01-Aug-2021 - Reseller server maintenance/PHP upgrades.

Announcements concerning Networking & Related News, Planned Outages, Anything which may affect your services.

Moderator: Admins

Post Reply
porcupine
Site Admin
Posts: 679
Joined: Wed Jun 12, 2002 5:57 pm
Location: Toronto, Ontario
Contact:

01-Aug-2021 - Reseller server maintenance/PHP upgrades.

Post by porcupine »

Hi Folks,

Please be advised of the following maintenance window:

Maintenance Window: Sunday August 1st, 12:01am - 3:00am Eastern Time
Facility: Tor1 - 151 Front street west
Affected Device(s): www2.pcdc.net, www3.pcdc.net
Affected Customers: Shared/Reseller hosting customers
Service Impacting: Yes - Software upgrade.

Details:
1. We will be performing much needed updates to PHP, and adding a number of small security tweaks to both reseller servers. The default PHP on both servers will be changed from v7.2 to v7.4, and we will be providing support for PHP v7.3, 7.4, and v8.0 VIA the MultiPHP manager. Customers who currently utilize the "default PHP version", will see their sites migrate to PHP7.4, and can opt to downgrade to v7.3 VIA their CPanel interface(s) if/as desirable.

Support for PHP 7.2 will be removed from both servers, as it has been EOS/EOL (End of Support/End of Life) for an appreciable amount of time (8 months), and customers have had ample opportunity to swap their sites over to a more current PHP sub-version.

2. We will be enabling additional mod_security rules (which will help protect customer sites, but helping to sanitize bad input/malicious requests/other types of abuse directed at hosted sites).

3. We will be enabling smart-phone based 2 Factor Authentication VIA TOTP (Time based One Time Passcodes), which customers will have the option of enabling for CPanel access. This will not be a requirement for all accounts, it will be an optional feature for customers who wish to utilize this additional security measure on their CPanel accounts.

4. We will be changing the permissions of client hosted /home/[username]/public_html/wp-config.php files (and only wp-config.php files directly in the ~/public_html/ folders), as there have been a number of WordPress related security incidents in recent weeks, and we have found a considerable number of customer WordPress installations have inappropriate permissions on the config files (the config files contain the admin usernames, passwords, and database passwords, and a number of clients have left said files to be world readable (IE: permissions of "644", "755", etc., when that file should ideally have the permission set of "700", preventing access from any users other than the account hosting it).

5. Last but not least, we will be rebooting both the www2, and www3 servers to allow several software updates to take full effect.

Regards,
Myles Loosley-Millman
Priority Colo Inc.
myles@prioritycolo.com
http://www.prioritycolo.com
Post Reply