Domains suddenly have 'safe mode' enabled

tim_getdim · November 19, 2012, 8:15pm

for the last several days i have been noticing many of my domains suddenly have “safe mode” enabled.
I have no idea how this is happening and tech support on my host does not understand it either.
anybody have an idea as to why this may be happening?

ServerStorm · November 20, 2012, 5:23pm

Hi Tim,

This is normally due to a restored configuration backup - one that overwrites your ‘safe-mode’ settings. The person you spoke with at your host may not know about this. The other issue may be you have a virus or have been hacked. As you know ‘safe mode’ is a security threat nowadays so I’d be wary that someone did not hack your sites and is planning or is using safe mode as tool.

Can your host tell you what IPs have connected to the admin and server; furthermore, can they check if any SSH activity is showing in their firewall/security set-up, with specific emphasis on your sites?

Steve

tim_getdim · November 20, 2012, 5:41pm

I spoke with my host again yesterday, and they said that safe mode is enabled by default on all domins on their server, and that until now, it has never caused any problems.

ServerStorm · November 20, 2012, 5:53pm

Did you upgrade the PHP version you are using? If so, what was it before and then now?

tim_getdim · November 20, 2012, 6:15pm

I have not upgraded PHP. Im not sure what version it is (i know its above 5.0) and im not sure how to check that without submitting a support ticket to my host (my host is Managed Way, using the DirectAdmin CP)

ServerStorm · November 20, 2012, 8:55pm

Hi Tim,

It is worrisome to me that safe mode is enabled by your host. Having Safe mode means that your PHP is PHP 5.3 (it is depreciated in this version) or less as the feature has been removed in PHP 5.4. Please take the time to read this article by Ilia Alshanetsky on the subject as it should allow you to learn good questions to ask your host.

Did you recently add anything to your domains that does some sort of file access like caching for instance?

Steve

sahostking · November 22, 2012, 12:16pm

They need to investigate this. More than likely a staff member or a rollback was done to their global php.ini file.

This can cause many issues on many of the sites they host. I’m sure they should’ve picked it up by now.

dklynn · November 25, 2012, 11:18pm

Tim,

The thing you need to do for your own websites is add a line in your .htaccess to change the value of PHP’s Safe Mode to off across your website. DO NOT wait for the host to get their act together as this “smells” like a hack attack. THEN look for a competent host.

Regards,

DK