SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Zealot tim@getdim's Avatar
    Join Date
    Jul 2012
    Location
    Detroit
    Posts
    162
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    domains suddenly have 'safe mode' enabled

    for the last several days i have been noticing many of my domains suddenly have "safe mode" enabled.
    I have no idea how this is happening and tech support on my host does not understand it either.
    anybody have an idea as to why this may be happening?

  2. #2
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Hi Tim,

    This is normally due to a restored configuration backup - one that overwrites your 'safe-mode' settings. The person you spoke with at your host may not know about this. The other issue may be you have a virus or have been hacked. As you know 'safe mode' is a security threat nowadays so I'd be wary that someone did not hack your sites and is planning or is using safe mode as tool.

    Can your host tell you what IPs have connected to the admin and server; furthermore, can they check if any SSH activity is showing in their firewall/security set-up, with specific emphasis on your sites?

    Steve
    ictus==""

  3. #3
    SitePoint Zealot tim@getdim's Avatar
    Join Date
    Jul 2012
    Location
    Detroit
    Posts
    162
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I spoke with my host again yesterday, and they said that safe mode is enabled by default on all domins on their server, and that until now, it has never caused any problems.

  4. #4
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Quote Originally Posted by tim@getdim View Post
    I spoke with my host again yesterday, and they said that safe mode is enabled by default on all domins on their server, and that until now, it has never caused any problems.
    Did you upgrade the PHP version you are using? If so, what was it before and then now?
    ictus==""

  5. #5
    SitePoint Zealot tim@getdim's Avatar
    Join Date
    Jul 2012
    Location
    Detroit
    Posts
    162
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have not upgraded PHP. Im not sure what version it is (i know its above 5.0) and im not sure how to check that without submitting a support ticket to my host (my host is Managed Way, using the DirectAdmin CP)

  6. #6
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Hi Tim,

    It is worrisome to me that safe mode is enabled by your host. Having Safe mode means that your PHP is PHP 5.3 (it is depreciated in this version) or less as the feature has been removed in PHP 5.4. Please take the time to read this article by Ilia Alshanetsky on the subject as it should allow you to learn good questions to ask your host.

    Did you recently add anything to your domains that does some sort of file access like caching for instance?

    Steve
    ictus==""

  7. #7
    SitePoint Enthusiast
    Join Date
    Nov 2012
    Location
    Cape Town, South Africa
    Posts
    40
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    They need to investigate this. More than likely a staff member or a rollback was done to their global php.ini file.

    This can cause many issues on many of the sites they host. I'm sure they should've picked it up by now.

  8. #8
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,645
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    Tim,

    The thing you need to do for your own websites is add a line in your .htaccess to change the value of PHP's Safe Mode to off across your website. DO NOT wait for the host to get their act together as this "smells" like a hack attack. THEN look for a competent host.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •