Page 1 of 4 123 ... LastLast
Results 1 to 10 of 34
  1. #1
    Join Date
    Jan 2011
    Posts
    27
    Plugin Contributions
    0

    Default Problems since host upgraded PHP to suPHP

    I’m having real trouble with my webhost since they upgraded to suPHP a couple of weeks ago. I have put in a load of support tickets but they have not fixed the problem yet. I wonder if anyone has any ideas about what is going on?

    I am running ZC 1.3.9h on a Linux server. Everything was fine under PHP 5.2.11. Now that the host has upgraded to suPHP my SSL pages don’t work. When a session ID is allocated (visible as session ID appended to the URL), the SSL session terminates. If I am in admin, I get booted out and sent back to the admin login page. If I am in the shop front making a purchase, I get the “Oops your session has ended” error.

    The webhost said they did take care of folder and file permission changes as part of the upgrade to suPHP. I think they automatically set all folders to no higher than 755 and all PHP files 644. May that is something to do with it??

    My web host does not seem able to sort this out, can anyone offer some advice that will either let me fix it or that I could pass to the webhost?

    The only significant PHP mod I have made to the standard 1.3.9h files is the one suggested by Ajeh here

    You might see if post #6 from:
    http://www.zen-cart.com/forum/showthread.php?t=153143

    Thanks.
    RatMonkey

  2. #2
    Join Date
    Jan 2011
    Posts
    27
    Plugin Contributions
    0

    Default Re: Problems since host upgraded PHP to suPHP

    I've had a look at the ZenCart FAQ and I suspect that my webhosts PHP session settings are incompatible with ZenCart. I have temporarily set "enable SSL" to false in the configure.php files while I try to solve this.

    Can anyone advise me what settings I need to ask the webhost to set to allow ZenCart SSL to work on suPHP?

    Thanks.

  3. #3
    Join Date
    Jan 2011
    Posts
    27
    Plugin Contributions
    0

    Default Re: Problems since host upgraded PHP to suPHP

    I have checked the Zen Cart FAQ on session problems in suPHP environment and asked my webhost to confirm about file/folder ownership and file/folder permissions. Zen Cart requirement and the webhost replies are as follows.

    Zen Cart requirement:
    a) you will need to make sure that your files and folders are owned by your username and not root
    b) you also need to make sure that any folder that has .php files in it is set to no higher than 755 and .php files are set to no higher than 644.

    Webhost Answer:
    I confirmed the username and the filer permission are correct on the server for your account. The issue is occurs because of the shared SSL , please ask Zen Cart help whether Zen Cart does support the shared hosting SSL in suPHP and suExec environment.

    Can anyone comment on this please, especially Zen Cart development team.

    Thanks.

  4. #4
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Problems since host upgraded PHP to suPHP

    Zen Cart works well with a large number of sites using Shared SSL. However, not all servers are configured appropriately to allow for it.
    Sounds like your server can't properly support shared SSL in its current configuration.

    Since SSL Certificates are very inexpensive nowadays, your fastest, easiest, smartest and best solution is to get your own dedicated SSL cert for your domain.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  5. #5
    Join Date
    Jan 2011
    Posts
    27
    Plugin Contributions
    0

    Default Re: Problems since host upgraded PHP to suPHP

    Thanks Dr Byte.

    I have a number of Zen Cart stores hosted with the web host and I don't really want to be paying for dedicated SSL certs for all of them (especially as they are not making any money at the moment). I only take PayPal so I don't have to have SSL for the shop front - I only use it for the admin logon so shared SSL is enough.

    I can either get my webhost to change its settings, or maybe look for a new host (certainly a cheaper option compared to paying for a load of dedicated SSL certs).

    Can you advise me what server configuration settings I should be asking for / looking for to enable Zen Cart to work under shared SSL in an suPHP and suExec environment?

  6. #6
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Problems since host upgraded PHP to suPHP

    I'm compelled to share an observation that there's not currently a plethora of people posting here complaining about server problems when using suPHP/suExec ... so that suggests to me that your host has made a leap into a space they don't know very well. They are the ones who should be finding and fixing their problem.

    As for specifics to offer you in order for you to tell them how they ought to do their job, I'm sorry I don't have any to share. The hosts I've used appear to have done the job correctly.

    As an aside, in thinking about this more, I do recall that several years ago when several hosting companies were starting to get their feet wet in this area that many stores had problems. You might find information in some of the older forum discussions. But I suspect that the hosts have kept much of that information private perhaps because they think it gives them competitive advantage.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  7. #7
    Join Date
    Jan 2011
    Posts
    27
    Plugin Contributions
    0

    Default Re: Problems since host upgraded PHP to suPHP

    Thank you Dr Byte, I very much appreciate your time and wise counsel.

  8. #8
    Join Date
    Jan 2011
    Posts
    27
    Plugin Contributions
    0

    Default Is your store using shared SSL under suPHP and SuExec?

    In early March my webhost sent the following message to me:

    “Considering the security loopholes/threats within php(DSO) as Apache Module, we'd like to notify that, we will be upgrading to PHP suPHP and Apache Suexec security module”

    Since this change was made the shared SSL sessions on my stores have been terminating. For example when I make a purchase and click on the “go to checkout” button I get a message that says “Opps, your session has expired” or something to that effect. I am running Zen Cart 1.3.9h in all stores. PHP version is 5.3.8.

    I have checked the folder and file permission levels and they are all no higher than 750 and 644 respectively.

    I have had a brief exchange on this forum with DrByte who noted that no other Zen Cart users are posting about this problem, so he suspects the web host is at fault. I have checked previous posts on the topic but they all seem to be around file permissions being set too high, rather than sessions expiring.

    I have put in numerous support tickets in to the webhost which are going nowhere (no response for 6 days now).

    So I’m really interested to know how many users are running a store using shared SSL (not dedicated SSL) under the suPHP / SuExec environment, whether you had similar problems and how you resolved them.

    I am already aware of two obvious solutions: a) purchase dedicated SSL, or b) change web host. However doing either of those will not resolve the underlying issue. I am after a technical solution to the current issue, rather than avoiding it by one of the above.

    Thanks for your help.

  9. #9
    Join Date
    Jun 2005
    Location
    Cumbria, UK
    Posts
    10,262
    Plugin Contributions
    3

    Default Re: Is your store using shared SSL under suPHP and SuExec?

    If DrByte can't advise you, then it is unlikely anyone else can.

    A host that does not respond to tickets in 6 (or more) days is a guarantee that your business can fail...

    So... given that your business is at risk, why are you still with that host?
    19 years a Zencart User

  10. #10
    Join Date
    Feb 2004
    Location
    Simcoe, Ontario, Canada
    Posts
    2,479
    Plugin Contributions
    1

    Default Re: Is your store using shared SSL under suPHP and SuExec?

    If it can be fixed by using a dedicated SSL certificate, why not just fork out the 30-50 bucks and be done with it? Is it really worth the headache to get that working?

    Plus in the future, you will have PCI Compliance issues with shared certificates and you will be forced to use a dedicated cert anyway.
    Windows, BSD, Linux, Cisco, Hardware & IT Security Tech
    GeekHost - Zen Cart Certified & PCI Compliant Hosting

    Qdixon's Security Blog

 

 
Page 1 of 4 123 ... LastLast

Similar Threads

  1. v138a Host upgraded to php 5.3.10 - store pages blank now
    By nosnip13 in forum Upgrading to 1.5.x
    Replies: 11
    Last Post: 22 Apr 2012, 09:56 AM
  2. v150 My host upgraded my site, now I have problems
    By Medieval1Knight in forum General Questions
    Replies: 4
    Last Post: 8 Apr 2012, 02:50 AM
  3. Replies: 6
    Last Post: 27 Jul 2011, 07:26 AM
  4. Host upgraded PHP to 5 now UTF-8 vs Latin1 text encoding issues
    By dharma in forum Installing on a Linux/Unix Server
    Replies: 10
    Last Post: 15 Jan 2009, 05:09 PM
  5. Replies: 12
    Last Post: 13 Jan 2007, 05:28 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR