PHP version

Technical support for owners of colocated servers, and dedicated servers, and support/questions specific to this type of hosting.

Moderator: Admins

Post Reply
sullim4
newbie
Posts: 1
Joined: Tue Dec 21, 2004 2:25 am

PHP version

Post by sullim4 » Tue Dec 21, 2004 2:27 am

Hello - I am the technical director for govsim.com and I was curious about the PHP version being run on our server (www2.pcdc.net). There has recently been a vulnerability found with PHP 4.3.9 that affects message boards such as vbulletin and phpbb. Would it be possible to upgrade the php version on our server to 4.3.10? Thanks. Mike

jk1
newbie
Posts: 3
Joined: Thu Oct 31, 2002 1:12 pm

Post by jk1 » Tue Dec 21, 2004 6:38 pm

I'm also concerned about this. The 4.3.9 serialize bug is very exploitable.

porcupine
Site Admin
Posts: 674
Joined: Wed Jun 12, 2002 5:57 pm
Location: Toronto, Ontario
Contact:

Re: PHP version

Post by porcupine » Tue Dec 21, 2004 11:53 pm

sullim4 wrote:Hello - I am the technical director for govsim.com and I was curious about the PHP version being run on our server (www2.pcdc.net). There has recently been a vulnerability found with PHP 4.3.9 that affects message boards such as vbulletin and phpbb. Would it be possible to upgrade the php version on our server to 4.3.10? Thanks. Mike
Hi there sullim4,

This has been looked into for about a week, and we've been deploying other methods of dealing with problems like that (eg. mod_security). I stand by the method of "letting other people, at other companies, make your mistakes for you" and am rarely the first person to rush in on a software upgrade, etc.

There have been several reports of problems with php 4.3.10 that we've been watching on the CPanel forums, though at this time they appear to be in relation to Zend Optimizer (again, why waiting is good, as we have the possible answer before we even have the problem). We will most likely be upgrading the servers within the next couple of days once we've completed our evaluation.

BTW, you're pretty quick, CPanel didn't even pick up the php 4.3.10 patch a week ago (and they have no confirmed security issues, the overflow issues, etc. are a common presence for most scripts).
Myles Loosley-Millman
Priority Colo Inc.
myles@prioritycolo.com
http://www.prioritycolo.com

valar2006
newbie
Posts: 1
Joined: Mon Jul 11, 2005 7:47 am

Post by valar2006 » Fri Aug 05, 2005 4:41 am

:)
ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage

Post Reply