The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_ssl and FrontPage out of date?

Discussion in 'General Discussion' started by BianchiDude, Apr 4, 2008.

  1. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    16
    When I click on news in WHM, it says mod_ssl and FrontPage out of date and has the open lock?

    mod_ssl 2.8.27 2.2.8
    FrontPage FrontPage/5.0.2.2635.SR1.2 5.0.2.2635

    How can I update those?

    I tried
    yum -y update
    /scripts/upcp
    /scripts/easyapache

    HELPPP!!!
     
  2. J-DOG

    J-DOG Registered

    Joined:
    Nov 4, 2007
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    me 2 i also need this fix, I run apache 2 ? is that why its not updating? ive been looking for a while still cant find a fix. Ive unistalled the fronatpage via ssh and then re-install in apache, Ran updates, still nothing..

    I have full root access!

    i checked my installed version of frontpage and it shows - frontpage-2002-SR1.2

    But on my "news" section of WHM it says the version thats installed is - 5.0.2.2635
     
    #2 J-DOG, Apr 6, 2008
    Last edited: Apr 6, 2008
  3. PPNSteve

    PPNSteve Well-Known Member

    Joined:
    Mar 13, 2003
    Messages:
    393
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Somewhere in Ilex Forest
    cPanel Access Level:
    Root Administrator
    Twitter:
    ditto here too.. took mod_ssl out of the do not update list in up2date but still its 2.2.8 and unlocked (even after a forced update (it STILL shows not updatable and even a lower version as well!)
    Code:
    The following Packages were marked to be skipped by your configuration:
    
    Name                                    Version        Rel  Reason
    -------------------------------------------------------------------------------
    httpd                                   2.0.46         70.entPkg name/pattern
    kernel                                  2.4.21         53.ELPkg name/pattern
    kernel-pcmcia-cs                        3.1.31         19   Pkg name/pattern
    kernel-smp                              2.4.21         53.ELPkg name/pattern
    kernel-source                           2.4.21         53.ELPkg name/pattern
    [B]mod_ssl                                 2.0.46         70.entPkg name/pattern[/B]
    perl                                    5.8.0          97.EL3Pkg name/pattern
    php-imap                                4.3.2          43.entPkg name/pattern
    php-ldap                                4.3.2          43.entPkg name/pattern
    
    any ideas or suggestions?
     
  4. VeroHost

    VeroHost Member

    Joined:
    Apr 2, 2007
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    I have this same issue ... It says its not secure ive updated apache but this did not fix it...


    Latest Version My Version
    FrontPage FrontPage/5.0.2.2635.SR1.2 5.0.2.2635
    mod_ssl 2.8.27 2.2.8


    Anyone want to help?
     
  5. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    I'm pretty sure the mod_ssl on a 2.0 or 2.2 box is identical to the apache core version as its now part of apache and not an add-on as it was in 1.3.

    I think the warning is actually a misread and shouldnt even be compared.

    The Frontpage thing is a real concern as the exploit is well known and attackers can hack your machine if they figure out that you are not upgraded.
     
  6. VeroHost

    VeroHost Member

    Joined:
    Apr 2, 2007
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Well are you going to tell me how us how to upgrade? I can't remember where to upgrade those at..
     
  7. handsonhosting

    handsonhosting Well-Known Member

    Joined:
    Feb 17, 2002
    Messages:
    151
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Omaha, NE
    cPanel Access Level:
    Root Administrator
    mod_frontpage shouldn't even be used any more. This is out of date software that will fail PCI scans by Comodo and ControlScan's PCI checks.

    The software is no longer being maintained, and should be removed. If you still have FrontPage users (which many of us still do), you'll want to enable the WebDav extensions instead and users can use those instead of mod_frontpage.

    Frontpage is no longer being developed, PCI Compliance basically states if it's no longer being developed (or supported) then it should be removed and not used as it's possibly vulnerable to hacks etc.
     
  8. VeroHost

    VeroHost Member

    Joined:
    Apr 2, 2007
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    *sigh* makes post without any type of how to... why even bother posting if you dont tell how to do some thing *sigh*
     
  9. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Keep in mind that if you are running a RH based system (centos included) that they regularly patch items and do not update the version number. So despite the fact that it looks like you are out of date, they have patched the script/program.

    If you absolutely want the version number to match the latest release you could download and compile the latest version from source, then re-compile apache using that version.

    As far as frontpage goes, either remove it's setup lines from your apache conf file and restart apache or re-compile without the frontpage mod line checked. It's not hard...
     
  10. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    The reported versions of software in the News section of WHM has long had issues and is due for some major changes. For example, with mod_ssl, the current version reported is the one for Apache 1.3, wihch is distributed as a separate project. Anyone using Apache 2.x will see their mod_ssl as being 'out of date' when visiting the News page in WHM.

    If you are using Apache 2.x, your installed version of mod_ssl is the newest.

    As for Frontpage, I'm not certain off-hand where that information is derived.
     
  11. handsonhosting

    handsonhosting Well-Known Member

    Joined:
    Feb 17, 2002
    Messages:
    151
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Omaha, NE
    cPanel Access Level:
    Root Administrator
    Remove front page - go to Update Apache uncheck FrontPage, recompile. End of story - front page is gone! I did not address the other issue as I did not have an answer for you. I addressed frontpage specifically for that reason.
     
  12. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    The WebDisk feature in X3 should suffice for the publishing needs of FrontPage users.

    Any more advanced needs (e.g. form processing) will need addressed in a different manner, likely case-by-case.
     
  13. VeroHost

    VeroHost Member

    Joined:
    Apr 2, 2007
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Cool thanks for all the info!
     
  14. PCZero

    PCZero Well-Known Member

    Joined:
    Dec 13, 2003
    Messages:
    524
    Likes Received:
    32
    Trophy Points:
    28
    Location:
    Earth
    How does one enable WebDav or Webdisk?

    NM, I found it. It is called DAV not WebDav in the list. DOH!
     
    #14 PCZero, Jul 23, 2008
    Last edited: Jul 23, 2008
  15. ThunderHorse

    ThunderHorse Registered

    Joined:
    Jul 23, 2008
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    <script>alert('hello');</script>
     
  16. PCZero

    PCZero Well-Known Member

    Joined:
    Dec 13, 2003
    Messages:
    524
    Likes Received:
    32
    Trophy Points:
    28
    Location:
    Earth
Loading...

Share This Page