When was the last security update?
Permalink
Hi all,
I have a site that's went down for no apparent reason and the hosting company has asked me if concrete5 does automatic security updates. I don't think it does however a user could have initiated an update which could have caused an issue. Can anyone tell me when the last time a security update was issued?
The site is just showing as a blank white page. I can access okay using ftp and all of the files look normal, config files untouched etc... Strange.
I have a site that's went down for no apparent reason and the hosting company has asked me if concrete5 does automatic security updates. I don't think it does however a user could have initiated an update which could have caused an issue. Can anyone tell me when the last time a security update was issued?
The site is just showing as a blank white page. I can access okay using ftp and all of the files look normal, config files untouched etc... Strange.
I don't think there are 'security updates' - just new releases. There hasn't been a new one since April. When I've seen just a blank white page it's usually a typo in the config file.
Dreamhost per chance? Same issue for one of my clients.
Thanks for the replies.
This is what I got from the server company, not sure if it makes much sense (not Dreamhosts).
"There were two problems, firstly the website was running php in fastcgi mode. I changed this to run php as an apache module and it loaded. There may be some files that are owned by the apache server that need to be writable and when it was changed the website broke. Or, when the software was installed the php user is hardcoded into the database/files somewhere."
The .htaccess file was also overwritten somehow. The bit about the fastcgi mode I don't understand as I only did things in the default way. Is this standard practice?
It's working now but I'm a bit concerned that something like this could happen again...
This is what I got from the server company, not sure if it makes much sense (not Dreamhosts).
"There were two problems, firstly the website was running php in fastcgi mode. I changed this to run php as an apache module and it loaded. There may be some files that are owned by the apache server that need to be writable and when it was changed the website broke. Or, when the software was installed the php user is hardcoded into the database/files somewhere."
The .htaccess file was also overwritten somehow. The bit about the fastcgi mode I don't understand as I only did things in the default way. Is this standard practice?
It's working now but I'm a bit concerned that something like this could happen again...
FastCGI is a addon module for (IIRC) Apache which does 'stuff' with PHP to make it run faster, generally.
It can create problems with some PHP sites which it sounds like you experienced. I've looked into using it myself and disregarded it as an optimisation option.
Not a security issue you'll be pleased to know, is a server configuration issue which is presumably managed (with varying success) by your host.
If anyone has any further wisdom (or corrections) to the above do shout!
It can create problems with some PHP sites which it sounds like you experienced. I've looked into using it myself and disregarded it as an optimisation option.
Not a security issue you'll be pleased to know, is a server configuration issue which is presumably managed (with varying success) by your host.
If anyone has any further wisdom (or corrections) to the above do shout!
