Lately, I moved Geek Flare from Shared Hosting to DigitalOcean on CentOS 6.6, and it was all ok till I received “High-risk vulnerabilities” detected alert from Scan My Server.

high-risk-phpfpm

In CentOS 6.x when you install php-fpm, you will get 5.3 by default, which is considered high risk as an unsupported version.

unsupported-php

If you are still running 5.3 PHP-FPM, you must consider upgrading to latest version 5.6. Here is how I did and you can too.

As a best practice, you must take a backup of entire PHP and if possible perform this upgrade in non-production first to ensure no side effects on the application due to a higher version.

PHP-FPM 5.6 Installation/Upgrade Procedure

  • Login into CentOS with root
  • Execute following commands
# rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm
# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
# cd /etc/yum.repos.d
# curl -O http://rpms.famillecollet.com/enterprise/remi.repo
# yum install php-fpm php php-devel -y --enablerepo=remi-php56

If you need to install additional PHP-Modules like mbstring, mcrypt, soap,apc then you can use following.

# yum install php-mbstring php-mcrypt php-soap php-apc -y --enablerepo=remi-php56
# yum install gd-last --enablerepo=remi
# yum groupinstall "PHP Support" --enablerepo=remi-php56 –y

By doing above, you will have PHP-FPM latest version 5.6 installed.

Verify PHP-FPM version

[[email protected] yum.repos.d]# /usr/sbin/php-fpm -version
PHP 5.6.12 (fpm-fcgi) (built: Aug 6 2015 17:15:15)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies
[[email protected] yum.repos.d]#

So as you can see, now I have supported PHP version, which is secure and safe.

Once you have PHP upgraded version, you can also check your website for security vulnerabilities from these tools.