[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
-----Original Message----- From: list-bounces@xxxxxxxxxxxxx [mailto:list-bounces@xxxxxxxxxxxxx]On Behalf Of Neil Williams Sent: 19 July 2006 15:04 To: list@xxxxxxxxxxxxx Subject: Re: [LUG] Apache security flaw - my website cracked Ben Goodger wrote: >> PHP 4.3.10. >> You're right. It's probably a good idea to upgrade to 5.n at some point, >> but >> Shaun doesn't want to ruin a hundred days of uptime. > >A hacked server is *not* preferable to uptime stats. > >Besides, you don't need to reboot to upgrade PHP, it's only a case of >upgrading a few packages. If you've got broken PHP that relies on PHP4 >then that's your own fault, most PHP4->5 upgrades are painless. > >-- > >Neil Williams >============= >http://www.data-freedom.org/ >http://www.nosoftwarepatents.com/ >http://www.linux.codehelp.co.uk/ In my opinion it's not necessarily PHP's fault. It's the web application's code. PHP 4 is secure, if you use the right functions. Upgrading to PHP 5 is simple, but will require a restart of the Apache application, not the server. Ed. -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.10.1/391 - Release Date: 18/07/2006 -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html