Apache 1.3.36 Security Update
May 25, 2006, 8:08 pm
A new version of Apache (1.3.36) was just released for Cpanel servers. We don’t recommend upgrading rightaway, because you quite often wind up with more problems than the upgrade is supposed to fix. It is a ‘fact’ that almost every new version of any software (mysql, php, etc….) that has been released by Cpanel has been unstable in the beginning first few weeks of the release. This isn’t their fault, it is just the nature of the beast. The latest version of any software that is just released quite often has bugs or some sort of problems.
This Apache update for Cpanel was just released yesterday, so we recommend to wait at least a week or two at the very least before upgrading to make sure it is stable.
As for the warning message you see when logging into WHM, naturally since the version currently installed is not the latest, the message will say your version is insecure, regardless of any actual real security threat or not.
It’s a balance between stability and security, and only you can decide what you want to side with. This decision is always controversial, because neither having an insecure nor unstable server is any good. In our opinion, we recommend to wait at least a week or two, based on past experiences and what we are already hearing from customers that already attempted this upgrade. People have already upgraded Apache without asking us and have run into problems, problems ranging from Apache not starting to Apache modules not loading to Apache crashing constantly and more. You can also read about problems others are having at the cpanel forums, there’s many complaints there already.
What makes this even worse is that there is no option to even downgrade, so it has to be manually reinstalled or recompiled which results in HTTP downtime during this process.
Posted by admin under: General News, Security
Security Basics: PHP For those who are using scripts like Moveable Type and Wordpress, they have little to worry about security since they only need to wait forWordPress 2.7.1 is Out Those who are running WordPress can now update their blogs to the latest version 2.7.1. This version fixes bugs and security holes in the softwareWordPress 2.0.3 Released The latest in the stable 2.0 series, 2.0.3, is now available for download at WordPress.org. This is a bug fix and security release, and isWordPress 1.5.1.3 Security Update WordPress version 1.5.1.3 is remotely exploitable if the web server on which it runs has register_globals = on in the PHP configuration. perl and PHPSecurity Issues with PHPBB PHPBB has announced an injection vulnerability on their website. Those running PHPBB software are advised to update a patch on their installations: Despite being among theInternal Server Error on Warden We discovered a problem with the Warden server (72.232.240.26) this morning that all sites return an Error 500 (Internal Server Error) when loading PHP files. AccountsSecurity Basics: Social Engineering It has been said the the users are the weakest link in the security chain. This is especially exemplified in Social Engineering. This is aCGI Scripts disabled We have disabled the Mchat, Cgiecho, Cgiemail, Guestbook, Counter and Formmails from CPanel's system wide cgi-sys directory. The are the most commonly exploited scripts sinceEnable register_globals on individual cPanel accounts Since register_globals is disabled on the servers for security purposes, some of your scripts and Fantastico installs might not work properly. However, you can enableUpgrade your blogs to WordPress 2.1.13 & 2.0.10 The new release of WordPress are versions 2.1.13 and 2.0.10. There are security updates so download your copy now and upgrade your blogs.
Leave a Comment
You must be logged in to post a comment.
Trackback this post | Subscribe to the comments via RSS Feed