PHP url_include removal

March 25, 2009 – 10:22 am by williamt

Monday March 30th we will be disabling the url_include ability in our default PHP setup in order to improve the security of our web cluster. This ‘feature ‘ of PHP is frequently misused by web developers and is the by far the most common vector used by hackers to gain access to exploit customer websites. Web hosting customers that require this functionality have several options to either work around or re-enable it presented in further detail in a FAQ at http://www.sonic.net/support/faq/advanced/url_include.shtml

If you think you may be using this feature we urge you to review your php code before March 30th and make any necessary changes to ensure that you will not be affected.

Update: We have completed the changes to php on our web cluster. Please note that at this time these changes only affect customers using the default php configuration.

Share this post:
  • Digg
  • del.icio.us
  • Pownce
  • Slashdot
  • StumbleUpon
  • Technorati
  • TwitThis

Post a Comment

Please Note: Blog comments are not intended as a direct support contact. If you are having a technical problem, or something equally time-sensitive, please contact Sonic.net Support by sending an email to support@sonic.net or calling 707-547-3400 (phones open 6am-11pm M-F, 8am-10pm weekends).

Sonic.net Status is proudly powered by WordPress Entries (RSS) and Comments (RSS). Theme by Bob Hosted by Sonic.net