The vast majority of PHP 4 scripts will work in PHP 5. From experience, most distributed scripts that don't work in PHP 5 are very outdated and thus could pose a security risk to the server.
However, supporting PHP 4 and 5 simultaneously is a great way to transition your customers to PHP 5. If for some reason a website malfunctions in PHP 5, they can still use PHP 4 temporarily until they can take corrective action to migrate to PHP 5.
It is important to note that PHP 4 is EOL (as of 8/8/8) and thus is no longer receiving security patches. PHP has a history of having security issues, so it is best to migrate your users to PHP 5 as soon as you can to mitigate the risk presented by running an EOL'd version of PHP on a production server.
mod security 2 is in use with apache 2 (mod security 1 is in use with apache 1.x), you need to go to their site to learn more about that since it will be using a different conf file (also try the gotroot site for rulesets), take a look in /usr/local/apache/conf and look for the modsec2 files.
Instructions to install the gotroot rules are here:
https://www.atomicorp.com/wiki/index.php/Atomic_ModSecurity_Rules
You can download the rules from here:
http://www.gotroot.com
And there is a rules updater available too.
https://www.atomicorp.com/wiki/index.php/Atomic_ModSecurity_Rules
You can download the rules from here:
http://www.gotroot.com
And there is a rules updater available too.
