Here are a few articles that mention it:

The End of PHP 4

You can set the handler for the site using a .htaccess file in the domains webroot with the following contents:
AddHandler application/x-httpd-php4 .php .php4 .php3

A recent Percona upgrade caused problems with PHP on some cPanel servers. The name of the libmysqlclient library was changed without keeping a symlink to the original name, which caused PHP to throw errors, and EasyApache not compiling successfully.

Running php -v will show it…

php -v
php: error while loading shared libraries: cannot open shared object file: No such file or directory

From the Percona Server 5.5.36-34.0 Release Notes:

In order to comply with Linux distribution packaging standards Percona‘s version of libmysqlclient has been renamed to libperconaserver. The old name was conflicting with the upstream libmysqlclient. Except for packaging, libmysqlclient and libperconaserverclient of the same version do not have any differences. Users wishing to continue using libmysqlclient will have to install the corresponding package of their distribution, such as mysql-lib for CentOS and libmysqlclient18 for Ubuntu/Debian. Users wishing to build software against libperconaserverclient should install libperconaserverclient-dev package. An old version of Percona-built libmysqlclient will be available for download.

You simply need to symlink libperconaserver to libmysqlclient, and here’s how it’s done:

# ln -s /usr/lib64/ /usr/lib64/
# ln -s /usr/lib64/ /usr/lib64/

(Note: for RHEL/CentoOS/CL 6 x86, replace /usr/lib64 with /usr/lib)

Finally, re-run EasyApache to compile PHP against the new libraries:

# /scripts/easyapache --build

Note: After running this, this error appeared on php sites…

ERROR: Database Error: The MySQL adapter "mysql" is not available.

Checked and the symlinks were not real as there were missing files.

Check perconal rpm’s

rpm -qa |grep PerconaPercona-Server-shared-compat-5.5.35-rel33.0.611.rhel5

I removed the symlinks and applied

Removed the symlinks and then followed this cpanel article symlink at the bottom to rebuild.

Another resource:

Cpanel Documentation


Clone this repository into /var/cpanel/easy/apache/custom_opt_mods/ like so:

# cd /var/cpanel/easy/apache/custom_opt_mods/
# git clone .
# /scripts/easyapache

Git on cpanel is at

# /usr/local/cpanel/3rdparty/bin/git

Or use the .zip:

# cd /usr/src
# wget
# unzip -d /var/cpanel/easy/apache/custom_opt_mods/
# /scripts/easyapache

Make sure that the path is

/var/cpanel/easy/apache/custom_opt_mods]# ls -la

drwxr-xr-x 4 root root  4096 Sep  2 20:26 ./
drwxr-xr-x 9 root root  4096 Sep  2 20:38 ../
drwxr-xr-x 3 root root  4096 Sep  2 20:26 Cpanel/
-rw-r--r-- 1 root root   606 Sep  2 20:32 error_log
drwxr-xr-x 7 root root  4096 Sep  2 20:26 .git/
-rw-r--r-- 1 root root 18025 Sep  2 20:26 LICENSE
-rw-r--r-- 1 root root   834 Sep  2 20:26

Or it will not show up in easy apache.

From here, select Phalcon from the list of PHP modules. The module will be loaded from /usr/local/lib/php.ini.

There is no max file size limit that can be sent and received, however, cPanel defaults the limit to 50mb. You can change this in cPanel.

To change this do the following,

Login to cPanel as admin
Under Service Configuration, Click “exim Configuration Manager”
Click “Advanced Editor”
Scroll down and Click “Add additional Configuration Setting”
Find “message_size_limit” in pull-down list and choose
Enter limit that you want to change to
Scroll to bottom and click “save”

WHM show the service as down.

Primary IP Address 69.xx.xx.xx
Service Name ftpd
Service Status failed
Notification The service ?ftpd? appears to be down.
Service Check Method The system?s command to check or to restart this service failed.
Number of Restart Attempts 258
Startup Log 

Do the following…

# cd /var/run
# mv

Restart ftpd in WHM under Service

Roundcube error:
Roundcube – Database error: Connection failed!

Exim log

Aug 17 01:52:44 206-225-82-31 dovecot: auth: Error: Cpanel::MailAuth: Failed to lookup domain owner of
Aug 17 01:57:44 206-225-82-31 dovecot: master: Warning: Killed with signal 15 (by pid=24147 uid=0 code=kill)"


# /usr/local/cpanel/bin/update-roundcube --force
[Tue Aug 18 16:28:04 2015] [error] [client] ModSecurity: Audit log: Failed to create subdirectories: /usr/local/apache/logs/modsec_audit/exclusi3/20150818/20150818-1628 (Read-only file system) [hostname ""] [uri "/index.php"] [unique_id "VdOjZNg3iukAAFLEtGYAAAAH"]
If I disable mod security on the account, then I get Mod ruid errors

Disable mod security

[Tue Aug 18 16:29:49 2015] [error] [client] SecurityException in Application.cpp:186: Do not have root privileges. Executable not set-uid root?
[Tue Aug 18 16:29:49 2015] [error] [client] Premature end of script headers: index.php

I had to disable modsecurity and then uncheck “EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell” enabled under the “Security” tab in “WHM >> Tweak Settings”.

ModSecurity uses can help block potential attack attempts from malicious users, but sometimes it can also block legitimate requests.

Note: Using SecRuleEngine Off in your modsecurity configuration, you won’t want to put that in your ModSecurity configuration file. As that completely turns off ModSecurity. The SecRuleRemoveById setting is used instead to only disable one specific rule.

If you are seeing errors in you apache log files for a domain such as:

[Sat Jul 25 16:34:57 2015] [error] [client ??.7.??.??] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\\\b(?:(?:type\\\\b\\\\W*?\\\\b(?:text\\\\b\\\\W*?\\\\b(?:j(?:ava)?|ecma|vb)|application\\\\b\\\\W*?\\\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\\\b.{0,100}?\\\\bsrc)\\\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)| ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "111"] [id "1234123404"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"][severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname ""] [uri "/skin/frontend/base/default/js/cadence/lib/jquery.cookie.js"] [unique_id "VbQdIdg3u9IAAB9DPQkAAAAH"]

Mod _security is doing its job. If this is a valid script, you can make a change and allow it.
Run the following from ssh:

# grep ModSecurity /usr/local/apache/logs/error_log | sed -e 's#^.*\[id "\([0-9]*\).*hostname "\([a-z0-9\-\_\.]*\)"\].*uri "#\1 \2 #' | cut -d\" -f1 | sort -n | uniq -c | sort -n

The results will look like this:

 # 100 1234123404 /skin/frontend/base/default/js/cadence/lib/jquery.cookie.js

ModSecurity rule ID 1234123404 has been triggered at least 100 times when accessing /skin/frontend/base/default/js/cadence/lib/jquery.cookie.js file.

In order to disable just the specific ModSecurity rule for the 1234123404 rule, run the following command:

# echo "SecRuleRemoveById 1234123404" >> /usr/local/apache/conf/userdata/std/2/userna5/

You can also search for the rule in WHM/cPanel at Home »Security Center »ModSecurity™ Tools » Rules List

Note the error in the log file – the ID:

# [id "1234123404"]

This is the rule. Search for this at Home »Security Center »ModSecurity™ Tools » Rules List.


You can click disable to allow the script.