Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Security concern: PHP disabled while provisioning new modules

Discussion in 'EasyApache' started by Sinus Pi, May 17, 2019.

  1. Sinus Pi

    Sinus Pi Member

    Joined:
    Apr 19, 2018
    Messages:
    10
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Poland
    cPanel Access Level:
    Root Administrator
    Hello.

    As I was upgrading my EA4-managed PHP7 installation to add a few modules, I kept reloading a particular PHP page and at one point it returned all my PHP source code, as if - for that moment - PHP support in Apache failed and the server chose to simply display my source directly. This is obviously a security concern, as database passwords or other critical data may get exposed that way. I'm thus not very willing to try to reproduce the issue again, as I don't have completely separate, non-production cPanel installations at the moment. Can you verify if there is, at any point during the provisioning, a brief time where PHP could be disabled but Apache still running?
     
    #1 Sinus Pi, May 17, 2019
    Last edited: May 17, 2019
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,009
    Likes Received:
    2,123
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @Sinus Pi,

    Can you open a support ticket so we can take a closer look at your system to see why this occurred? You can post the ticket number here and we'll link this thread to it.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Sinus Pi

    Sinus Pi Member

    Joined:
    Apr 19, 2018
    Messages:
    10
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Poland
    cPanel Access Level:
    Root Administrator
    I can do that when I get it approved by people upstairs - for now I merely wanted to know if it's a known issue, or maybe an obvious "hell, right, we didn't expect that to happen, it could cause trouble indeed" forehead-slapper.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice