-
SHORELESS Managed Hosting discontinues PHP 5.3 Support
CategoriesLegacy PHP code is a prime target for malicious parties attempting to gain unauthorized access or deface your web application . Older versions of PHP which are marked as "unsupported" or "end of life" (EOL) by the developers of PHP no longer receive security updates, and may also contain bugs which are fixed in subsequent major releases only. It is in your best interest to remaining up-to-date.
PHP 5.3 was marked EOL in August 2014. As a courtesy to our clients, our Managed Hosting regularly offers extended support for EOL PHP, while we help our clients to upgrade their web applications to more recent PHP versions.
In order to ensure the safety of our server environments and your hosted applications , our Managed Hosting will remove support for PHP 5.3 by the end of February 2017. We will eventually also discontinue support for the 5.4 and 5.5 branches of PHP (both of which are also EOL) by the middle of this year.
What does this mean for you as a Managed Hosting client?
We already identified all client sites still using PHP 5.3 and contacted you accordingly about upgrading your web applications to PHP 5.6 or 7.x respectively. If you did not get any message from us, the above changes may not affect your sites.
-
The Heartbleed bug didn't affect our clients
The Heartbleed bug was disclosed on 1st of April 2014. This massive security vulnerability in OpenSSL protocol has been present since the relase of OpenSSL version 1.0.1 on March 2012. While it left people scrambling to change their passwords left, right and center, we'd like to inform our customers, that our websites and the managed hosting accounts have been save and secure.
Our servers used OpenSSL version 1.0.0 and 0.9.8 which where not affected by the Heartbleed bug . To ensure none of our certificates have been compromised during its issuing process on third party servers and communication channels, we renewed all our SSL certficates.
What should you/your customers do next?
No data on our servers has been breached. The certificates on your managed hosting have been reissued as well. You don’t need to take any action regarding our site or services. However, this bug has been out there for a long time and it's possible that sites you or your customers regularly visit would be susceptible the vulnerability.
You can check whether or not sites are susceptible using this tool: http://filippo.io/Heartbleed/
We recommend you and your customers generate new passwords for any website in which sensitive information is stored, such as email, banking, etc. However, you should wait until these sites have updated their OpenSSL version and replaced their certificates with new certificates being issued on 8th of April 2014 or later.
