Skip to main content
cPanel Technical Support has been heavily impacted by hurricane Beryl and our ability to respond to tickets has been hindered as a result. We appreciate your understanding and patience as we address these delays.

CPANEL-41951 - LiteSpeed segmented chroot()ed spam on server that don't have LiteSpeed

Comments

29 comments

  • cPRex Jurassic Moderator
    Hey there! If you aren't running Litespeed, it doesn't make sense to me that you are receiving that message. Is it possible that any Litespeed packages are installed on the server? If not, could you create a ticket with our team so we can take a look?
    0
  • Web City Media
    Same situation. We are still seeing these messages. We have submitted a support request 94514265. Is this an upsell, bad notification programming or a real issue we need to learn to resolve.
    0
  • cPRex Jurassic Moderator
    Thanks for posting that ticket number. I'm following along on my end now so we can get to the bottom of this.
    0
  • jcbfergie
    I've been having the same issue - no litespeed. Originally the message also suggested that I enable mod_ruid2, enable Jail Apache, and change users to jailshell. I did all those items but still get this message.
    0
  • rivermobster
    Same here. Litespeed not active/installed...
    0
  • Web City Media
    There is a case opened with the development team. They see it but do not have a fix yet. Will post any updates here.
    0
  • cPRex Jurassic Moderator
    We're tracking this issue with case CPANEL-41951 and I'll be sure to post updates once I get them!
    0
  • rivermobster
    So tonight, I came across this (updated 17 hours ago)...
    0
  • Web City Media
    Joe the solution you are asking about is related to securing "Apache vhosts" which will give you a bill of clean health if you use the Security Advisor direction. (This will be seen if you continue. We are setup to use prefork since we relied on the Security Advisor to secure the WHM/CPanel installation. It will let you know if your Apache shell accounts are not jailed, aloong with other security recommendations. You will also see upsells for other products. The current issue is related to a "Litespeed vhosts" system notification. LiteSpeed Web Server is an Apache alternative which requires a paid license, Note: There is a free version which is limited to one domain and 2gb of memory. The security advisor does not show this as a problem hence the big question: Why are we getting this particular message?
    0
  • rivermobster
    Joe the solution you are asking about is related to securing "Apache vhosts" which will give you a bill of clean health if you use the Security Advisor direction. (This will be seen if you continue. We are setup to use prefork since we relied on the Security Advisor to secure the WHM/CPanel installation. It will let you know if your Apache shell accounts are not jailed, aloong with other security recommendations. You will also see upsells for other products. The current issue is related to a "Litespeed vhosts" system notification. LiteSpeed Web Server is an Apache alternative which requires a paid license, Note: There is a free version which is limited to one domain and 2gb of memory. The security advisor does not show this as a problem hence the big question: Why are we getting this particular message?

    Interesting... Your warning: LiteSpeed vhosts are not segmented or chroot()ed. My warning: Apache vhosts are not segmented or chroot()ed. I guess I'll go make a new thread? Thanks for the clarification.
    0
  • cPRex Jurassic Moderator
    Nah, no need for a new thread. The Apache warning is expected. The LiteSpeed warning is not, especially if you don't have it installed.
    0
  • rivermobster
    Nah, no need for a new thread. The Apache warning is expected. The LiteSpeed warning is not, especially if you don't have it installed.

    More confusion... This is in the Security Advisor: Apache vhosts are not segmented or chroot()ed. Enable "mod_ruid2" in the "
    0
  • cPRex Jurassic Moderator
    Right - the email notification is what this case is about. The Apache issue is something you should actually check and decide how to handle.
    0
  • Dosmage
    I've been going over these alerts and applying the recommendations. I rolled my eyes so hard about a security alert, if I don't make a purchase I'm insecure, that I think I blew out some ocular ligaments. I'm glad that this is a "bug" and that it's active and open! I do have, hopefully, a non vapid comment on the problem. I see that there is a php litespeed cpanel rpm installed. If we're not running a CloudLinux kernel, CloudLinux or LiteSpeed daemon, is it possible that the check might be triggering on this rpm?
    0
  • eugenevdm.host
    I've given up on this issue after logging a ticket. Reasons hereunder: Ticket reply was (not a public article you have to log on): - Disable specific Security Advisor State Change notifications How about I vote to turn off all broken and spammy messages? Ticket 94515863 When you've been using software for years and you spot obvious issues voting is a frivolous activity because it's logical to you and the rest of the community. So instead of enjoying my holidays every morning I log on to find lots of messages that I have to ignore. The issue is my systems are carefully tuned across many mediums, Slack, PRTG, Email, WhatsApp, etc. Any kind of noise means I can't focus on the real problems. EDIT: After having typed this reply I see the title of this forum post now has a "In Progress" moniker attached to it. Not sure what that means but hopefully something is being done behind the scenes with regards to this.
    0
  • cPRex Jurassic Moderator
    @eugenevdm.host - I was going to say, there is a case open, and CPANEL-41951 is titled "Security Advisor can reference Litespeed even when not installed." Once the case is resolved, that will fix that area of Security Advisor, and that support article will no longer be necessary. That specific feature is five years old, but I'll bring that up with the team today to get some fresh eyes on it. Is there another area of Security Advisor you'd like to see improved?
    0
  • robhooper
    +1 also effected by this issue. We received a security alert for both Apache and LiteSpeed, we only have Apache installed. I've actioned the recommended changes for Apache which resolved those alerts. Even if I had LiteSpeed installed I'm not sure what a LS user could do? the email message says rebuild on a new operating system which isn't happening. Seems like an abuse of this notification system IMO :/
    0
  • robhooper
    Potential lead, I just noticed that EasyApache has the PHP litespeed module installed (despite it not being needed). EasyApache seems to ignore me marking this to be uninstalled. :/ Perhaps this superflous package is triggering the cPanel Security Advise Notification.
    0
  • WorkinOnIt
    @cPRex - thanks for clarification on this matter. I also have the same issue. Meanwhile, the other question (perhaps needs a new thread?) is why is jail apache using mod_ruid2 experimental (after what, a decade or more?) Does cPanel not care about security? Instead of offering a robust jailed segmented vhosts option, we are still being sold another upgrade / spend more money and purchase CageFS ?
    0
  • cPRex Jurassic Moderator
    @WorkinOnIt - I think the short answer to that is that the CloudLinux tools are amazing and do MUCH more than just jail accounts, so we don't want to reinvent the wheel when such a good tool is available.
    0
  • Web City Media
    The issue is about an error message that is not accurate which leads to wasted support hours troubleshooting a problem that does not exist, not to mention questioning confidence in the "system". The longer it takes to fix this errant notification does not help the situation.
    0
  • drhigh5
    We are also getting the annoying daily email saying:
    LiteSpeed vhosts are not segmented or chroot()ed. Consider a more robust solution by using "
    All our user accounts have either jailed or disabled shells. Do we expect the Security Centre to stop incorrectly identifying this as a security risk?
    0
  • cPRex Jurassic Moderator
    When the case is resolved, the messages will stop being sent in error. I did reach out to our developers to let them know that many users are still seeing this warning, and while there has been some action on the case internally, I don't have much I can share at this point, other than it is being worked on.
    0
  • cPRex Jurassic Moderator
    Update - this is going to be resolved in 110. I haven't heard if this will make it into the 108 changes just yet.
    0
  • yatesf
    Update - this is going to be resolved in 110. I haven't heard if this will make it into the 108 changes just yet.

    Version 110? Holy cow, that seems pretty far out. Is there a best recommendation of which notification(s) to turn off or reconfigure in the interim (as a workaround) to stop getting these "litespeed vhost" false alarms? I've been getting the warnings almost daily.
    0
  • cPRex Jurassic Moderator
    @yatesf - is it? We have released on Edge version of 110 just this last week.
    0
  • rivermobster
    The fake warning is gone now. But now, I'm getting this warning that I'm being told to ignore! lol Apache vhosts are not segmented or chroot()ed. Enable "mod_ruid2" in the "
    0
  • aztopdavid
    I have the same issues described in this thread on my VPS that's currently at 108.0.14. The bogus Security Advisor notifications are a nuisance and tt would be nice to have it resolved before 110.
    0
  • Benjamin D.
    I still had that spam email coming in every few weeks even on 108.0.15 so I was kind of forced to upgrade to latest WHM build...
    0

Please sign in to leave a comment.