Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Greg Beaver's Blog:
Mac OS X ships with security hole-laden PEAR - how to upgrade immediately
Jan 25, 2007 @ 06:59:45

Mac OS X PHP developers, listen up - Greg Beaver has a word of advice for you about your default PEAR installation:

I won't get into the questionable business practice of shipping software with known security holes that have had known fixes for years. Instead, I would like to offer simple step-by-step instructions of how to upgrade from outdated buggy PEAR versions to the latest stable release, 1.5.0.

You're five simple steps away from having an upgraded installation, all using the built-in pear installer and go-pear functionality.

tagged: macosx security hole pear version upgrade simple gopear macosx security hole pear version upgrade simple gopear

Link:

Greg Beaver's Blog:
Mac OS X ships with security hole-laden PEAR - how to upgrade immediately
Jan 25, 2007 @ 06:59:45

Mac OS X PHP developers, listen up - Greg Beaver has a word of advice for you about your default PEAR installation:

I won't get into the questionable business practice of shipping software with known security holes that have had known fixes for years. Instead, I would like to offer simple step-by-step instructions of how to upgrade from outdated buggy PEAR versions to the latest stable release, 1.5.0.

You're five simple steps away from having an upgraded installation, all using the built-in pear installer and go-pear functionality.

tagged: macosx security hole pear version upgrade simple gopear macosx security hole pear version upgrade simple gopear

Link:

ReadyToBeServed.com:
Web Host May Ask Client To Cover Cost Of Hack
Aug 14, 2006 @ 08:03:39

According to this new article on ReadyToBeServed.com, a flaw in the PHPNuke software allowed a malicious user access to a server to cause all sorts of headaches for both the hosting company and the others hosted on that machine.

A Wellington, New Zealand, Web hosting company may seek compensation from a client that it claims is responsible for the worst hacking attack in the company's history. IServe blames lax security on their client's part for the hacking job that resulted in the defacing of hundreds of Websites.

The hack forced iServe to shut down all its FTP servers for 28 hours, while it replaced many of its customers' websites with back-ups that were made a few days before the incident.

Joy Cottle, iServe's general manager estimates the problem cost about $20,000 to repair. Clients with dedicated servers were not affected by the hack.

They report that the attack happened because of a flaw in the content management system that allowed the user to overwrite websites of other customers on the machine. They are even considering trying to recoup some of the costs from the customer that allowed it to happen. The hole was one found in the older version of PHPNuke the customer had uploaded.

Due to the incident, iServe is now considering banning cleints from running PHPNuke
tagged: hack phpnuke security hole overwrite ban hack phpnuke security hole overwrite ban

Link:

ReadyToBeServed.com:
Web Host May Ask Client To Cover Cost Of Hack
Aug 14, 2006 @ 08:03:39

According to this new article on ReadyToBeServed.com, a flaw in the PHPNuke software allowed a malicious user access to a server to cause all sorts of headaches for both the hosting company and the others hosted on that machine.

A Wellington, New Zealand, Web hosting company may seek compensation from a client that it claims is responsible for the worst hacking attack in the company's history. IServe blames lax security on their client's part for the hacking job that resulted in the defacing of hundreds of Websites.

The hack forced iServe to shut down all its FTP servers for 28 hours, while it replaced many of its customers' websites with back-ups that were made a few days before the incident.

Joy Cottle, iServe's general manager estimates the problem cost about $20,000 to repair. Clients with dedicated servers were not affected by the hack.

They report that the attack happened because of a flaw in the content management system that allowed the user to overwrite websites of other customers on the machine. They are even considering trying to recoup some of the costs from the customer that allowed it to happen. The hole was one found in the older version of PHPNuke the customer had uploaded.

Due to the incident, iServe is now considering banning cleints from running PHPNuke
tagged: hack phpnuke security hole overwrite ban hack phpnuke security hole overwrite ban

Link: