You are running an insecure apache setup. (Merged)

[avijit]

rm -rf /home/cpapachebuild/
then
run /scripts/easyapache with the option 7 to keep your old config. This should resolve the issue.

 

[kamau]

I'm having same problem.

I've tried running /scripts/easyapache many times and nothing works.

I've also tried uncommenting lines;

LoadModule php4_module libexec/libphp4.so
&
AddModule mod_php4.c

Then run /scripts/easyapache and php 4.4.1 and still apache will not restart at WHM, and keeps on flashing red

What I'm I missing ??

 

[Snowman30]

Ive got an issue on all servers that were running 4.4.2 under phpsuexec

I did a recompile of apache and now loads are screaming thru the roof well over 100

hundreds and hundreds of processes are using php and dont seem to be clearing properly

 

[jamesbond]

The scripts may work, I was having trouble earlier with it. I was able to just install the rpm manually from http://layer1.cpanel.net/fp/ and it worked.

Regarding php-4.4.2 it is fine and once you upgrade frontpage it will no longer show as vulnerable

How exacly did you upgrade frontpage without rebuilding apache? Installing the rpm isn't enough is it? Doesn't it need to be compiled into apache using apxs ? Could you perhaps post the steps?

 

[lagoth]

Seems like the build scripts for BSD are screwey too. Mine was stuck for two hours on this part:
=============================
Source: packages-5.4-release
Source: packages-5-stable
Source: packages-5.4-release
Source: packages-5-stable
Source: packages-5.4-release
Source: packages-5-stable
Source: packages-5.4-release
Source: packages-5-stable
Source: packages-5.4-release
Source: packages-5-stable
Source: packages-5.4-release
Source: packages-5-stable
Source: packages-5.4-release
Source: packages-5-stable
Source: packages-5.4-release
Source: packages-5-stable
Source: packages-5.4-release
Source: packages-5-stable
aspell is installed
Source: packages-5.4-release
Source: packages-5-stable
Source: packages-5.4-release
Source: packages-5-stable
Source: packages-5.4-release
Source: packages-5-stable
Source: packages-5.4-release
Source: packages-5-stable
Source: packages-5.4-release
Source: packages-5-stable
Source: packages-5.4-release
Source: packages-5-stable
Source: packages-5.4-release
Source: packages-5-stable
Source: packages-5.4-release
Source: packages-5-stable
Source: packages-5.4-release
Source: packages-5-stable
============================

It's still trying to fetch INDEX from bsd servers, which no longer generate INDEX for ports.

 

[mctDarren]

root@server [/]# /etc/rc.d/init.d/mysql stop
No mysqld pid file found. Looked for /var/lib/mysql/server.rhdns.com.pid.

My daily logs are showing:

mysqladmin: connect to server at 'localhost' failed
error: 'Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)'
Check that mysqld is running and that the socket: '/var/lib/mysql/mysql.sock' exists!

All that indicates to me that mysql is not running at all. Did you just try /etc/rc.d/init.d/mysql start ?

 

[mctDarren]

You should have a backup left in /usr/local/apache/conf/
As far as getting it online some people have had sucess with recompiling with easyapache. I found another way was to source compile everything.

Actually after trying to recompile myself I still had issues with PHP, so I contacted you and you fixed it up for me. You folks at TSS are worth every penny!! Thanks!

 

[jrehmer]

This question is some what out of this thread but fits here the best. On my warning I don't have a section for PHP, and I don't think I ever have?

I have:

Apache Core
Passthrough Authentication
Bytes Logger
Bandwidth Limiter
FrontPage
mod_ssl
OpenSSL


Is there a reason why there is not a PHP section?

 

[webignition]

Is there a reason why there is not a PHP section?

Yes, there isn't one.

Or at least not that I've ever noticed.

 

[jrehmer]

Yes, there isn't one.

Or at least not that I've ever noticed.

Reading through the thread other people said it listed their PHP version as being insecure, which means they see it.