Was your host accected?

What do you mean by 'affected'?
Most hosts should aready have upgraded PHP and I don't believe there was any impact.

Affected??

I dont think that you can find any host that was affected. As Walter sad, most real hosts already running 4.1.2 .

By affected, do you mean the security hole was taken advantage of? I think most hosts have upgraded to PHP 4.1.2 now. :)

We're all upgraded :)

Not good enough.. PHP 4.1.2 is still vulnerable.

*NoComment*

LOL, i e-mailed prohosting (which I have an accont on) and I got


Our system administrators are aware of this particular update and will be patching our servers very soon. Thank you for bringing this to our attention.

Dave, Support Technician
support@prohosting.com

wow, I wonder when they'll upgrade. It may be like thier last PHP upgrade where when you used the SSL server you had Apache 1.3.14/PHP 4.0.4pl1 and non-SSL Apache 1.3.20/PHP 4.0.5. nd my PHPInfo at http://64.125.83.84/phpinfo.php still says 4.0.5. (and my SSL one at https://secure16.prohosting.com/~a0015669/phpinfo.php still says 4.0.4pl1)

they can also simply disable file_uploads and the securty hole is closed until the admin gets a chance to upgrade all the servers to the latest PHP and apache.

but they'd have to modify PHP.ini on heaps of servers and take 'em down and restart apache.

Originally posted by roly
but they'd have to modify PHP.ini on heaps of servers and take 'em down and restart apache.

its not that hard to login to a box via SSH, vi the php.ini file, change one line from on to off, kill the process and restart - 2 mins a box max to do that ... now if problems occur might take longer, but how long could it take for apache to restart?

But I agree that it is simply better to upgrade apache and php, thats what I did :D

Originally posted by NoComment
Not good enough.. PHP 4.1.2 is still vulnerable.

*NoComment*

What is the point of this post? 4.1.2 is the newest version, and fixes this particular bug. Stupid trolls... :rolleyes: