• English version
  • Version française
  • Versión española

Archives de mars 2009

Apache AddHandler moved to AddType due to security considerations

Posté le dimanche 29 mars 2009

Hi,

Due to security considerations, AddHandler should not be used in apache configuration files. As uncovered by an old thread on the suphp mailing list, this would allow any files containing ".php" to be executed by php (for example example.php.jpg, trust me, this is not what you want ;) ).

As using AddHandler was sadly advised in our FAQ example, most of our hosted people were using it in their .htaccess. To fix this security flaw, we have added full support to AddType, modified our FAQ and run a script to widely and roughly modify all .htaccess files to retroactively fix the problem on TuxFamily.

If you were using a custom .htaccess file containing AddHander/AddType instructions, please check that everything is still working fine as our script may have introduced some side effects.

If you are automatically upgrading your website through rsync or such, please fix your local copy of .htaccess according to the new version of the FAQ.

However, we are not the only one to blame, because the Apache documentation is very unclear on this particular point, as you can see on the addhandler and addtype descriptions.

Your admins

NFS crash

Posté le samedi 28 mars 2009, à 03:10 UTC

Hi,

Mail, web, downloads, svn/git/cvs, MX and DNS services are currently down, we managed to crash the main NFS server this night :(.

MX and DNS secondary services are still working, so you won't loose your mails.

We will keep you informed.

We apologize for the inconvenience.

Your admins

Edit: Okay, everything should be back online :) enjoy !

Au revoir PHP4

Posté le mardi 10 mars 2009

Comme la plupart d'entre vous le savent, PHP5 est disponible depuis déjà 5 ans, PHP4 est donc obsolète et ne sera plus disponible quand nous migrerons vers Debian lenny.

Donc, merci de regardez si vos sites webs fonctionnent avec PHP5, et de les corriger si nécessaire, vous pouvez regarder comment faire ça sur la FAQ

PHP5 sera configuré comme langage par défaut la semaine prochaine, vous pourrez toutefois revenir en arrière sur PHP4, mais dépêchez-vous, cela ne devrait pas rester très longtemps.

RSS Feed