litespeed hacked?

Discussion in 'General' started by Nokki, Jun 13, 2010.

  1. AndrewT

    AndrewT Member

    Now the notifications are telling us to upgrade to 4.0.15 when we already have ;)
  2. MikeDVB

    MikeDVB New Member

    I believe George released an updated 4.0.15 :)
  3. robfrew

    robfrew New Member

    Please inform when 4.1RC build with fix is released, thank you.
  4. mistwang

    mistwang LiteSpeed Staff

    4.1RC3 build is available for download, just change the version number in the download link. Also 4.1RC2 package has been updated as well, just in case serious bug introduced in 4.1RC3.
    We still have some features to be added to 4.1RC3, so it is not final yet.
  5. robfrew

    robfrew New Member

    Tried using RC3 and after install and restart, received 503 errors immediately.
  6. mistwang

    mistwang LiteSpeed Staff

    503 error from PHP script or something else?
    Can you send me the log file for analysis?
  7. robfrew

    robfrew New Member

    Not sure, I couldn't get into the admin panel and all the sites had 503 errors so I re-installed the patched RC2.
    Last edited: Jun 16, 2010
  8. robfrew

    robfrew New Member

    I just tried accessing the control panel from RC2 and I cannot, I get this error message now:

  9. robfrew

    robfrew New Member

    Looked at error log file and saw this after installing RC3:

    Code:
    2010-06-16 07:34:36.586 [ERROR] execve() failed with errno=14, when try to start Fast CGI application: /opt/lsws/bin/httpd -n 20!
    Cannot find why RC2 will not allow me to get into the Control Panel.
    Last edited: Jun 16, 2010
  10. robfrew

    robfrew New Member

    It looks like I cannot get into any secure (https) areas of any website running the patched RC2. That is why I cannot get into the control panel because it resides on a secure setup. I had to load the original RC2 to get my secure sites to work again.
  11. robfrew

    robfrew New Member

    Any updates or fixes for this yet?
  12. mistwang

    mistwang LiteSpeed Staff

    Have updated RC2 to address the https issue.
    which edition are you using? i386 or x86_64? want to address the issue with 4.1RC3
  13. robfrew

    robfrew New Member

    We are using x86_64.
  14. robfrew

    robfrew New Member

    Looking forward to RC3.
  15. luky

    luky New Member

    This filter do not work for 4.0.10
    screenshot from admin panel Request Filter
    grab.by/grabs/6082dddb30bf07cfe7fb187fe2e721de.png
  16. NiteWave

    NiteWave Administrator

    best to upgrade to 4.0.15
  17. luky

    luky New Member

    ;) I know, but it has turned out to force to work for me
  18. J.T.

    J.T. New Member

    Couple of questions regarding this.

    1. How can we check whether the server may have already been compromised before upgrading or applying the mod sec rule?

    2. If we don't log in to the LSWS admin UI we wouldn't know there's an update. Even if we did, it doesn't exactly highlight the update as urgent/crucial. Some updates recently were just for some control panel integration so I waited on those. It would be really handy if there was an RSS feed to monitor this type of news (without having to subscribe to every forum thread, then filter them). I don't see a feed on the news items, which would have been perfect. Can you please consider this point and let us know how best to be fed updates?

Share This Page