@Panda if just seems bizarre practice to me. They clearly state that cPanel comes with the package, yet don’t seem to offer it unless you complain it’s missing!
httpd down due to enabling php zip extension
-
@ash3t if you’ve enabled the extension by cPanel then this should work without issue, and certainly won’t cause websites to go down as a result. However, what may be the case is a change of PHP version.
Sometimes, inadvertently selecting this can mean the default PHP extensions are enabled and not the ones that you require for your website to function. I’ve seen this happen several times in cPanel and it’s a known problem.
-
@phenomlab Thanks for sharing your past experience. Do you mean that change the PHP version would cause one website to go down? However, it won’t cause the whole server’s httpd to go down, right?
The things is that since after installing the ZIP extension, the httpd was down, and without finding the cause, it is a bit worrisome to enabled the ZIP again. Since it is not just causing one website to go down, but all the websites that sharing the same IP.
-
@ash3t said in httpd down due to enabling php zip extension:
Do you mean that change the PHP version would cause one website to go down? However, it won’t cause the whole server’s httpd to go down, right?
Potentially, but this depends on what each website relies on in terms of topology. Can you provide more detail as to what technologies (such as WordPress etc) are running on these sites ?
@ash3t said in httpd down due to enabling php zip extension:
The things is that since after installing the ZIP extension, the httpd was down, and without finding the cause, it is a bit worrisome to enabled the ZIP again. Since it is not just causing one website to go down, but all the websites that sharing the same IP.
So does the issue resolve itself when you remove the zip PHP extension ?
-
@phenomlab Unfortunately, I cannot provide more details. It my friend’s server, and as I know, it has run many small website. I image most of them would be using WordPress, if not, then just static html.
“So does the issue resolve itself when you remove the zip PHP extension ?”
As far as I know, since there is no error messages, we don’t know the issue yet. I believe the server is up and running now.My friend suspected that some malware stored in zip were pushed into our server and extracted afterwards. The situation is : The symptoms were the server ran so fast due to high CPU load and busy to deal with heavy connections.
Is there a way to run any security checks for this situation?
-
@ash3t that doesn’t sound symptomatic of malware, but is heavily aligned to DDoS (Distributed Denial of Service) which is where the target machine receives thousands of connection requests per second and it’s overwhelmed meaning real visitors and sites cannot be served.
Without any specific monitoring in place, it’s going to be very difficult to determine the exact cause. There are numerous tools that can scan for malicious activity - although much of this depends on the back end technology being used (cPanel, Plesk etc). One of the best products around for protection is imunify360.
https://bobcares.com/blog/install-imunify360-cpanel/
It’s not free, but worth every penny.
-
@phenomlab Thanks, that’s a relief. I have checked with my friend, the server already has ddos protection.
For now, it seems that we cannot find a clue about it. What would you suggest that we should keep an eye on as we are thinking about enabling the zip extension again.
-
@ash3t my personal preference here would be to have some form of monitoring - something like SNMP counters using a product such as cacti, LibreNMS, or observium (I have extensive experience with these).
Taking this route in terms of monitoring means you can draw some form of parallel with a specific time and function. In terms of malware protection, imunify360 really is difficult to beat.
The only real issue with SNMP is that the community needs to be secured adequately to prevent abuse from external sources. For example, it’s possible to execute commands on a read and write community with a weak community string. For this reason, you’d close read only and restrict the accessing hosts to trusted IP addresses only.
-
@phenomlab Thanks for your suggestion! As far as I know, my friend got a monitoring system now.
-
@ash3t Good news. Thanks.
-
@ash3t I’m going to mark this as solved for the time being. Let me know if this isn’t the case, or if you need any further help.
-
-
Did this solution help you?
Related Topics
-
-
-
VPS Provider
Solved Hosting -
-
-
-
-