Web Hosting Forum | Lunarpages

Author Topic: Secure and unsecure scripts  (Read 395 times)

Offline Edheldur

  • Newbie
  • *
  • Posts: 2
Secure and unsecure scripts
« on: June 14, 2005, 10:03:32 PM »
I've been thinking about moving my site to Lunar Pages. I particularly liked the forums and the response given to all the problems I've read about from LP.

However I read one message and it got me curious. It was about a site that was suspended because the LP staff found the php code on that site to be insecure. How frequently do LP check customer's scripts to see if they're secure/insecure? Do you get a notice/warning if your site's scripts are considered insecure before suspending the site? If the site is suspended can it be reactivated after taking care of the insecure parts?

One last question: If for whatever reason LP considers to terminate a customer's account, do LP contacts said customer before doing it, or they just contact it to tell him that he is no longer with LP? (I ask this because I've known 2 hosting companies that terminated customer's account and then refusing to explain why they did it).

katrina1

  • Guest
Secure and unsecure scripts
« Reply #1 on: June 15, 2005, 03:50:44 AM »
Hello,

We send out notices to customers when security issues arise with particular scripts that we provide auto-installs for. There is some time given to upgrade to more secure versions though the time varies according to the seriousness of the issue and current hacker attacks.

We do have scripts running on the servers to check for some scripts in particular. If they are found, the script will automatically disable them. Most scripts can be upgraded and then reenabled. Scripts with known long term issues may have to be removed entirely such as mtcomments.cgi and phpnuke.

We often have to take action first to protect the shared server from crashing or exploitation but then we will email you with an explanation. When possible, we may move your account to a quarantine server to give you a chance to fix the issues without suspending it or we may disable only the problem script. Please be sure to keep a current contact email address on file and it is best to use an outside email address not on your domain in case the domain is suspended or email on the domain fails.

Offline GMTurner

  • Berserker Poster
  • *****
  • Posts: 7499
    • Turner's Lounge
Secure and unsecure scripts
« Reply #2 on: June 15, 2005, 05:07:32 AM »
As an observation from a non-staff person, I've seen discussion of a few accounts getting suspended here on the forums. It is important to remember that in general LP staff can't discuss the details of someone's account in the public forum, so often what you see is just one side of the issue.... that of the unhappy person who's site has been suspended.

In every case that I can think of, it generally seemed that LP had given notice/warnings to the site which were "ignored" or where the issue was never resolved after repeated attempts. Sometimes this was the result of the site owner not having a current email address on file with LP (or at least not one that they checked on a regular basis) rather than someone really ignoring the email. But, I do believe LP always made attempts to contacted the site owner as soon as possible when a problem was discovered and worked with the site owner to try and get things resolved.

To help protect the stability of the server (for the sake of other sites hosted on the same server), sites that use excessive resources (often the result of an exploited/hacked site) are often moved to a "temporary" server so that customers can work on getting things fixed. Unfortunately, I've seen a few people who were never able to get things fixed or continued to try and use scripts that were out of date and contained known exploits. At some point LP had to make a decision to protect the other customers and suspend the site with the issue. So, as unhappy as I'd probably be if my site was the one being suspended, it's also reassuring to know that LP will take action to protect the other customers who are hosted on the same server.
The above information may or may not reflect current policy, opinions, or views since it was likely made almost 10 years ago.

Offline Edheldur

  • Newbie
  • *
  • Posts: 2
Secure and unsecure scripts
« Reply #3 on: June 15, 2005, 06:29:38 AM »
Katrina1: Thanks for your answer and explanation.

GMTurner: I asked precisely becuase I wanted to know how LP deals with unsecure scripts, and not just base my decision on the topics in the forum about that. I know they have to protect a lot of customer's sites in each server, and compromising their information is something that should be avoided at all costs. I asked about previous notice becuase I've known hosts that just cancel a customer's account with no explanation whatsoever.

 

Share |