Hi,
Many of you will have seen the recent blog post (hopefully) about changes required for suPHP to prevent Internal Server errors (500).
As I’m sure you understand we haven’t just posted this for no particular reason, we will be rolling out suPHP on all servers in the coming week as part of our new security measures.
What new security measures?
On June 23rd a malicious user gain access to the server Hufflepuff and caused some considerable damage to users sites in a very short space of time. A complete server wide wipe was required to get the server up and running again, we then reloaded any backups we had and asked that customers upload their most recent backups over the top.
Fortunately only files were touched, and not databases – however you should be following our guide to backing up your databases to make sure you have a local copy!
Whilst we’re still clearing up these problems we feel it necessary to ramp up the security on all of our servers ASAP.
- We’ve upgraded our firewalls and increased general security around them.
- One of our biggest vulnerabilities is insecure PHP scripts.
For several months PHP5 users on Dumbledore have been using suPHP and we are going to roll this out across all versions of PHP on all of our servers at the earliest possible convenience. - We will also take this opportunity to upgrade both PHP4 and PHP5 to the latest revision in that release.
Schedule
Our engineers require an 8 hour window to work in, but do not anticipate any downtime providing no problems are encountered. If you encounter Internal Server errors after the upgrade please be sure to read the post on how to fix these!
These are scheduled below
| Dumbledore: | Wednesday 1st July | 0000 – 0800 BST |
| Hermione: | Thursday 2nd July | 0000 – 0800 BST |
| Hagrid: | Friday 3rd July | 0000 – 0800 BST |
| Harry: | Saturday 4th July | 0000 – 0800 BST |
| Hufflepuff: | Saturday 4th July | 0000 – 0800 BST |