Due to the large scale phishing attacks happening on many of our sites due to the lack of security on many of the domains, we are taking certain steps to protect our servers and the sites from such attacks.
As a part of this, we are disabling 777 access to any website. To accomplish this, we are migrating our servers to SuPHP to secure our PHP and apache configurations. This move will make sure files cannot be written by everyone and will prevent the issue caused by the 777 permissions that were previously allowed on all files.
We are implementing this change in our shared servers on 30-Oct-2010.
suPHP is a tool for executing PHP scripts with the permissions of their owners. With this we have following advantages in shared hosting environment
No folders or files can have 777 permission and it cannot be owned by user “nobody”. This is one of the greatest advantage where we can secure the files and folders in the site as none can do anything other than the site owners.
This change will go in at midnight on 29-Oct-2010 and as of 30-Oct-2010 we will not allow any 777 access on any of our servers.
Site Owner should make following in their site
1. Make sure no 777 permission files or folders/directories present in the site. The recommendation is to change it to 755 for folders and 644 for files.
2. .htaccess file should not contain any php_value. Please move those values under php.ini file instead.
Please feel free to contact us if you need any help with this.
Resellers please pass this is to the respective site owners.