Apache update removed php

19 views
Skip to first unread message

John Logsdon

unread,
Nov 9, 2012, 3:53:52 AM11/9/12
to manchester-word...@googlegroups.com, Mailing list for WPUK
Folks

Running Ubuntu 10.04LTS, everything going well and fast now I am reverse
proxying with nginx.

Last night there was an automatic update to apache2:

===================================================
An update to apache2 from 2.2.14-5ubuntu8.9 to 2.2.14-5ubuntu8.10 is needed.
This update has been successfully installed.

An update to apache2-mpm-prefork from 2.2.14-5ubuntu8.9 to 2.2.14-5ubuntu8.10
is needed.
This update has been successfully installed.

An update to apache2-utils from 2.2.14-5ubuntu8.9 to 2.2.14-5ubuntu8.10 is
needed.
This update has been successfully installed.

An update to linux-libc-dev from 2.6.32-44.98 to 2.6.32-45.99 is needed.
This update has been successfully installed.
===================================================

This morning all sites were broken. This was traced to php5 being removed!!!!

I have seen a comment about this on ubuntuforums
http://ubuntuforums.org/showthread.php?p=12345109#post12345109
but there was no reply (only my question today).

Has anyone seen this?

Clearly this is not a WordPress issue but such active folk may have seen it or
may have found the reason!

--
Best wishes

John Logsdon

Mike Little

unread,
Nov 9, 2012, 4:55:11 AM11/9/12
to manchester-word...@googlegroups.com, Mailing list for WPUK
On 9 November 2012 08:53, John Logsdon <j.lo...@quantex-research.co.uk> wrote:
Folks

Running Ubuntu 10.04LTS, everything going well and fast now I am reverse
proxying with nginx.

Last night there was an automatic update to apache2:
 
[SNIP]
 
This morning all sites were broken.  This was traced to php5 being removed!!!!

You must have an odd set up John. 

This morning I updated five servers. Four of them stock Ubuntu server 10.4.4 LTS, three running php-fcgi, one running mod-php. All four had Apache2 updates. None of them had the problem you described (or any problems). The fifth is stock Ubuntu 12.04.1 LTS (and didn't have Apache updates). 

As Tom said, don't do auto-updates - you must have control, you must be on hand to handle something going wrong.

But unlike Tom, I say there is nothing wrong with running Apache2. Seriously, it still has 60% of the market[1] for a reason.


Mike
--
Mike Little
http://zed1.com/

Richard Ibbotson

unread,
Nov 9, 2012, 5:19:11 AM11/9/12
to manchester-word...@googlegroups.com

On Friday 09 November 2012 09:55:11 Mike Little wrote:

> On 9 November 2012 08:53, John Logsdon <j.logsdon@quantex-

> As Tom said, don't do auto-updates - you must have control, you must

> be on hand to handle something going wrong.

>

> But unlike Tom, I say there is nothing wrong with running Apache2.

> Seriously, it still has 60% of the market[1] for a reason.

 

Yep.. can't argue with that. I ran 10.04 for years on my home box and some others. Now running 12.04 which had an Apache update last night. Sometimes I've used Debian and or CentOS or Scientific Linux which is more up to date than CentOS.

 

I don't like auto update on web servers. Like shooting your own foot off.

 

http://sleepypenguin.homelinux.org/

http://sleepypenguin.homelinux.org/blog/

 

--

Richard

 

https://twitter.com/SleepyPenguin1

 

John Logsdon

unread,
Nov 9, 2012, 5:57:16 AM11/9/12
to manchester-word...@googlegroups.com, Mailing list for WPUK
I've switched non-security updates off for now...

There are some updates that leave things as chmod 000. These are things like
apt-get and logrotate. I don't know why webmin does this.

To answer Mike's question, I do have an unusual setup but AFAIK it is
entirely 'legal'. I suspect there is a permissions assumption somewhere in
webmin. Perhaps I should stop using it completely and cron the updates
manually but it is quite a useful tool

[I used Scientific Linux in the past and the thing I particularly liked about
it was that CERN or Los Alamos would seriously test the compilers and other
tools, unlike RH or CentOS which just repackaged the RH offering. This was
particularly important to me although I also used the Intel Fortran compiler
which is excellent. Fortran? Anyone?]

Richard Ibbotson

unread,
Nov 9, 2012, 6:31:22 AM11/9/12
to manchester-word...@googlegroups.com

On Friday 09 November 2012 10:57:16 John Logsdon wrote:

> There are some updates that leave things as chmod 000. These are

> things like apt-get and logrotate. I don't know why webmin does

> this.

 

Webmin was put down as a major security risk a long time ago. I switched to SSH. At least you know it's reasonably secure.

> To answer Mike's question, I do have an unusual setup but AFAIK it

> is entirely 'legal'. I suspect there is a permissions assumption

> somewhere in webmin. Perhaps I should stop using it completely and

> cron the updates manually but it is quite a useful tool

 

Hmm.. . don't like to shove people but I'd drop it.

 

> [I used Scientific Linux in the past and the thing I particularly

> liked about it was that CERN or Los Alamos would seriously test the

> compilers and other tools, unlike RH or CentOS which just

> repackaged the RH offering. This was particularly important to me

> although I also used the Intel Fortran compiler which is excellent.

> Fortran? Anyone?]

 

Fortran. Yes. Was involved in the early stages but given up in recent years. MonoGame. MonoDevelop. I'm on the Fermilab list and been to Fermilab a few times. Nice crowd of people. Sci Linux seems to produce a reliable web server. Up to date.

 

--

Richard

 

https://twitter.com/SleepyPenguin1

John Logsdon

unread,
Nov 9, 2012, 7:38:34 AM11/9/12
to manchester-word...@googlegroups.com
Richard

You're right - Fermilab not Los Alamos!

?SSH Presumably you mean SHH?

I thought the security issues had been fixed with webmin but perhaps I should
move. There is nothing tied to webmin anyway.

There are a number of reports of false positives and problems with SHH
according to a Google search.

What other updaters do people run - or do people just cron apt-get -d upgrade?

Richard Ibbotson

unread,
Nov 9, 2012, 8:14:10 AM11/9/12
to manchester-word...@googlegroups.com

John

 

> You're right - Fermilab not Los Alamos!

 

Yes. Los Alamos was Richard Stallman. Spent a lot of time talking to him about it. Not everyone would want to do that.

 

> ?SSH Presumably you mean SHH?

 

Yep.. secure shell.. http://en.wikipedia.org/wiki/Secure_Shell - the standard tool for system administration.

> I thought the security issues had been fixed with webmin but perhaps

> I should move. There is nothing tied to webmin anyway.

 

Problem is... that ... every year or two it's fixed and then about six or twelve months later it comes back again. Bit like malware on winduhs servers. On my Ubuntu server I use HAVP which scans for anything nasty.

 

> There are a number of reports of false positives and problems with

> SHH according to a Google search.

 

Install fail2ban or denyhosts. It's not 100% reliable but at least it takes care of the script kiddies.

> What other updaters do people run - or do people just cron apt-get

> -d upgrade?

 

<shrug> I just do 'smart update' 'smart upgrade' (apt-get install smartpm) or 'apt-get update' 'apt-get upgrade' for 60 seconds a week. Reboot after upgrade ? No reboot on GNU/Linux or BSD web servers. 60 seconds of hard slog and walk away. Time to go out for a walk afterwards in the sun :)

 

--

Richard

 

https://twitter.com/SleepyPenguin1

Mike Little

unread,
Nov 9, 2012, 10:55:55 AM11/9/12
to manchester-word...@googlegroups.com
On 9 November 2012 13:14, Richard Ibbotson <richard....@googlemail.com> wrote:

Yep.. secure shell.. http://en.wikipedia.org/wiki/Secure_Shell - the standard tool for system administration.


Yeah SSH (with keys for password-less login -- from my machine) is the only way to do server administration! ;-)

 

> I thought the security issues had been fixed with webmin but perhaps

> I should move. There is nothing tied to webmin anyway.

 


I use virtualmin (which includes webmin and usermin) and haven't seen any problems, although I don't think any of my hosted clients actually ever log in to webmin. They do everything through the WordPress admin panel (I only host WordPress), with the odd one doing a little ftp.
 

Problem is... that ... every year or two it's fixed and then about six or twelve months later it comes back again. Bit like malware on winduhs servers. On my Ubuntu server I use HAVP which scans for anything nasty.

 



 

 

Install fail2ban or denyhosts. It's not 100% reliable but at least it takes care of the script kiddies.

> What other updaters do people run - or do people just cron apt-get

> -d upgrade?



I have csf/lfd [1] installed on all my server to control the firewall/iptables, watch for login attempts, suspicious processes, file modifications, etc.


  

<shrug> I just do 'smart update' 'smart upgrade' (apt-get install smartpm) or 'apt-get update' 'apt-get upgrade' for 60 seconds a week. Reboot after upgrade ? No reboot on GNU/Linux or BSD web servers. 60 seconds of hard slog and walk away. Time to go out for a walk afterwards in the sun :)



I login (ssh) once a day to all five servers and run 
    sudo apt-get update && sudo apt-get dist-upgrade
which then requires me to make the decision whether to run the upgrade or not.

It also means that when I get an email alert a few minutes later to say some system file got modified (from csf mentioned above) I can confidently match it with the files I know I just updated.

I also take the opportunity to update all the WordPress installs while I'm there too (via the command line)

Mike
--
Mike Little
http://zed1.com/


Reply all
Reply to author
Forward
0 new messages