Fix Works! "Ini_set has been disabled for security reasons" ALSO QUESTIONS

[JohnMorris]

If you recently were "freaked" when your website would start with 10 or 20 messages displayed refering to something like "Ini_set has been disabled for security reasons", don't despair! (Depending on the size of your browser window you may not have noticed that your website is probably still working, but way down, below all the repeated messaged...))

The fix provided by Matt completely works. See this URL: http://glowhost.com/forums/knowledge-base/how-fix-ini_set-has-been-disabled-security-reasons-2503.html.

Note that if you have multiple sub-domains, the fix (edit and possibly create .htaccess and php.ini in your /public_html directory) ONLY applies to your main domain.

If you have never edited any of your site files before, this will be a little daunting. It's very easy once you know how to do it -- about five minutes. I use FileZilla over FTP w/TLS/SSL, and Crimson Editor (but you should use a newer open source code editor -- although I think you can use Notepad).

As soon as the changes are made, a refresh on your website(s) will immediately show that they are now functioning normally.

QUESTION NO. 1 -- REASON -- What are the effects of these changes? What is the security implication? Why was the change done?

QUESTION NO. 2 -- COVERAGE -- Does this problem only affect some websites? Or all of GlowHosts customers? If so, what is special about the affected websites?

QUESTION NO. 3 -- ANNOUNCEMENT -- This was a pretty wierd issue, and when you visited the website, kind of a shock. Apparently the change was made due to an emergency security problem. But why not inform people about the problem? Why not send an email?

QUESTION NO. 4 -- DIFFICULTY -- If one is not possessed of basic technical savvy, one would not be able to solve the issue. What is GlowHost thinking? Are many customers faced with websites that don't work properly anymore? How does GlowHost think that unskilled users can fix this?

QUESTION NO. 5 -- TICKET SYSTEM DOWN -- Coincidentally to this problem, the Ticket System went down for maintenance. But if you tried to go there, you'd get an ACCOUNT SUSPENDED notice. Like this was wierd -- and apparently the WORST possible customer relations! In the middle of a GlowHost-initiated problem (even to support a fix around security), the ticket system goes down? Maybe it wasn't a coincidence! But why "account suspended"? Why not a "it's not your fault, we'll be back on line shortly"...????

COMMENT ON LIVE SUPPORT -- At least the Live Support worked great, Slavik was great, and the response was super fast and correct.

GlowHost is an absolutely terrific host, and has great technical support and terrific reliability, as well as being affordable. So, the above questions are offered in that context!

Thanks,

John

[Matt]

Well, I won't take credit, that was actually Alexander who posted the fix.

The answers to your questions
1. REASON - Because PHP scripts in a shared environment and I suppose even in a dedicated environment don't need this function to work. It is an insecure function and the scripts could be written in a different way to accomplish the same thing.

2. COVERAGE - Yes, it only affects certain websites that use certain scripts that use ini_set()

3. ANNOUNCEMENT - Do you really want a couple hundred emails per week for all the changes we make behind the scenes? We do make announcements for major things that will affect all sites, but in shared hosting, some setting practically always affects one website or another on some server somewhere. There are too many variables about knowing who to notify and who not to notify. Its a bit different for dedicated servers as those settings are only changed when the owner needs them changed or requests them changed.

4. DIFFICULTY - The reality is that the owning a website is not a simple thing. It requires a basic skill-set that some people simply cannot grasp, and that others excel at. The former usually are not web site owners for very long. The later become successful website operators.

5. TICKET SYSTEM DOWN - The vendor that we purchased the helpdesk script from has a licensing server. Their licensing server was down, this the suspended page you saw one the 3rd party website that you clicked to. The suspended had nothing to do with you or GlowHost. Whoever hosts the helpdesk vendors licensing server suspended the site that holds the licenses. Everyone who runs this helpdesk system was down. Apparently it is back online as the helpdesk started working again yesterday sometime after we installed a temporary helpdesk solution. We have restored the old helpdesk and will be looking for a replacement soon. We were not aware that such a problem could arise and were just as surprised as everyone else when it was not working through no fault of our own, especially considering we own the script 100% it was a shock to find that anything remotely controlled could break the system.

Thanks for the other comments as well.

[JohnMorris]

Matt,

Thanks for a super answer! I really appreciate understanding the context in which the events of yesterday happened. And your insight on what is required to run a website. Ironically, I was locked out yesterday due to five failures to log in to remote shell to figure out SSH, but really to test cron. So there was a perfect storm of 3 things all going wrong within a few hours -- lockout due to learning SSH; unrelated ticket system shutdown; unrelated ini_set situation. Ahhhhhhhh! But then, back online no problem!

Anyway, I'm going to hit "like" right now on my FB connection from GH.

Sincerely,

John

[Matt]

Haha, great that sounds good to us, cheers.