PHP errors after removing suphp for default Custombuild 2 install

Roberto

Roberto

Verified User
Joined
Apr 6, 2013
Messages
127
Location
London
I wanted to upgrade my version of php from 5.3 to 5.6. In addition, I was previously using suPhp, and decided to mod_php+mod_ruid2 over suPhp.

The method I used was to completely reinstall everything using these Custombuild 2 instructions:

http://help.directadmin.com/item.php?id=555

(Note - I altered the options.conf file to enable zend, ioncube, suhosin, mod_ruid2.)

Afterwards, I checked PHP version:-

Code: 
# php -v
PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20131226/php_curl.dll' - /usr/local/lib/php/extensions/no-debug-non-zts-20131226/php_curl.dll: cannot open shared object file: No such file or directory in Unknown on line 0
PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20131226/php_fileinfo.dll' - /usr/local/lib/php/extensions/no-debug-non-zts-20131226/php_fileinfo.dll: cannot open shared object file: No such file or directory in Unknown on line 0
PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20131226/php_gd2.dll' - /usr/local/lib/php/extensions/no-debug-non-zts-20131226/php_gd2.dll: cannot open shared object file: No such file or directory in Unknown on line 0
PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20131226/php_gettext.dll' - /usr/local/lib/php/extensions/no-debug-non-zts-20131226/php_gettext.dll: cannot open shared object file: No such file or directory in Unknown on line 0
PHP 5.6.11 (cli) (built: Jul 23 2015 13:20:58)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies
    with the ionCube PHP Loader v4.7.5, Copyright (c) 2002-2014, by ionCube Ltd.

As you can see above, several libraries I previously enabled (curl, php_gd2, fileinfo) now do not appear to be loading.

Can anyone kindly suggest where I've gone wrong here? I checked the file /usr/local/lib/php.ini but can;t see anything pointing to the referenced directory "no-debug-non-zts-20131226".

themadguru
 
Hello,

*.dll is MS Windows extension
*.so is Linux/Unix extension


By the way: GD, Curl are basic extensions which are built in PHP with Custombuild.
 
Thanks zEitEr

The server is Centos 6 VPS, and has been running for a couple of years now. I don't remember entering any references to .dll myself, I only uncommented out certain lines before, which did not bring up any PHP errors of this nature.

Following your suggestion above, I've taken a look at the file /usr/local/lib/php.ini to look at the lines referring to the extensions:-


Code: 
;extension=php_bz2.dll
extension=php_curl.dll
extension=php_fileinfo.dll
extension=php_gd2.dll
extension=php_gettext.dll
;extension=php_gmp.dll
;extension=php_intl.dll
;extension=php_imap.dll
;extension=php_interbase.dll
;extension=php_ldap.dll
;extension=php_mbstring.dll
;extension=php_exif.dll      ; Must be after mbstring as it depends on it
;extension=php_mysql.dll
;extension=php_mysqli.dll
;extension=php_oci8.dll      ; Use with Oracle 10gR2 Instant Client
;extension=php_oci8_11g.dll  ; Use with Oracle 11gR2 Instant Client
;extension=php_openssl.dll
;extension=php_pdo_firebird.dll
;extension=php_pdo_mssql.dll
;extension=php_pdo_mysql.dll
;extension=php_pdo_oci.dll
;extension=php_pdo_odbc.dll
;extension=php_pdo_pgsql.dll
;extension=php_pdo_sqlite.dll

Yes .dll is indeed in there, but I can't remember putting in any of those lines. I just uncommented certain ones. How can I get Custombuild2 to completely reinstall PHP/Apache and wipe any configuration files that contain erroneous lines like this? I thought that was what I was doing.
 
Last edited:
Yes, there is a way:

Code: 
cd /usr/local/directadmin/custombuild
./build update
./build set [B]php_ini  yes
./build php_ini
./build secure_php
./build rewrite_confs
[/B]
 
Thanks, that seems to have worked:-

Code: 
# php -v
PHP 5.6.11 (cli) (built: Jul 23 2015 14:33:10)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies
    with the ionCube PHP Loader (enabled) + Intrusion Protection from ioncube24.com (unconfigured) v5.0.12, Copyright (c) 2002-2015, by ionCube Ltd.
    with Zend Guard Loader v3.3, Copyright (c) 1998-2014, by Zend Technologies
    with Suhosin v0.9.37.1, Copyright (c) 2007-2014, by SektionEins GmbH

I'm now going to upload a php.info file to see if all the extensions/libraries I need exist. However, I notice that ioncube is "unconfigured" in the above. I'll do a search for instructions on that next.

Many thanks!
 
Intrusion Protection from ioncube24.com is disabled by default. You need to enable it if you want to use it.

From your list you might need to install fileinfo extra.
 
Thanks

From my phpinfo.php output in browser, fileinfo, gettext, gd & curl support seems to be enabled already. Now researching how to enable ioncube.

I followed these instructions:-

http://help.directadmin.com/item.php?id=395

but as before php -v states it was already enabled but unconfigured. No reference to ioncube in an uncommented line in /usr/local/lib/php.ini. Can't find any help files stating how to turn it on.


Then I checked the directory /usr/local/lib/ and saw multiple versions of ioncube. I then try and enable the one called ioncube_loader_lin_5.6.so.

I edited /usr/local/lib/php.ini and inserted the following line at the end:-

zend_extension=/usr/local/lib/ioncube_loader_lin_5.6.so

Now I get the following output

Code: 
# php -v
PHP Warning:  Module 'ionCube Loader' already loaded in Unknown on line 0
The ionCube PHP Loader is disabled because of startup problems.
Segmentation fault

I'll remove the additional line I inserted now, but see no other instructions to enable ioncube. The instructions on the URL above don't describe how to turn it on, only how to install it - it seems.


*** EDIT *** sorry correction, ioncube is enabled... it says "with the ionCube PHP Loader (enabled) + Intrusion Protection from ioncube24.com (unconfigured)". Configurnig Intrusion Protection is what i need to reasearch next, not enabling ioncube it seems.
 
Last edited:
You stated earlier "Intrusion Protection from ioncube24.com is disabled by default. You need to enable it if you want to use it."

Can't find anything more on how to enable it, it remains unconfigured.... Maybe I should just ignore the references to "unconfigured" in reference to Intrusion Protection from ioncube24.com and it still works?
 
Last edited:
Many thanks for all the help Alex!

I edited php.ini and at the end added the line

ic24.enable = 1

Then I got this output:-

Code: 
# php -v
IC24: ionCube24 is enabled but no access key is set. Please see the server setup instructions at ioncube24.com or set 'ic24.enable = 0' in the php.ini file to disable ionCube24 for now.
PHP Fatal error:  IC24: ionCube24 is enabled but no access key is set. Please see the server setup instructions at ioncube24.com or set 'ic24.enable = 0' in the php.ini file to disable ionCube24 for now. in Unknown on line 0

Getting further requires me to setup an account with ioncube24.com and installing the Manager Script on the server webroot.

It's late here, so will return to this tomorrow with further updates, in case I/we can help anyone else.

Thanks
themadguru
 
You're welcome. Please note you still can use ionCube and benefit from using it without ioncube24. ionCube 24 is a new feature:

Introduction

Adding ionCube24 real-time intrusion protection to your website is easy, and consists of installing two components: a PHP script, and the ionCube Loader that safeguards your website. In the first step you will install the ionCube24 PHP script for your domain.


- How does ionCube 24 work?

The core of ionCube 24 is the ionCube Loader, a widely used extension to PHP for processing secured PHP code. Before executing each file, PHP asks the Loader whether the file should be processed or not, and the Loader uses its knowledge of which files are trusted to decide. The Loader is able to efficiently detect if a file has changed and if a file is new. With ionCube 24 enabled, the Loader also notes whether or not a known file has been secured by the ionCube PHP Encoder, and improves efficiency by avoiding testing of the file every time.


- If my site has an unknown vulnerability, can ionCube 24 still protect it?

Yes! ionCube 24 does not need a list of known vulnerabilities to be effective. It works by blocking attemptsto execute files that have changed and files that are unknown. No matter how a hacker manages to inject PHP code into your site, it can be blocked when they try to run it.


- My server is shared without root access. Can I benefit from ionCube 24?

Yes! Provided that your operating system is supported and you can install the latest ionCube Loader, you should be able to use ionCube 24. If you have problems getting setup or your system is not supported, please contact us so we can assist.


- How can I know if a problem was detected?

The ionCube 24 Loader notifies our servers immediately that a file on your site is blocked. From there,an alert email can be sent to you. The ionCube 24 control panel also responds to real-time events, and will update automaticallyif you are logged in. Alerts can be acknowledged, but if they are not, the system can send reminders. The alerting system can becustomised to suit your needs as required.


- Will ionCube 24 slow down my website?

Our performance tests have not shown any impact, and if your site already uses the ionCube Loader then enabling ionCube 24 may actually improve performance. This is because ionCube 24 eliminates the need for the Loader to check whether a file has been secured by the ionCube PHP Encoder every time it is accessed.


- My web server is not accessible from the Internet. Can I still use ionCube 24?

Not currently because our servers must communicate with your web server when you make configuration changes. However, if you can permission access to port 80 for our IP addresses, and if your server can connect back to our servers, it could be used.


- How should I allow my trusted website files?

There are several mechanisms for this.



  1. Trustpoint
    The Trustpoint is the point in time before which your site is known to have files that are trusted. You can set the Trustpoint to the current time, or any time past or in the future. Files detected as changed after this time will be blocked.
  2. File Exclusion Key
    The file exclusion key is a key unique to each server. If the key appears on the first line of a PHP file, e.g. as a comment, that file will be automatically trusted. The Trustpoint is likely to be more convenient for existing files, but the exclusion key can be useful to permission dynamically created or updated files by code that is itself trusted.
  3. ic24.sec.approve_included_files INI entry (off by default)
    If the ic24.sec.approve_included_files INI entry is set to 1, files that are included will be automatically trusted. Dynamically created files are likely to be included by other PHP files rather than intended to be accessed directly, and this setting can be useful to permission these. Though this setting is very permissive, files created by an unrestricted file upload vulnerability are most likely to be accessed directly rather than be included, and so will still be blocked. Any uploaded files are also blocked if the INI setting ic24.sec.block_uploaded_files is on (which it is by default) if they are processed in the official PHP way.
  4. Add Trusted Files
    Through the web interface, directories of your server can be scanned for files to be trusted, e.g. files ending with .php.


- What do I do when I want to update my website?

One approach is first to set the Trustpoint a little way into the future, say by 5 minutes, and then update the files onyour website; provided that the files are changed before the new Trustpoint time, they should be permitted to run. Once updated, you caneasily set the Trustpoint to the current time so that there is no window of opportunity for an attacker.


If you have set ic24.sec.approve_included_files to 1 (see the previous question), and if the change files are only include files, then you can justupdate the files and they new versions will not be blocked. The exclusion key can also be used to permission files, and you can also add sets of filesto be trusted via the web interface.


- The web interface has stopped working or reports errors. Why?

Your session may have expired. Logging out and in again should resolve. This behaviour will change in a future update.

https://ioncube24.com/help/faq
 
You must log in or register to reply here.
Back
Top