Blank Pages when Updating

spudatron · May 31, 2015, 08:02:34 AM

Hi,

I haven't updated my installation since I originally installed it but it got hacked recently so I want to upgrade it now to plug any security holes.

Current Installation:

HostBill 2.5
Linux 2.6.32-5-amd64
Debian 6.0.10
Plesk 12.0.18 Update #48
PHP Version 5.3.3-7+squeeze19
MYSQL 5.1.73
ionCube Loader 4.6 (I used the ionCube wizard and it states "Installed and encoded files should run without problems.")

My server meets all the minimum requirements as far as I can see.

The older version 2.5 works fine but is not secure. I have tried updating the existing installation as well as create a new installation but when I access the install folder from the browser I just get a blank page, no errors.

To troubleshoot I setup the installation on my localhost using XAMPP and this worked, it displayed the install / upgrade page. I've compared both installs and they are nearly identical with exception of XAMPP running later versions of PHP, MySQL and ionCube.

Local Installation:

HostBill - May 2015
Mac OS X 10.10.3
XAMPP 1.8.3
PHP Version 5.5.1
MYSQL 5.6.12 (Database client version: libmysql - mysqlnd 5.0.11-dev)
ionCube Loader 5.0.7

The fact there are no errors has me stuck, has anyone had experience with this?

hbillclient · May 31, 2015, 09:23:08 AM

Hi,

The latest version of HB requires the latest ioncube loaders so, I would suggest you to first upgrade your ioncube files and then try re-install/upgrade. Just in case make sure to take backups of your files & databases before proceeding.

Thanks.

spudatron · May 31, 2015, 12:20:37 PM

Hi,

You don't know the minimum ionCube version requirement is do you for Hostbill?

The loader wizard I used said my server was up to date.

The loader wizard is telling me the correct loader for my PHP version is /var/www/vhosts/domain.com/httpdocs/ioncube/ioncube_loader_lin_5.3.so.

I've tried changing the loader using this walkthrough https://www.howtoforge.com/install-ioncube-loader-for-all-php-modes-cli-cgi-fcgi-and-fpm-on-debian-wheezy which didn't work, its ignored.

It seems to be controlled from here /etc/php5/conf.d/00-ioncube-loader-5.3.ini and when I manually change this it just breaks.

I'd settle for a more update version of Hostbill that is more secure until my server configuration can be updated to support the latest version.

hbillclient · June 01, 2015, 12:12:37 AM

Hi,

"You don't know the minimum ionCube version requirement is do you for Hostbill?"

Is that a question or a sarcastic comment? If it is the later than I am disappointed that you don't seem to appreciate the people trying to help you out. Please remember this is a community support so, try to avoid such comments.

Thanks.

d4f · June 01, 2015, 04:30:09 AM

The Service-pack release of Hostbill requires PHP 5.4 with the corresponding Ioncube loader.

I consider it rather grossly negligent to not keep a billing system and it's hosting environment in top shape. Note that every single component of your system is EOL (end of life)!
- PHP 5.3 : EOL since August 2014
- Debian 6: EOL since May 2014*
- Mysql 5.1: EOL since December 2013

*unless you changed APT to squeeze-lts and only use LTS-supported packages. I somehow doubt both.

If you want to keep using archaic software wih minimum maintenance, you should use a Redhat-derivative. Debian moves slowly but much quicker than your upgrade intervals.

spudatron · June 01, 2015, 10:44:25 AM

Hi folks,

Thanks for the responses.

hbillclient:
That wasn't a sarcastic comment no, not sure why you thought it was. I checked the Hostbill wiki and it doesn't state a min required version of ionCube Loader so I was asking since the version I had (4.6) installed wasn't working with the new version of Hostbill.

d4f:
Your right I should have kept it up to date but I haven't really used it for billing of web hosting service on a large scale in a very long time. I use it just more as an invoice subscription tool at the moment and a small group of hosting clients.

The setup on my server is the image that was supplied to me when I signed up. I keep it up to date via apt-get and it always states I have the latest versions of components but I'm not sure if I can't upgrade Debian etc. to the newest version because of the Plesk installation.

d4f · June 01, 2015, 03:16:59 PM

QuoteThat wasn't a sarcastic comment no, not sure why you thought it was

Ah, the intricate differences in natural languages. Essentially you used a sentence structure that strongly suggested that hbillclient is stupid for not reading the software requirements.
I know, you didn't mean to, however the "you do"/"do you"combination is usually reserved for saying someone is a moron.

"You don't know how to read, do you?"

Quotebut I haven't really used it for billing of web hosting service on a large scale in a very long time.

Unfortunately scale doesn't matter - the botnets and attack software are fully automated and keep scanning all internet-connected systems for weaknesses. I've monitored SSH brute force attempts on newly activated servers on IP addresses that have been asleep for weeks. It took _40 seconds_ for the first SSH login attempt to come! After months of "No route to host"!!!

QuoteI'm not sure if I can't upgrade Debian etc. to the newest version because of the Plesk installation.

You can, but a lot of things can (and will) go wrong.There is excellent documentation on that subject. If you are not familiar with server maintenance you should get someone to do it for you or opt for managed hosting though, I would recommend cPanel hosting.

spudatron · June 01, 2015, 04:43:32 PM

Hey d4f,

Thanks for the reply and clarifications, grammar was never my strong suit, better with maths and science really.

I took it for granted that the software wasn't really in use but lately looking after my server seems to be more hassle than I have time for. The popular scripts customers have installed on their server are really susceptible to attacks if not kept up to date.

I looked into upgrading my server there and found out that Plesk 12.1 allows Debian to have multiple version of PHP installed, at moment I have 12.0.18 so I will have to wait as I think I am better off not messing with the installation to much, it will end up being more work like you said as things are likely to go wrong.

Thanks again for the responses, much appreciated.

hbillclient · June 01, 2015, 10:14:18 PM

Hi guys,

No issues spudatron and I am glad you didn't mean to say anything sarcastic.

And thanks d4f for explaining the 'sarcastic comment' thing.

I do agree with d4f and the fact that your installation got recently hacked suggests you need to be proactive in getting your server upgraded & secured as soon as possible. An outdated server with outdated installations - doesn't seem right, and with the number of possible security loop holes it might present itself to potential botnets/hackers is in itself a scary situation.

As d4f suggests, if you do not have the expertise to do it yourself then either get someone who has experience with such things or opt for managed hosting.

Anyway good luck and hope you get it right.

Thanks.