Another day in Hell with Yahoo

Maybe I should not be posting this, but what the heck! I've already notified Yahoo, so they can't say they were not warned.

I was on the phone with Yahoo today about one of my clients, and I got some rather surprising news, so I emailed (one of their wonderful forms) support, and this is what I said:

I am very surprised, disheartened and disappointed to see that Yahoo is still using PHP Version 4.3.11. PHP is now up to version 5.3.0.
When I was talking to someone in support this afternoon, I was told that Yahoo was using 4.3.11 for security reasons.

One of the main reasons most hosting providers upgraded their servers was the issue of Registered Globals. This is VERY dangerous, and problably most Yahoo small business account holders either do not know or care about it. That is not true of hackers – this is something that hackers test for, just as they test for easy sql injection. Please see [http://en.wikibooks.org/wiki/PHP_Programming/Register_Globals] for a full description of the dangers of Registered Globals.

Checking Yahoo Small Business php.ini file, I saw that Registered Globals is ON – that is very dangerous for Yahoo and its customers. What I suggest you do is send a global email out to all account holders that you are going to turn it OFF, and they can consult Google for relavent coding to turn it on if they must on a case by case basis. For this site, I have turned them off.

Of course, the best thing to do would be to upgrade your servers to the latest version of PHP. Let users know that some of their code may not work, but that it is being done for security reasons. [http://www.php.net/manual/en/migration5.php].

I must say, these people are really shnooks. Last time I had to deal with them (same account) they told me that they did not allow htaccess for security reasons. Well, of course not! Not when your whole server is insecure and you're using bandaids to shore it up.

My recommedation to anyone who is using Yahoo Small Business Web Hosting is to get the Hell out of Dodge and use a real web host, like Axishost, Lunar Pages, Start Logic, or even GoDaddy for the true masochist.

Advertisements

One thought on “Another day in Hell with Yahoo

  1. Seeing a response to a topic in alt.www.webmaster, I have to take my comment about GoDaddy out.Here's a snippet from the thread for those of you who might not want to see the entire thing:On Sun, 01 Nov 2009 05:39:05 +0000, Adrienne Boswell ate alphabetspaghetti and shat out:…> Your hosting company, GoDaddy……you've said enough. Dirty, filthy spam emitting scum of a hosting company. I have no sympathy for anyone who puts money in their pockets.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s