csf security scan getting wrong PHP version?

[peterelsner]

So just updated one of the servers to the latest csf. csf v5.55

Ran a "Check Server Security" scan and under PHP Version info it says this:

Check php version (/usr/local/bin/php) WARNING Any version of PHP (Current: v4.*) older than v5.3.* is now obsolete and should be considered a security threat. You should upgrade exclusively to PHP v5.3.*

But I'm not running version 4 and have not for quite some time.

# php -i | grep Version
PHP Version => 5.3.10
#

I'm running 5.3.10.

So I went to another server still running 5.54...

Check php version (/usr/local/bin/php) OK

# php -i | grep 'PHP Version'
PHP Version => 5.3.10
#

Running the same thing. So the latest 5.55 seems to have an issue reading the correct PHP version info.

[ForumAdmin]

csf gets the information from /usr/local/apache/conf/php.conf.yaml if you check that file you can see whether PHP v4 is enabled. If it is, you need to set the handler for it to "none" in WHM > Apache Configuration > PHP and SuExec Configuration