phpBB problem
- Thread starter Logan
- Start date
Is JodoHost addressing this issue? I can't find any other mention of it on the forums. The PHPBB folks are calling 2.0.11 a "Critical update".
http://www.phpbb.com/phpBB/viewtopic.php?t=240636
Is there a mechanism to update PHPBB from within H-Sphere?
There also seems to be some critical issues with PHP itself where we need 4.3.10. I see that Win6 is still running 4.3.9. Is anything being done about this?
http://securityfocus.com/archive/1/384568/2004-12-14/2004-12-20/0
http://www.phpbb.com/phpBB/viewtopic.php?t=240636
Is there a mechanism to update PHPBB from within H-Sphere?
There also seems to be some critical issues with PHP itself where we need 4.3.10. I see that Win6 is still running 4.3.9. Is anything being done about this?
http://securityfocus.com/archive/1/384568/2004-12-14/2004-12-20/0
SubSpace
Bass
Hmm, interesting bug that PHP 4.3.9 one...
I've been having some other problems with the same version on my home server. 2 kernel panics and some other random errors, where one particular PHP script runs 24/7. It used to run fine before some recent updates.. guess it's time to update again
I've been having some other problems with the same version on my home server. 2 kernel panics and some other random errors, where one particular PHP script runs 24/7. It used to run fine before some recent updates.. guess it's time to update again
SubSpace
Bass
After reading the PHP 4.3.10 changelog I think JodoHost would do well to update to this version as well. On Apache with PHP 4.3.9 it's easy to kill apache childprocesses. With enough of those requests you could probably DoS the webserver no problem at all. On Windows I'm not sure what the effects are, but they can't be good.
Then there's the memory leaks of course. Might be hard to exploit on purpose, but always a source of danger.
Then there's the memory leaks of course. Might be hard to exploit on purpose, but always a source of danger.
I'm no expert with PHP but our team has locked down PHP pretty well and we run the cgi edition. Have disabled quite a number of things that can be exploited
Anyway, thanks for the article. We'll be investigating this and updating to 4.3.10 soon after
Regarding phpBB. Although you can do phpBB installations through HSphere, we do not officially support that and anyone who uses phpBB should be downloading it directly from their site and be aware of it. But anyway, I will be making an announcement about it
PSOFT has released patch 6 which upgrades phpBB to the latest but we aren't going to be applying that at least in the next 2 weeks (till its properly tested)
Anyway, thanks for the article. We'll be investigating this and updating to 4.3.10 soon after
Regarding phpBB. Although you can do phpBB installations through HSphere, we do not officially support that and anyone who uses phpBB should be downloading it directly from their site and be aware of it. But anyway, I will be making an announcement about it
PSOFT has released patch 6 which upgrades phpBB to the latest but we aren't going to be applying that at least in the next 2 weeks (till its properly tested)