Possible security issue with Jailed Apache?
I have seen some error_logs files from my clients and I got scared with this error:
USER2 error_logs file:
[15-Jan-2017 15:14:02] PHP Fatal error: Cannot redeclare wp_get_server_protocol() (previously declared in /home/USER1/public_html/wp-includes/load.php:16) in /home/USER2/public_html/blog/wp-includes/load.php on line 16
I saw this error log inside USER2 account, and many other accounts (USER3, USER5, etc.), all from the "USER1". This log did not appear on all accounts, and only appeared for customers who have Wordpress installed. Why is USER1 generating error in others accounts? I have jailed apache enabled. [SPOILER="EasyApache 3 - Profile"> Apache 2.4 Deflate Env Expires Fileprotect Headers MPM Prefork Mime Magic Mod RemoteIp Mod ReqTimeout Mod SuPHP 0.7.2 Proxy UniqueId Version PHP 5.6 Bcmath CGI Calendar CurlSSL Exif FTP FileInfo GD Gettext Iconv Imap Intl MailHeaders Mbregex Mbstring Mcrypt MySQL "Improved" extension. Mysql Opcache Openssl PDO PDO MySQL Pear Phar Pspell SOAP SQLite3 Sockets TTF (FreeType) XmlRPC Zip Zlib Additional OptMods IonCube 4 Loader v4.7.5 for PHP Mod CloudFlare Mod Ruid2 0.9.8 Mod Security 2.9.0 Suhosin 0.9.38 for PHP I checked the USER1 account and it does not appear to be infected. And I use "Opcache" to cache PHP scripts. This could be opening a breach in the apache jailed protection?
I saw this error log inside USER2 account, and many other accounts (USER3, USER5, etc.), all from the "USER1". This log did not appear on all accounts, and only appeared for customers who have Wordpress installed. Why is USER1 generating error in others accounts? I have jailed apache enabled. [SPOILER="EasyApache 3 - Profile"> Apache 2.4 Deflate Env Expires Fileprotect Headers MPM Prefork Mime Magic Mod RemoteIp Mod ReqTimeout Mod SuPHP 0.7.2 Proxy UniqueId Version PHP 5.6 Bcmath CGI Calendar CurlSSL Exif FTP FileInfo GD Gettext Iconv Imap Intl MailHeaders Mbregex Mbstring Mcrypt MySQL "Improved" extension. Mysql Opcache Openssl PDO PDO MySQL Pear Phar Pspell SOAP SQLite3 Sockets TTF (FreeType) XmlRPC Zip Zlib Additional OptMods IonCube 4 Loader v4.7.5 for PHP Mod CloudFlare Mod Ruid2 0.9.8 Mod Security 2.9.0 Suhosin 0.9.38 for PHP I checked the USER1 account and it does not appear to be infected. And I use "Opcache" to cache PHP scripts. This could be opening a breach in the apache jailed protection?
-
[15-Jan-2017 15:14:02] PHP Fatal error: Cannot redeclare wp_get_server_protocol() (previously declared in /home/USER1/public_html/wp-includes/load.php:16) in /home/USER2/public_html/blog/wp-includes/load.php on line 16
Hello, Search results suggest this is related to a bad WordPress plugin. There's a WordPress thread where it's discussed at: Topic: Cannot redeclare wp_get_server_protocol " WordPress.org Forums Thank you.0 -
Hello Michael, My concern is that USER1's php scripts affect other accounts on the server. How would this be possible if I run apache with jailed enabled? I want to figure out how this happened, because this time it was a plugin, but the next it could be a malicious script. Thank you! 0 -
That's an interesting error. I notice from your build profile you're using suphp. What are your users shells set to? I don't believe suphp is suggested as the ideal php handler when using mod_ruid2. Michael will correct me if I'm wrong. 0 -
That's an interesting error. I notice from your build profile you're using suphp. What are your users shells set to? I don't believe suphp is suggested as the ideal php handler when using mod_ruid2. Michael will correct me if I'm wrong.
Hello ThinIce, This is my shell configuration: 44855 44859 And you are right! Do not select suPHP as your PHP handler if you use ModRuid2 with the "EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel" jailshell. " option in the Security tab of WHM's But I have PHP 5 Handler configured with DSO. Anyway I'm going to disable Mod SuPHP.0 -
And I use "Opcache" to cache PHP scripts. This could be opening a breach in the apache jailed protection?
Hello, In your OPCache configuration, try adding the following entry to see if the issue persists:opcache.validate_permission=1
It's likely you are facing the same issue discussed on the following thread: SOLVED - Zend OPcache and PHP-FPM Thank you.0 -
Hello, In your OPCache configuration, try adding the following entry to see if the issue persists:
opcache.validate_permission=1
It's likely you are facing the same issue discussed on the following thread: SOLVED - Zend OPcache and PHP-FPM Thank you.
Probably that was the problem. I did not know this configuration. Thank you so much Michael! You helped me a lot! This is my current setting:opcache.enable=1 opcache.memory_consumption=2048 opcache.interned_strings_buffer=24 opcache.max_accelerated_files=130987 opcache.max_file_size=5242880 opcache.enable_file_override=1 opcache.revalidate_freq=2 opcache.fast_shutdown=1 opcache.use_cwd=1 opcache.save_comments=1 opcache.load_comments=1 opcache.validate_permission=1 opcache.restrict_api="/home/hostadm/public_html"0
Please sign in to leave a comment.
Comments
6 comments