Lately, I moved Geek Flare from Shared Hosting to DigitalOcean on CentOS 6.6, and it was all ok till I received “High-risk vulnerabilities” detected alert from Scan My Server.
In CentOS 6.x when you install php-fpm, you will get 5.3 by default, which is considered high risk as an unsupported version.
If you are still running 5.3 PHP-FPM, you must consider upgrading to latest version 5.6. Here is how I did and you can too.
As a best practice, you must take a backup of entire PHP and if possible perform this upgrade in non-production first to ensure no side effects on the application due to a higher version.
PHP-FPM 5.6 Installation/Upgrade Procedure
- Login into CentOS with root
- Execute following commands
# rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm # rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm # cd /etc/yum.repos.d # curl -O http://rpms.famillecollet.com/enterprise/remi.repo # yum install php-fpm php php-devel -y --enablerepo=remi-php56
If you need to install additional PHP-Modules like mbstring, mcrypt, soap,apc then you can use following.
# yum install php-mbstring php-mcrypt php-soap php-apc -y --enablerepo=remi-php56 # yum install gd-last --enablerepo=remi # yum groupinstall "PHP Support" --enablerepo=remi-php56 –y
By doing above, you will have PHP-FPM latest version 5.6 installed.
Verify PHP-FPM version
[[email protected] yum.repos.d]# /usr/sbin/php-fpm -version PHP 5.6.12 (fpm-fcgi) (built: Aug 6 2015 17:15:15) Copyright (c) 1997-2015 The PHP Group Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies [[email protected] yum.repos.d]#
So as you can see, now I have supported PHP version, which is secure and safe.
Once you have PHP upgraded version, you can also check your website for security vulnerabilities from these tools.
