enabling suexec and phpsuexec

[jasoncruller]

It was supposed to be done a month ago.  Is this change still going to be made?


==========================

Configuration Change to Shared and Bulk Reseller Servers


Date: Friday, May 13, 2005Server Configuration Changes:

Server Configuration Changes:

In order to increase security on our servers and improve server
performance we are enabling suexec and phpsuexec on our servers.  Many of
our servers are currently running with suexec, but phpsuexec has not been
enabled. We will be making that change on the servers beginning Monday of
next week and should have them all updated by the end of the week.  

Due to current performance issues on Tempest and Varsity, we made this
change today.

What this will do, is allow us to turn off the ability to send email by
user 'nobody' and allow us better tools to identify abusive and/or
compromised accounts and enforce secure access to php files.

Most sites will not be impacted, however there are a few PHP issues that
may arise:

1) .htaccess files can no longer be used to update settings for php.
Instead, customers will need to create a file named 'php.ini' in their
/home/$user directory with the values they would like, they should then
take effect.  Also, please keep in mind, the format of entries in these
two files differ.  As an example if you have an entry such as 'php_value
safe_mode On' in your .htaccess file, when adding this to your php.ini
file the format would instead be just 'safe_mode = On'.

2) The maximum permissions on php files have changed.  php files with any
permissions higher than 755 will generate Internal Server Errors, however
changing the permissions to 755 will fix this. For security purposes,
files should not be set any higher than 755 and this should also add
further security to your site(s).

If you experience any problem or need assistance with the above settings,
please open a support ticket and our technicians will assist you.

We are sorry for any inconvenience this may cause and thank you for
working with us through our efforts to improve performance on the
servers.

Sincerely,

Web HSP Technical Team

[Pat]

Hi jasoncruller,

Many servers were updated, but we had a problem with a few servers that had older Operating Systems.  I thought John and Jarrod were keeping the announcement up to date with status, but I see that it is not showing up.  I suspect the post expired without anyone realizing it.

Both John and Jarrod are out right now, but I will ask them for an update tomorrow when they get in and get you a status.

I thank you for your patience and if it is more urgent than that, please pm me and I'll try to track down info more quickly.

Sincerely,

Pat

[jasoncruller]

Weren't all servers operating system updated when WebHsp got them?  I also heard about some kind of server hardware upgrade, when is that going to happen?  Do you know what the new hardware or software is going to be? Thanks.

[WHSP-Jarrod]

Hi jasoncruller,

We do apologize if you feel out of the loop regarding this, we will be updating our announcements regarding this much more frequently.

At this time, all of our servers have been setup to use regular suexec, and the following servers have been setup to use phpsuexec:

Centipede
CSX001
Nitro
Venture
Lake
Knockout
Tempest
Varsity

We are looking into updating further servers, however it appears as though current builds of cPanel do not properly support phpsuexec on versions of Red Hat Linux prior to Red Hat Enterprise Linux 3.0, which has thrown a monkey wrench into our upgrade plans.

The security of our servers is extremely important to us, and we do strongly feel that phpsuexec is definitely a step in the right direction.  While we do appreciate our customers keeping their scripts up to date, we can not rely on that for the security of our servers, and want to be sure we are offering a consistantly stable platform to our customers.  We are working with Data393 to lay out a plan for upgrading those servers which need it, and while our plans to implement phpsuexec have been temporarily put on hold, we still do plan on getting it setup on our shared hosting servers as soon as we can.

I hope this has sufficiently answered your questions regarding the implementation of phpsuexec on our servers, if you have any further questions, or if there is anything else we might be able to do for you, just let us know.  We will be absolutely sure to update our announcements before any of the other servers are touched, to be sure all of our customers know.

Jarrod,
WebHSP Support

[Pat]

Hi,

Thanks Jarrod for the update.  

Weren't all servers operating system updated when WebHsp got them? I also heard about some kind of server hardware upgrade, when is that going to happen?

In response to your question on upgrades when we acquired the servers, no we made no changes to the servers right away, although we have had a couple of emergency upgrades and several of the servers were already updated. We are planning a hardware upgrade on the rest of the servers and have submitted the hardware request, but we are still in the planning phase for implementation.  The OS will be upgraded when we do the hardware upgrades.  I suspect it will be this fall by the time the hardware upgrades are completed.  The order of the upgrades will be done based on oldest OS versions.

If you have an application problem or issue on the server you are on, open a ticket and we'll see if we can find alternatives to ensure you are taken care of.

Do you know what the new hardware or software is going to be?

The new hardware will be as follows:

Dual Xeon 3.0 GHZ SCSI Rackmount Systems
RAID Mirrored Hard Drives
4 GB Ram with ability to expand to at least 8 GB Ram.

Pat

[jasoncruller]

Thanks for the info.

So I guess if I'm on a server that has an out of date Operating System now it's a good thing.

Since in the fall time (3-4 months?)  the server will be upgraded to the dual Xeons and have a new operating system at the same time and at that time be upgraded to phpsuexec, and that server will have priority over the ones which are already running with phpsuexec now is that correct?

What about security of the servers from now till it's upgraded in the fall, are the servers ok?

[Pat]

Hi,

Yes the servers are okay security wise. Our technicians still get critical kernel updates and install them.  

There are beginning to be some software issues, such as the one we just ran into with phpsuexec.  But yes, the priority will most likely be determined at least partially by oldest OS.  

Pat