Unfortunately, hacker attacks exploiting security flaws in poorly written PHP programs have become common in recent weeks. To prevent such attacks, we have taken the following measures on our servers:
1.) PHP software is placed in a closed runtime environment by default. Technically, this means turning on the PHP "open_basedir" variable to lock the program into the hosting directory system. This will not change anything in most cases, but if the PHP program running on your host uses the directory "/tmp" to store temporary files, change it to "/web/tmp" in the program configuration.
Please note that if you are using the osCommerce webshop system, please make sure to change this path in the osCommerce Admin interface by logging in under Settings -> Sessions -> Sessions Directory.
2.) On our servers we have disabled remote URL calls with fopen, include, require, etc. This is essential to protect against the "cross site scripting" attacks that are so common these days.
This measure will limit the functionality of some instructions, but these instructions are not used by 95-98% of websites with the URL call function, so this change will probably go unnoticed by your website.
If any of the changes described above cause disruption to your website, please let us know and we will disable it individually.
If you have any questions, please call our customer service number.
