Apache 1.3.36 Security Update
May 25, 2006, 8:08 pm
A new version of Apache (1.3.36) was just released for Cpanel servers. We don’t recommend upgrading rightaway, because you quite often wind up with more problems than the upgrade is supposed to fix. It is a ‘fact’ that almost every new version of any software (mysql, php, etc….) that has been released by Cpanel has been unstable in the beginning first few weeks of the release. This isn’t their fault, it is just the nature of the beast. The latest version of any software that is just released quite often has bugs or some sort of problems.
This Apache update for Cpanel was just released yesterday, so we recommend to wait at least a week or two at the very least before upgrading to make sure it is stable.
As for the warning message you see when logging into WHM, naturally since the version currently installed is not the latest, the message will say your version is insecure, regardless of any actual real security threat or not.
It’s a balance between stability and security, and only you can decide what you want to side with. This decision is always controversial, because neither having an insecure nor unstable server is any good. In our opinion, we recommend to wait at least a week or two, based on past experiences and what we are already hearing from customers that already attempted this upgrade. People have already upgraded Apache without asking us and have run into problems, problems ranging from Apache not starting to Apache modules not loading to Apache crashing constantly and more. You can also read about problems others are having at the cpanel forums, there’s many complaints there already.
What makes this even worse is that there is no option to even downgrade, so it has to be manually reinstalled or recompiled which results in HTTP downtime during this process.
Posted by yuga under: General News, Security
WordPress 1.5.1.3 Security Update WordPress version 1.5.1.3 is remotely exploitable if the web server on which it runs has register_globals = on in the PHP configuration. perl and PHPSecurity Basics: PHP For those who are using scripts like Moveable Type and Wordpress, they have little to worry about security since they only need to wait forWordPress 2.0.3 Released The latest in the stable 2.0 series, 2.0.3, is now available for download at WordPress.org. This is a bug fix and security release, and isWordPress 1.5.2 The latest release for Wordpress verison 1.5.2 is now available for download here. We request all clients to update their installation of WP the soonest possibleSecurity Basics: Social Engineering It has been said the the users are the weakest link in the security chain. This is especially exemplified in Social Engineering. This is aGetting your sites up in Search Engines. Promoting one's website or web blog is a never-ending task. Most people would ask me how do I do it. It's not a secret actually,CGI Scripts disabled We have disabled the Mchat, Cgiecho, Cgiemail, Guestbook, Counter and Formmails from CPanel's system wide cgi-sys directory. The are the most commonly exploited scripts sinceEnable register_globals on individual cPanel accounts Since register_globals is disabled on the servers for security purposes, some of your scripts and Fantastico installs might not work properly. However, you can enableUpgrade your blogs to WordPress 2.1.13 & 2.0.10 The new release of WordPress are versions 2.1.13 and 2.0.10. There are security updates so download your copy now and upgrade your blogs.Your Support Tickets are Important to Us! We would like to stress the importance of using our Support Ticket System in the Client Center. Here are a few points we'd like to
Leave a Comment
You must be logged in to post a comment.
Trackback this post | Subscribe to the comments via RSS Feed