All servers having SuPHP installed for added security

[oshs]

We will be installing an additional layer of security on all our servers this week called SuPHP.

The main features of SuPHP that you should be aware of is:

1.) SuPHP does not allow files/folders to run where they have group and world write permissions; only the account owner can write to files/folders. This forces all users to ensure that their files/folders have correct permissions and prevents hackers uploading malicious content into vulnerable folders.

2.) SuPHP allows all PHP scripts to be run under the user account ownership, instead of running under the "nobody" user. This is particurly helpful in tracking down scripts which send out SPAM as the "nobody" user.

Most user accounts will not notice any difference. However a number of user accounts will have some problems/errors which can be easily resolved using the instructions in the next few posts.

If however, you still cannot resolve your problem/error, then please reply to this thread with details of your issue and we'll help you resolve your problem.

Please note that there may be some teething problems initially and getting used to with this change, but we can assure you that it will result in much greater security and stability on all our servers.

We thank you in advance for your co-operation and patience.

[oshs]

Please inform all users that any files/folders which have group and world write permissions will result in a "500 Internal Server Error", i.e. rwx-w--w-

This can be resolved by changing permissions to say 755 or similar, i.e rwxr-xr-x

Basically only the account owner can write to files/folders, not group or world.

[oshs]

When SuPHP is enabled, it is no longer possible to to include php_value directives in .htaccess files.

Instead of adding these directives to your .htaccess file, add them into a file called php.ini and place this file in the same directory that your script runs in. Most often this will be public_html directory, but in some cases you will install your script in a subdirectory. Wherever your script runs, this is the place for your php.ini file. You will need to drop the "php_flag" and "php_value" prefix. You will also need to put an equals (=) sign between the setting and the value.

For example, if your script recommends these settings in a .htaccess file:

php_value upload_max_filesize 10M
php_value post_max_size 10
php_value max_execution_time 60

Put these directives in a php.ini file instead. Here is the proper syntax:

upload_max_filesize = 10M
post_max_size = 10M
max_execution_time = 60

[oshs]

All Cpanel servers now have SuPHP enabled.

As the Apache configuration has been re-written, some websites may experience a file not found/blank page/default Cpanel page when loaded up in a browser with the "www." before the domain name, i.e. "http://www.domain.com".

In the meantime, using the format "http://domain.com" should load up your website correctly in your browser.

This is just a temporary error which will disappear once the new Apache configuration is corrected to include the "www" prefix for all domains.

[oshs]

For customers on Server3, please note that we were unable to successfully install SuPHP on Server3. After 12 hours of trying, it kept failing and we have had to revert to the original non-SuPHP setup. So users on Server3 should currently not be experiencing any SuPHP related errors.

If we do attempt to install SuPHP again, we will inform update this thread again.

Can we take this opportunity to thank all those customers who have been patient with us as we know these errors can be frustrating, but in our bid to prevent our servers and your important data from ever being compromised, we feel this small amount of inconvenience for all of us will be well worth it in the long term.

[oshs]

Okay Server3 also has SuPHP enabled now successfully.

For any further errors or problems, please submit a support ticket at the Helpdesk.

[ian2283]

My php.ini file looks like this:
session.use_trans_sid = off
register_globals = on

thats all there is, i tried adding other text i got from another forum and i get the internal error everytime i change something. what else could i try?..
cheers
Ian

oshs Wrote:When SuPHP is enabled, it is no longer possible to to include php_value directives in .htaccess files.

Instead of adding these directives to your .htaccess file, add them into a file called php.ini and place this file in the same directory that your script runs in. Most often this will be public_html directory, but in some cases you will install your script in a subdirectory. Wherever your script runs, this is the place for your php.ini file. You will need to drop the "php_flag" and "php_value" prefix. You will also need to put an equals (=) sign between the setting and the value.

For example, if your script recommends these settings in a .htaccess file:

php_value upload_max_filesize 10M
php_value post_max_size 10
php_value max_execution_time 60

Put these directives in a php.ini file instead. Here is the proper syntax:

upload_max_filesize = 10M
post_max_size = 10M
max_execution_time = 60

[oshs]

Have you removed the "php_flag" lines from your ".htaccess" file?

Are there any files/folders with 777 permissions? If so drop them down to 755.

If this doesn't fix the errors, please submit a ticket for the account in question and we'll fix it up for you.

[ahmednuaman]

Right, all my web sites on Server4 still don't work. I've made changes to the perms and set them all to 755. I've removed php_flags in the htaccess file and still nothing. This is a pain.

[oshs]

Please submit a ticket with which the domain names of affected sites and we can sort them out for you.