PHP url_include removal

Monday March 30th we will be disabling the url_include ability in our default PHP setup in order to improve the security of our web cluster. This ‘feature ‘ of PHP is frequently misused by web developers and is the by far the most common vector used by hackers to gain access to exploit customer websites. Web hosting customers that require this functionality have several options to either work around or re-enable it presented in further detail in a FAQ at http://www.sonic.net/support/faq/advanced/url_include.shtml

If you think you may be using this feature we urge you to review your php code before March 30th and make any necessary changes to ensure that you will not be affected.

Update: We have completed the changes to php on our web cluster. Please note that at this time these changes only affect customers using the default php configuration.

Leave a Reply

Your email address will not be published. Required fields are marked *