PAGE-END
    
    #PHP-INFO-START  PHP reference configuration, allowed to be commented, deleted or modified
    ##SECURITY-START Hotlink protection configuration
    location ~ .*\.(jpg|jpeg|gif|png|js|css)$
    {
        expires      30d;
        access_log off;
        valid_referers none blocked aapan.solutions.de solutions.de *.solutions.de;
        if ($invalid_referer){
           return 404;
        }
    }
    #SECURITY-END
    include enable-php-73.conf;
    #PHP-INFO-END
    
    #REWRITE-START URL rewrite rule reference, any modification will invalidate the rewrite rules set by the panel
    include /www/server/panel/vhost/rewrite/solutions.de.conf;
    #REWRITE-END
    
    # Forbidden files or directories
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
    {
        return 404;
    }
    
    # Directory verification related settings for one-click application for SSL certificate
    location ~ \.well-known{
        allow all;
    }
    
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires      30d;
        error_log on;
        access_log on;
    }
    
    location ~ .*\.(js|css)?$
    {
        expires      12h;
        error_log on;
        access_log on; 
    }
    access_log  /www/wwwlogs/solutions.de.log;
    error_log  /www/wwwlogs/solutions.de.error.log;

    CQT Hey man, I am assuming that the reason you are getting all of these attacks from China is because that's where the CP is from, and it looks to be very popular there. They probably scan the internet for certain footprints of the server and just try to get in any way they can. It doesn't look/sound like it's an issue of security of the software, just that it's targeted. Are you not using Cloudflare?

    • CQT likes this.

    This is exactly my concern that CP comes from China and is misused to attack servers. Not all of our customers use Cloudflare. It is still possible to stretch the IPs of the servers on which the CP is installed and that is exactly what I consider to be very dangerous.

    iam runing aapanel on 3 servers i never had any attacks from china but still jose is going to give solution on this..

      We have installed it on VPS for our customers well over 100 installations, until a few days everything was fine, for a few days we have been attacked continuously and the customers are freaking out. Now we are gradually changing everything over to a different panel, but we are leaving our test server running and installed a different test server 3 days ago but with a different IP range, so we took completely separate data centers and did it again same problem. There are only domains active, but also no content on the websites, so that no Wordpress or the like is installed, so it can not come, server itself is absolutely clean, a CENTOS 7 and 8, but we can all attacks up to China and trace 2% of Russia.

      JAY I hope so, because Plesk is worse and costs too much money in licenses. We don't want to save on security, but open source is better.

      10 days later

      <div class="copyright">Copyright © 2014-2099 <a href="http://www.bt.cn" target="blank">{{data['lan']['BT']}}</a>{{data['lan']['PS1']}}(<a href="http://www.bt.cn" target="blank">www.bt.cn</a>) All Rights Reserved</div>

      If the question arises as to why the data logger must be present in the copyrights, all data can be recorded.
      From then on, passwords username and other data are recorded.

      Yes just stupid that this is already in Install.html and records everything before Fail2ban

      default sql: INSERT INTO users (id, username, password, login_ip, login_time, phone, email) VALUES
      (1, 'admin', '21232f297a57a5a743894a0e4a801fc3', '192.168.0.10', '2016-12-10 15:12:56', 0, '287962566@qq.com');

        KrzysztofMaciejewski <div class = "copyright"> Copyright © 2014-2099 <a href=" http://www.bt.cn "target=" blank"> {{data ['lan'] ['BT']}} < / a> {{data ['lan'] ['PS1']}} (<a href=" http://www.bt.cn "target=" blank"> www.bt.cn </a>) Alle Rechte vorbehalten </ div>

        ( {{data ['lan'] ['BT']}} < / a> {{data ['lan'] ['PS1']}} ) =Keylogger

        And this line creates a user in the DB, like 287962566@qq.com, which is not deleted. Thus, the user has constant access to aaPanel

        default sql: INSERT INTO users (id, username, password, login_ip, login_time, phone, email) VALUES
        (1, 'admin', '21232f297a57a5a743894a0e4a801fc3', '192.168.0.10', '2016-12-10 15:12:56', 0, '287962566@qq.com');

          CQT

          Now I was extremely worried!

          Are you saying that aaPanel developers can access all content on installed servers?

          I can't say yet and I won't, but the lines make me think! First I want to have a statement from aaPanel_Jose, it can also be corpses, but why should one leave such corpses. In addition, we have not yet examined the entire script

            due to code is open on github we can invite pentesters to check vulnerabilities and tracking info i know few blackhat hackers i will invite them to do a pentest the web application

            CQT
            emmm, this is the file used when the database is initialized or the database is damaged. It will not be automatically called and needs to be executed manually.

            In addition, It is impossible for us to collect user login information. We take the privacy of each user very seriously

            The development of the shielding country function of the system firewall is nearing completion. Will be released soon~

              aaPanel_Jose

              thank you Jose for the answer.

              What about this line?

              <div class="copyright">Copyright © 2014-2099 <a href="http://www.bt.cn" target="_blank">{{data['lan']['BT']}}</a>{{data['lan']['PS1']}}(<a href="http://www.bt.cn" target="_blank">www.bt.cn</a>) All Rights Reserved</div>

              {{data ['lan'] ['BT']}} < / a> {{data ['lan'] ['PS1']}}

                CQT
                This is a front-end template for python, is there any problem?