tim_getdim — 2012-11-19T15:15:47-05:00 — #1
for the last several days i have been noticing many of my domains suddenly have "safe mode" enabled.
I have no idea how this is happening and tech support on my host does not understand it either.
anybody have an idea as to why this may be happening?
serverstorm — 2012-11-20T12:23:29-05:00 — #2
This is normally due to a restored configuration backup - one that overwrites your 'safe-mode' settings. The person you spoke with at your host may not know about this. The other issue may be you have a virus or have been hacked. As you know 'safe mode' is a security threat nowadays so I'd be wary that someone did not hack your sites and is planning or is using safe mode as tool.
Can your host tell you what IPs have connected to the admin and server; furthermore, can they check if any SSH activity is showing in their firewall/security set-up, with specific emphasis on your sites?
tim_getdim — 2012-11-20T12:41:56-05:00 — #3
I spoke with my host again yesterday, and they said that safe mode is enabled by default on all domins on their server, and that until now, it has never caused any problems.
serverstorm — 2012-11-20T12:53:26-05:00 — #4
Did you upgrade the PHP version you are using? If so, what was it before and then now?
tim_getdim — 2012-11-20T13:15:30-05:00 — #5
I have not upgraded PHP. Im not sure what version it is (i know its above 5.0) and im not sure how to check that without submitting a support ticket to my host (my host is Managed Way, using the DirectAdmin CP)
serverstorm — 2012-11-20T15:55:11-05:00 — #6
It is worrisome to me that safe mode is enabled by your host. Having Safe mode means that your PHP is PHP 5.3 (it is depreciated in this version) or less as the feature has been removed in PHP 5.4. Please take the time to read this article by Ilia Alshanetsky on the subject as it should allow you to learn good questions to ask your host.
Did you recently add anything to your domains that does some sort of file access like caching for instance?
sahostking — 2012-11-22T07:16:30-05:00 — #7
They need to investigate this. More than likely a staff member or a rollback was done to their global php.ini file.
This can cause many issues on many of the sites they host. I'm sure they should've picked it up by now.
dklynn — 2012-11-25T18:18:22-05:00 — #8
The thing you need to do for your own websites is add a line in your .htaccess to change the value of PHP's Safe Mode to off across your website. DO NOT wait for the host to get their act together as this "smells" like a hack attack. THEN look for a competent host.