Webhost changes security settings on server and breaks Joomla
July 17, 2009 11:27 AM Subscribe
A webhost my company uses just changed the security settings and now Joomla no longer works correctly. Are these new security settings industry standard and what should I do?
You can see the security settings here and the real problem seems to be that php ini.set is disabled, which Joomla needs. I don't know enough about security and coding to know what to do here. My options are to switch to a low security server, described here, try to reconfigure Joomla somehow, switch to a new CMS package or switch to a new web host.
I guess I need to understand what web hosts usually do with Joomla.
Also, my current webhost is nomonthlyfees.com which has had pretty poor tech support lately.
You can see the security settings here and the real problem seems to be that php ini.set is disabled, which Joomla needs. I don't know enough about security and coding to know what to do here. My options are to switch to a low security server, described here, try to reconfigure Joomla somehow, switch to a new CMS package or switch to a new web host.
I guess I need to understand what web hosts usually do with Joomla.
Also, my current webhost is nomonthlyfees.com which has had pretty poor tech support lately.
Funny. I had a horrible mediatemple experience and can't recommend you stay away enough, so there's how much one anecdote is worth, I guess. You can find love stories and horror stories about every hosting provider, I'm sure.
They don't want to be responsible for the security holes in ini.set, but that seems like a losing battle, as PHP systems in general aren't exactly 'high security' to begin with. Many providers break high/low security based on whether things like PHP and WebDAV are installed, and there's some sense to that... though I've not seen anyone get finer-grained than that until your example.
Since you're not comfortable enough mucking around with the technical side of things, you could look for a hosting provider that's especially Joomla-friendly.
posted by rokusan at 1:46 PM on July 17, 2009
They don't want to be responsible for the security holes in ini.set, but that seems like a losing battle, as PHP systems in general aren't exactly 'high security' to begin with. Many providers break high/low security based on whether things like PHP and WebDAV are installed, and there's some sense to that... though I've not seen anyone get finer-grained than that until your example.
Since you're not comfortable enough mucking around with the technical side of things, you could look for a hosting provider that's especially Joomla-friendly.
posted by rokusan at 1:46 PM on July 17, 2009
i read in another thread on the french board that you can simply add "@" in front of every occurrence of the word "ini_set" in libraries/joomla/session/session.phpKeep in mind that is a PHP-ism meaning, "If this breaks, pretend it didn't and just keep going." It won't actually cause the ini_set() command to work if the ISP still has things locked down.
posted by verb at 5:19 PM on July 27, 2009
This thread is closed to new comments.
On one of the threads someone mentioned Would do no harm to try it.
posted by twistedonion at 11:44 AM on July 17, 2009