PHP7.4 Security issue?
AnsweredHello,
We have received this error overnight after yesterday following security advisor advice and uninstalling PHP 7.4 from easy apache and rebooting. Any ideas why we are still getting this as i can still see it listed within multiphp manager?
New Security Advisor notifications with High importance
Type Module Advice
⛔ High PHP PHP 7.4 reached EOL
• We strongly recommend that you use a version that is still supported upstream.
• If you do continue to use it, you will be susceptible to any remaining bugs or security issues.
We recommend that you use the MultiPHP Manager interface to upgrade your domains to a supported version. Then, uninstall this version in the EasyApache 4 interface. For more information, read PHP EOL Documentation.
In order to resolve these security concerns, log in to WHM and navigate to the “Security Advisor” interface. https://wilberforce.itwiser.net:2087/cgi/securityadvisor/index.cgi
This notice is the result of a request from “check_for_security_advise_changes”.
The system generated this notice on Saturday, July 13, 2024 at 4:57:16 AM UTC.
“Security Advisor State Change” notifications are currently configured to have an importance of “High”.
followed by:
...
[2024-07-13 04:55:20 +0000] E [/usr/local/cpanel/scripts/migrate_local_ini_to_php_ini] Cpanel::Exception::FeatureNotEnabled/(XID p6v2xe) The “ea-php74” package does not provide an executable binary.
[2024-07-13 04:55:20 +0000] E [/usr/local/cpanel/scripts/migrate_local_ini_to_php_ini] at /usr/local/cpanel/Cpanel/ProgLang/Supported/php.pm line 318.
[2024-07-13 04:55:20 +0000] E [/usr/local/cpanel/scripts/migrate_local_ini_to_php_ini] Cpanel::ProgLang::Supported::php::get_package(Cpanel::ProgLang::Supported::php=HASH(0x19ce5c8), "package", "ea-php74") called at /usr/local/cpanel/Cpanel/ProgLang/Supported/php/Ini.pm line 233
[2024-07-13 04:55:20 +0000] E [/usr/local/cpanel/scripts/migrate_local_ini_to_php_ini] Cpanel::ProgLang::Supported::php::Ini::new("Cpanel::ProgLang::Supported::php::Ini", "lang", Cpanel::ProgLang::Supported::php=HASH(0x19ce5c8), "package", "ea-php74") called at /usr/local/cpanel/Cpanel/ProgLang/Supported/php.pm line 371
...
[2024-07-13 04:55:20 +0000] Processing: Updating plugins data cache
[2024-07-13 04:55:20 +0000] - Processing command `/usr/local/cpanel/bin/refresh_plugin_cache`
[2024-07-13 04:55:21 +0000] - Finished command `/usr/local/cpanel/bin/refresh_plugin_cache` in 0.193 seconds
[2024-07-13 04:55:21 +0000] Processing: Ensuring SSL certificate information for CCS is up to date.
[2024-07-13 04:55:21 +0000] - Processing command `/usr/local/cpanel/scripts/ccs-check --run --ssl`
[2024-07-13 04:55:21 +0000] - Finished command `/usr/local/cpanel/scripts/ccs-check --run --ssl` in 0.092 seconds
[2024-07-13 04:55:21 +0000] Processing: Ensure cpanel-plugins yum repo exists
[2024-07-13 04:55:22 +0000] - Finished in 1.202 seconds
[2024-07-13 04:55:22 +0000] Processing: Checking Addon Licenses
[2024-07-13 04:55:22 +0000] - Finished in 0.017 seconds
[2024-07-13 04:55:22 +0000] Processing: Updating Public Suffix List
[2024-07-13 04:55:22 +0000] Processing: Checking End Of Life for current version.
[2024-07-13 04:55:23 +0000] - Finished in 1.442 seconds
[2024-07-13 04:55:23 +0000] Processing:
[2024-07-13 04:55:23 +0000] Maintenance complete.
=> Log closed Sat Jul 13 04:55:23 2024
Thanks
-
Hi,
I am under the impression that you've uninstalled PHP 7.4, but it reinstalled itself afterwards based on what you're seeing in the MultiPHP Manager. I recommend reviewing the yum/dnf logs (usually located within /var/log) to see what time the PHP 7.4 package was reinstalled. You can then compare this timestamp to the crons that ran on the server (/var/log/cron) to see if it was reinstalled by a cron job.
0
Please sign in to leave a comment.
Comments
1 comment