ISPConfig 3 - Upgrade Apache?

Discussion in 'Installation/Configuration' started by iceget, Nov 19, 2013.

  1. iceget

    iceget Member

    Hello Community,

    i have the current ISPConfig 3 Installation up and running.
    Because i have many Problems with files they are created on the
    root of many Webpages (but not shown in logs) i have tested
    in Debian wheezy.

    now i have tested the Apache webserver with backtrack 5 rc3, and it seem the files came into the filesystem due an hacked Apache webserver.

    now my question: how i can update the Apache to the newest Version?

    can you help me?

    thanks!

    many greets, iceget
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Just keep your system up to date by running:

    apt-get update
    apt-get upgrade

    regularily on your server. If there is a issue in apache or any other system package, the debian maintainer will fix it and the update will be available by apt.
     
  3. iceget

    iceget Member

    Hello Till,

    thank you very much!

    Is this possible that if we runs current Squeeze With Apache 2.2.16 that this Webserver is hackable?

    we have 4 .sh files in the root of a Directory (which called from cron.d * * * * /var/WWW/update) over night. but no logs in xferlog, no logs in Apache log, or System log...

    only port 80 is on this System open (Firewall), ... but how can hackers or legend bots insert into filesystem?

    thank you!

    many greets
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Its possible off course, but I dont think that it is very likely that apache is the problem here. Which user owns these files that were added to your server and which user owns the file in cron.d ?
     
  5. iceget

    iceget Member

    Hello Till,

    thanks for your answer.

    I think i have another Problem!

    My last two questions:

    1) I will install the mod_security, can i do that (for ispconfig 3) with this tutorial:
    http://www.faqforge.com/linux/apache-mod-security-installation-on-debian-6-0-squeeze/. your tutorial is from year 2006/2007

    2) what is the best way to upgrade form squeeze do wheezy?

    should i install a fresh machine, or can i upgrade the Server?

    thanks

    many greets, markus
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    1) If you will upgrade to wheezy anyway, then you should wiat with the mod security install. then use this gudie after the update: http://www.linuxquestions.org/quest...0/howto-set-up-modsecurity-on-debian-7-35569/

    mine is a bit outdated, have to write a new one for wheezy :)

    2) A update to wheezy should work. I did it on several servers already.

    I used this guide from Falko:

    http://www.howtoforge.com/how-to-upgrade-debian-squeeze-to-wheezy

    It works fine, as long as you dont use a mysql version from external dotdeb repository. the dotdeb mysql from squeeze conflicts with a new whezy package.

    After the update, it is a good idea to rerun a ispconfig update and let the ispconfig updater reconfigure the services.
     

Share This Page