You are running an insecure apache setup. (Merged)

oulzac

Well-Known Member
Aug 7, 2005
131
0
166
new security BS in whm

Anyone else seeing this new BS update security thing at the top of WHM when the login???

if just started on every server I run about 20 mins ago.

how in the hell can I remove this??
 

kerriritter

Active Member
Oct 25, 2004
31
0
156
What's up with /scripts/easyapache

After upcp ran last night on all servers, I now have a large message in red in WHM:

"You are running an insecure Apache setup. You should run /scripts/easyapache or if you are running cPanel 7.1.9 or later (click here) to upgrade to a newer version as soon as possible to avoid your system being compromised."

Followed by a table of modules, the installed version and the current version. The only difference is Apache installed is 1.3.34 and new core is 1.3.36. I shelled out to root to run easy apache and nothing happens, says file not found though it is in /scripts/easyapache. It has done this on all servers.

Though I have never ran recompiled apache from WHM, I thought I would try it now since /scripts/easyapache won't run. So I clicked here in the red message box link, and the same exact thing.

Building Apache Config.....Done
Downloading and compiling apache+modules....
Attempting to restart httpd
Waiting for httpd to restart....
Finished

And it does not do a thing, just like at the command line. All it does is stop and restart apache.

Anyone else having this issue? I'm running:
WHM 10.8.0 cPanel 10.8.1-S114
Fedora i686 - WHM X v3.1.0
 

krisdv

Well-Known Member
Jun 18, 2003
176
0
166
Belgium
I think it's rather Apache 1.3.34 => 1.3.36 but i would like to know why we only get these warnings now.
 

oulzac

Well-Known Member
Aug 7, 2005
131
0
166
the issue for is not apache or frontpage, I have been upgrading all that, but it wont go away because I am not using php5, and I dont want to.
 

Blackknight

Member
Jul 12, 2003
9
0
151
Yes, this is really annoying. Any way to disable it?

Apparently Cpanel thinks php4 is insecure when it isn't. It also sucks when you have 1500 servers all saying this.
 

oulzac

Well-Known Member
Aug 7, 2005
131
0
166
Blackknight said:
Yes, this is really annoying. Any way to disable it?

Apparently Cpanel thinks php4 is insecure when it isn't. It also sucks when you have 1500 servers all saying this.
yeah, thats my issue, i am not going to update all my servers, for a false positive, cpanel needs to remove this asap!
 

ZeusChicago

Active Member
Oct 9, 2005
44
0
156
kerriritter said:
After upcp ran last night on all servers, I now have a large message in red in WHM:

"You are running an insecure Apache setup. You should run /scripts/easyapache or if you are running cPanel 7.1.9 or later (click here) to upgrade to a newer version as soon as possible to avoid your system being compromised."

Followed by a table of modules, the installed version and the current version. The only difference is Apache installed is 1.3.34 and new core is 1.3.36. I shelled out to root to run easy apache and nothing happens, says file not found though it is in /scripts/easyapache. It has done this on all servers.

Though I have never ran recompiled apache from WHM, I thought I would try it now since /scripts/easyapache won't run. So I clicked here in the red message box link, and the same exact thing.

Building Apache Config.....Done
Downloading and compiling apache+modules....
Attempting to restart httpd
Waiting for httpd to restart....
Finished

And it does not do a thing, just like at the command line. All it does is stop and restart apache.

Anyone else having this issue? I'm running:
WHM 10.8.0 cPanel 10.8.1-S114
Fedora i686 - WHM X v3.1.0

I just noticed this as well (im a ServerMatrix/ThePlanet customer). Was just looking for information on it
 

pjman

Well-Known Member
Mar 22, 2003
101
0
166
New York
PHP4- While we're on that subject.

Yeah, false positive suck.:eek:

But, I know PHP 5 just recently had some security fixes that were rated critical.

Is 4.4.2 still the latest PHP 4 build. I know PHP.net is saying it is, but any ideas if 4.4.3 is coming out soon, due to similar issues found in 5?
 

ZeusChicago

Active Member
Oct 9, 2005
44
0
156
Getox said:
seems PLESK7 is better.. by 500%
I just blew soda pop out of my nose reading this comment :D

Plesk is so bad i un-installed it from my windows server and went back to doing everything by hand. Worthless memory pig IMHO

Cant wait for Cpanel windows version to come out :cool:

Z

*edit* i was searching for "You are running an insecure apache setup." and ran into this thread, didnt realize it was 2 years old until after I posted in it....duhhhh.
 

david510

Well-Known Member
Aug 22, 2004
473
0
166
Seems apache 1.3.36 released. But in the whm warning --> for Php it is showing latest version as 5.1.4. I think we need to update php to 5.1.4 from 4.4. Is there any issue in doing this. Any views.
 

ddmobley

Member
May 13, 2006
24
0
151
I had just finished rebuilding apache about an hour ago, and when I saw that error message, I thought I had broke something. I too do not want to go to PHP5 presently for compatibility reasons. There should be a way for CPanel to tell us how to turn these warnings off.
 

hartzcs

Member
Mar 12, 2005
16
0
151
I just recomplied with 4.4.2 and the new FP addons and the warning went away. For some reason I had to do it twice to get 4.4.2 to take.
 

FijianTribe

Well-Known Member
Jan 30, 2003
70
0
156
I ran into the same issue, and now appache will not start. HELP!
 

ddmobley

Member
May 13, 2006
24
0
151
david510 said:
Seems apache 1.3.36 released. But in the whm warning --> for Php it is showing latest version as 5.1.4. I think we need to update php to 5.1.4 from 4.4. Is there any issue in doing this. Any views.
I tried to update to PHP 5.1.4 and my websites stopped working. I ran "http://myserverdomain:2086/scripts2/buildapache" and selected PHP 4.4.1 and rebuilt Apache and they started working again...
 

ddmobley

Member
May 13, 2006
24
0
151
FijianTribe said:
I ran into the same issue, and now appache will not start. HELP!
Run "http://yourserversdomainname:2086/scripts2/buildapache", select PHP 4.4.1 (or whatever you were running) and let Apache rebuild. That will get Apache restarted until we figure out how to bypass this warning message.