The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

You are running an insecure apache setup. (Merged)

Discussion in 'EasyApache' started by oulzac, May 23, 2006.

  1. oulzac

    oulzac Well-Known Member

    Joined:
    Aug 7, 2005
    Messages:
    131
    Likes Received:
    0
    Trophy Points:
    16
    new security BS in whm

    Anyone else seeing this new BS update security thing at the top of WHM when the login???

    if just started on every server I run about 20 mins ago.

    how in the hell can I remove this??
     
  2. jenlepp

    jenlepp Well-Known Member

    Joined:
    Jul 4, 2005
    Messages:
    116
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Liberty Hill, TX
    cPanel Access Level:
    DataCenter Provider
    Dunno about you, but I decided to update Apache. Got rid of it.
     
  3. kerriritter

    kerriritter Active Member

    Joined:
    Oct 25, 2004
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    What's up with /scripts/easyapache

    After upcp ran last night on all servers, I now have a large message in red in WHM:

    "You are running an insecure Apache setup. You should run /scripts/easyapache or if you are running cPanel 7.1.9 or later (click here) to upgrade to a newer version as soon as possible to avoid your system being compromised."

    Followed by a table of modules, the installed version and the current version. The only difference is Apache installed is 1.3.34 and new core is 1.3.36. I shelled out to root to run easy apache and nothing happens, says file not found though it is in /scripts/easyapache. It has done this on all servers.

    Though I have never ran recompiled apache from WHM, I thought I would try it now since /scripts/easyapache won't run. So I clicked here in the red message box link, and the same exact thing.

    Building Apache Config.....Done
    Downloading and compiling apache+modules....
    Attempting to restart httpd
    Waiting for httpd to restart....
    Finished

    And it does not do a thing, just like at the command line. All it does is stop and restart apache.

    Anyone else having this issue? I'm running:
    WHM 10.8.0 cPanel 10.8.1-S114
    Fedora i686 - WHM X v3.1.0
     
  4. fgauthier

    fgauthier Member
    PartnerNOC

    Joined:
    Feb 22, 2003
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    it is a frontpage update to FrontPage/5.0.2.2635.SR1.2
     
  5. krisdv

    krisdv Well-Known Member

    Joined:
    Jun 18, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Belgium
    I think it's rather Apache 1.3.34 => 1.3.36 but i would like to know why we only get these warnings now.
     
  6. oulzac

    oulzac Well-Known Member

    Joined:
    Aug 7, 2005
    Messages:
    131
    Likes Received:
    0
    Trophy Points:
    16
    the issue for is not apache or frontpage, I have been upgrading all that, but it wont go away because I am not using php5, and I dont want to.
     
  7. Blackknight

    Blackknight Member

    Joined:
    Jul 12, 2003
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Yes, this is really annoying. Any way to disable it?

    Apparently Cpanel thinks php4 is insecure when it isn't. It also sucks when you have 1500 servers all saying this.
     
  8. oulzac

    oulzac Well-Known Member

    Joined:
    Aug 7, 2005
    Messages:
    131
    Likes Received:
    0
    Trophy Points:
    16
    yeah, thats my issue, i am not going to update all my servers, for a false positive, cpanel needs to remove this asap!
     
  9. ZeusChicago

    ZeusChicago Active Member

    Joined:
    Oct 9, 2005
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6

    I just noticed this as well (im a ServerMatrix/ThePlanet customer). Was just looking for information on it
     
  10. Tomas

    Tomas Member

    Joined:
    Oct 31, 2003
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Santiago, Chile
    Very odd indeed... I ran easyapache but couldn't find anything new there.
     
  11. pjman

    pjman Well-Known Member

    Joined:
    Mar 22, 2003
    Messages:
    101
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New York
    PHP4- While we're on that subject.

    Yeah, false positive suck.:eek:

    But, I know PHP 5 just recently had some security fixes that were rated critical.

    Is 4.4.2 still the latest PHP 4 build. I know PHP.net is saying it is, but any ideas if 4.4.3 is coming out soon, due to similar issues found in 5?
     
  12. ZeusChicago

    ZeusChicago Active Member

    Joined:
    Oct 9, 2005
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    I just blew soda pop out of my nose reading this comment :D

    Plesk is so bad i un-installed it from my windows server and went back to doing everything by hand. Worthless memory pig IMHO

    Cant wait for Cpanel windows version to come out :cool:

    Z

    *edit* i was searching for "You are running an insecure apache setup." and ran into this thread, didnt realize it was 2 years old until after I posted in it....duhhhh.
     
  13. david510

    david510 Well-Known Member

    Joined:
    Aug 22, 2004
    Messages:
    473
    Likes Received:
    0
    Trophy Points:
    16
    Seems apache 1.3.36 released. But in the whm warning --> for Php it is showing latest version as 5.1.4. I think we need to update php to 5.1.4 from 4.4. Is there any issue in doing this. Any views.
     
  14. ddmobley

    ddmobley Member

    Joined:
    May 13, 2006
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    I had just finished rebuilding apache about an hour ago, and when I saw that error message, I thought I had broke something. I too do not want to go to PHP5 presently for compatibility reasons. There should be a way for CPanel to tell us how to turn these warnings off.
     
  15. hartzcs

    hartzcs Member

    Joined:
    Mar 12, 2005
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    I just recomplied with 4.4.2 and the new FP addons and the warning went away. For some reason I had to do it twice to get 4.4.2 to take.
     
  16. ddmobley

    ddmobley Member

    Joined:
    May 13, 2006
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    I just read it too for the first time. See this post for more information on the WHM apache security warning:

    http://forums.cpanel.net/showthread.php?t=53272
     
  17. FijianTribe

    FijianTribe Well-Known Member

    Joined:
    Jan 30, 2003
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    I ran into the same issue, and now appache will not start. HELP!
     
  18. krisdv

    krisdv Well-Known Member

    Joined:
    Jun 18, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Belgium
  19. ddmobley

    ddmobley Member

    Joined:
    May 13, 2006
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    I tried to update to PHP 5.1.4 and my websites stopped working. I ran "http://myserverdomain:2086/scripts2/buildapache" and selected PHP 4.4.1 and rebuilt Apache and they started working again...
     
  20. ddmobley

    ddmobley Member

    Joined:
    May 13, 2006
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Run "http://yourserversdomainname:2086/scripts2/buildapache", select PHP 4.4.1 (or whatever you were running) and let Apache rebuild. That will get Apache restarted until we figure out how to bypass this warning message.
     
Loading...

Share This Page