Security Update: Secure and Update your PHP
In order to reduce security vulnerability, it is crucial to protect PHP and maintain your PHP version current. Therefore, the security upgrades that we advise you to implement are as follows:
1. Install and configure ModSecurity
An open source intrusion detection and prevention engine for web applications is called ModSecurity. In other words, ModSecurity’s function as an Apache Web server module is to improve web application security and defend against both known and undiscovered threats.
Step of installation for ModSecurity:
1) Firstly, Download yum repo and install the ModSecurity using yum.
#wget -q -O –| sh
#yum install mod_security
2) Then, Download apply the ModSecurity rules.
#cd/etc/httpd/modsecurity.d && wget
#tar –xvvzf modsec-2.5-free-latest.tar.gz
3) Next, Remove unwanted rules.
#cd/etc/httpd/modsecurity.d && rm -Rf 00_asl_rbl.conf 00_asl_whitelist.conf
4) Lastly, Restart apache service.
2. Install PHP HardenedPHP patch
In order to safeguard your servers from a variety of widely known problems with PHP applications, the hardenedPHP patch adds security hardening features to PHP. Additionally, it protects the servers from unforeseen vulnerabilities that might exist in those apps or even in the core of PHP.
3. Keep Your Plesk Version and Application Version Up to Date
** NOTE: mod_security and Suhosin were not fully tested with Plesk Sitebuilder. Therefore, if you are using Plesk Sitebuilder, it is recommended to disable mod_security and Suhosin on the publishing server.
Installation steps for Suhosin:
1) Firstly, Download suhosin and install it.
#make && make install
2) Secondly, Add a load directive to php.ini.
3) Then, Restart apache service.
<< PLESK Users >>
Mod_security and Suhosin were not fully tested with Plesk Sitebuilder. In addition, if you are using Plesk Sitebuilder, it is recommended to disable mod_security and Suhosin on the publishing server.
<< CPANEL/WHM Users >>
For server pre-installed with cPanel, you will only need to enable the ModSecurity module and Suhosin module from the EasyApache and recompile the Apache.