PHP Security Upgrade Notice

PHP SECURITY UPGRADE NOTICE
~ A COPY OF THIS HAS BEEN SENT TO CUSTOMERS ON FILE

IF YOU ARE HAVING PHP SCRIPT/MYSQL ISSUES, PLEASE READ THE FOLLOWING

Dear Valued Customers,

Due to the increasing amounts of spam, phishing and security risks on our servers, we have enabled phpsuexec on all servers. Enabling this module allows each thread process to run under the ownership of that particular user and will help us remove spammers and abusers more effectively. It will also drastically improve security on the server. The enabling of phpsuexec should not cause any errors/issues, however we ask that you verify and ensure all your scripts are working correctly, as some scripts are prone to any configuration changes and have strict running requirements.

Troubleshooting / Fixing PHP Script Errors

If you have a script that is not executing or reporting "Internet Server Error", please ensure the permission on the file is set to CHMOD 755. Scripts or folders that are chmodded to 777 will no longer work due to security risks involved with 777 settings. Setting 755 is equivalent to 777 in the new environment. If your script/files are still not working, try uploading the script again. Sometimes the owner file is set to nobody:nobody. Uploading that file/script again should fix the problem.

PHP flags in .htaccess no longer work
Under the old environment you were able to manipulate the PHP settings from within a htaccess file placed in the script's directory.

For example you could turn off the php setting "magic_quotes_gpc" with this line in htaccess:

php_value magic_quotes_gpc on

With PHP running as CGI/phpsuexec manipulating the PHP settings is still possible however it can not be done with htaccess. Using htaccess with php_value entries within it will cause a 500 internal server error when attempting to access the scripts. This is because php is no longer running as an apache module and apache will not handle those directives any longer.

All php values should be removed from your htaccess files to avoid the 500 internal server error. Creating a php.ini file to manipulate the php settings will solve this issue.

What is a php.ini file and how do I go about making one?
The php.ini file is a configuration file that the server looks at to see what options have been turned on, off or set to a number different from the defaults that we have set for the server. While the name may seem advanced to those unfamiliar with it, it's simply a text file with the name php.ini

To create a php.ini file, just open up a text editor, add in the lines you need and save the file. You can name the file whatever you wish when saving. Once done, upload the file to the directory where your script is located and then rename it to php.ini

For example you can turn off the php setting "magic_quotes_gpc" with this line in php.ini:

magic_quotes_gpc = no

Troubleshooting
HELP my php script doesn't work or I have an error message.

1. Check that the php script that you are attempting to execute has permissions of no more than 755 - 644 will work just fine normally, this is not something that will need to be changed in most cases. (usually you can change permissions in your FTP client, right click on a file and choose CHMOD/permissions)

2. Check that the directory permissions that the script resides within is set to a maximum of 755. This also includes directories that the script would need to have access to also.

3. Check that you do not have a htaccess file with php_values within it. They will cause a 500 Internal server error, when attempting to execute the script.

The php_values will need to be removed from your htaccess file and a php.ini put in its place, containing the php directives as explained above.

If you need any assistance, please open a ticket or chat to us online, we are here 24 hours a day to help you.

Thank you.

Best Regards,
Host Security Dept.