PHP Archives - HostArmada Blog https://www.hostarmada.com/blog/category/php/ HostArmada official blog. Useful web hosting related articles. Fri, 19 Jan 2024 20:35:19 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.3 Top 8 Common WordPress Errors and how to fix them https://www.hostarmada.com/blog/top-8-common-wordpress-errors-and-how-to-fix-them/ https://www.hostarmada.com/blog/top-8-common-wordpress-errors-and-how-to-fix-them/#respond Fri, 19 Jan 2024 20:35:19 +0000 https://www.hostarmada.com/blog/?p=3953 WordPress is, without a doubt, the single best thing that ever happened to website development. It empowers ordinary people without any coding knowledge or IT background to create stunning websites. It also allows developers to finish orders much faster. Most importantly, however, WordPress is a content management system that makes editing and designing your website […]

The post Top 8 Common WordPress Errors and how to fix them appeared first on HostArmada Blog.

]]>
WordPress is, without a doubt, the single best thing that ever happened to website development. It empowers ordinary people without any coding knowledge or IT background to create stunning websites. It also allows developers to finish orders much faster. Most importantly, however, WordPress is a content management system that makes editing and designing your website a piece of cake.

The benefits of going for a WordPress website are countless, and the downsides are relatively small. However, that doesn’t mean that there are no hiccups along the way. Even WordPress users may find themselves in a troublesome situation, as the platform is not immune to errors. This being said, it’s essential to know what the errors mean, why they appear, and, most importantly, how to fix them. Thus, as usual, we are here to help. We’ve prepared a handy crash course on the eight most common WordPress Errors you may encounter.

White Screen of Death

This is one error no one wants to see. It’s hands down the most disturbing issue you may encounter. The White screen of death (WSoD) basically replaces your entire website with a blank page – a vast nothingness. There are no error messages, no notifications, nothing. Just a white screen telling you you are screwed.

A representation of getting the White Screen of Death

Most often, WSoD means your website memory limit is exhausted by a script. Thus, your hosting provider either times out the script or, as a more radical solution, kills it altogether. That’s why you don’t get any message whatsoever. Sometimes, the problem might come from a poorly performing plugin. In rare cases, this may even be caused by a coding error in the theme itself.

The toughest thing about the WSoD error is that a number of reasons can cause it, so the solutions are not as simple and straightforward as some other errors on our list will have. So, if you stumble upon this traitorous error, don’t despair. The fixes are quite easy. The hard part is determining what the problem is.

Solution

  1. Firstly, if you can access your dashboard, try deactivating all your plugins. If your website appears after this, it will look rather dull. Still, it would show you that the problem is within a malfunctioning plugin. Start activating the plugins one by one until you find the one causing the problem. Once you find it, you can replace it with an alternative, delete it altogether, or look into a solution within the WordPress society.
  1. If you can’t even reach the dashboard, it’s a good idea to try if other websites using the same hosting account are operational. If not, then contact your hosting provider to find a solution. This may be a temporary problem, but nonetheless, informing the hosting provider they have it is a great way to make sure the problem is with them.
  1. Sometimes, the problem is because you’ve reached your memory limit. Well, the obvious solution is to increase your PHP memory availability. This will allow the heavy script to get more memory and finish the job.
  1. If you suspect the problem is within your theme, simply activate the WP Default Theme. Before you start changing anything, though, creating a backup is a good idea, just in case the problem is elsewhere. Connect to your website via FTP client and go to “wp-content/themes/ folder. There, you will find all installed themes on your website. Select your current WordPress theme with a right-click and download it to your computer. Only after that can you delete it from your website. This way, WordPress will revert back to the default theme.
  1. Sometimes, the solution to the WSoD is as easy as clearing the cache.

Locked out of wp-admin

WordPress dashboard is, without a doubt, the single most important asset of your website. This is the main panel where you can change, add, or delete content, functionalities, or copy from your website. Needless to say, having constant access to the dashboard is instrumental in having an operational WordPress website.

However, there are some issues that may lead to getting locked out of your WordPress admin dashboard. Now, don’t panic. This is troublesome indeed, but as usual, there is a solution.

Screenshot of WP login page

But why would WordPress lock you out of your own website? Well, there are various reasons. You may have unintentionally messed something up if you have touched the website’s code recently. Some plugins may also be behind this issue, as well as a theme update. If the problem occurred after a recent change, you would have a pretty good idea of where to start looking.

Solutions

  1. The most common reason for being locked out of your dashboard is a forgotten password. The simplest solution is to simply follow the “Lost your password” and gain access that way.
  1. Another reason to be locked out is when you reach your login limit. By default, you have countless tries to enter the correct password. However, any IT specialist will tell you this is an invitation to hackers to simply try hundreds of thousands of combinations until they crack your website open. Thus, having a limited number of attempts is a good idea.The problem is when you reach this limit. Still, that’s not the end of the world. The easiest way to gain your access back is by using an FTP client. Access your website’s data via the FTP client and go to /wp-content/plugins/folder/. There, you simply must delete the limit-login attempts plugin, and you are ready to go. Just remember to reinstall it once you’ve gained access.
  1. The worst reason for being locked out of your dashboard is if your website is hacked. Then, the hacker might have deleted your admin privileges. Don’t worry, though. There is still a way to recover your website. However, this is definitely not something you should do alone, as it needs vast knowledge. So, finding a professional to do it for you is best.

Trouble with Database Connection

As you can imagine, your website is nothing more than a sequence of files stored in a database. So, to be able to access your website, you must have a connection with the database at all times. Naturally, sometimes your website loses that connection, and it’s most often due to a single file on your website – wp-config.php. This is the file that contains all the information about the website’s database. Thus, if there is a problem with the database connection, this file is most likely the perpetrator.

Solution:

As you can imagine, the solution to this problem lies in precisely this file. First, you must find it within your website’s files. The wp-config.php file usually lies in the root folder. When you find it, right-click on it and select View/Edit. Now, you would want to check if all credentials are in order. This includes the database name, the My SQL database username, the password, and the hostname. These are the lines you should be looking after.

/** The name of the database for WordPress */
define('DB_NAME', 'database_name_here');

/** MySQL database username */
define('DB_USER', 'username_here');

/** MySQL database password */
define('DB_PASSWORD', 'password_here');

/** MySQL hostname */
define('DB_HOST', 'localhost');

If the credentials are not correct, fixing them should solve the problem.

However, if the problem is still at large, you will need to add an additional line to your wp-config.php file:

define('WP_ALLOW_REPAIR', true).

Make sure to place it separately within the file and to designate it properly. Once you’ve added the line, go to http://www.yoursite.com/wp-admin/maint/repair.php. There, you will be able to repair your database. Note that any user will be able to get to this link, so once you’ve finished fixing the problem, don’t forget to delete the added line (1 define(‘WP_ALLOW_REPAIR’, true))

Failed Auto-Update

Now, this is one problem that’s definitely not a huge deal, but it does cause inconvenience. You must keep your WordPress up to date, and if your Auto-update is not working, you will have to do it manually. This is tedious, to say the least, and may pose some serious security issues as well. You can check if there is such an error in the update menu on your dashboard right under Current Version.

Screenshot of Auto-update option

Various reasons may stay behind this problem. Losing an internet connection during the update is the most common one. Still, the problem may occur due to losing connection to the WP main files or having some incorrect permissions.

Solutions:

If this is a one-time occurrence, you can simply do it manually. Download the WordPress zip file, extract the downloaded files, and prepare for installation. This includes deactivating all plugins, as they may cause an issue during the installation process. Also, you may want to delete old wp-admin directories from your web host and the wp-includes. The new upload will replace them.

Then simply transfer the new files into your wp-content folder and overwrite the old ones. It’s important not to delete any files in that folder or the folder itself.

Finally, upload all loose files from the root directory of the updated version to your old root directory. Do not delete anything from the root directory, and avoid overwriting any customization files or plugins if that’s not crucial.

Then, delete the .maintenance file from your WordPress directory by using FTP.

Next, you must update your installation. You simply must visit your admin page and log in. WordPress will provide a link to the upgrade.php if the update is required. All you need to do is follow the instructions.

After all of this is done, reactivate your plugins and clear the cache.

Syntax Error

Syntax errors typically happen after you’ve made some changes to your website. For example, you may have added some custom code to your website, or you may have installed a new plugin or theme. The problem occurs when a syntax error is introduced to the website’s code.

The syntax error is courteous enough to show you precisely where the error is, or at least show you the line that’s causing the issue. Naturally, the solution is quite simple.

Solution:

To fix the problem, all you need to do is to fix the error in the shown line. If someone else did the changes and you’re uncomfortable messing around with your website’s code, reverting to a backup is the easiest solution.

If a plugin or a theme causes the problem, deleting them will resolve it immediately. Or you can use an SFTP to find the problematic line and fix it yourself. It’s up to you.

HTTP Image Upload Errors

This is one problem that can really be nerve-wracking. You’re just about to post your new blog post and can’t upload your image. Now, the size would hardly be a problem if you are uploading an image. WordPress allows you to upload files with a maximum size of 512 MB. The most common issues are incorrect file permissions or plugin interference.

Screenshot of media library upload option

Solutions:

  1. Before you jump in your FTP of choice and start giving out permissions, you might just want to clear your browser cache and see if that wasn’t the problem in the first place. Sometimes, the browser cache interferes with the uploading process, and the solution is as easy as clearing it.
  1. Try renaming the file. If the file name contains any special characters, this will render the uploading process impossible. So, take out all punctuations and special symbols from the file name.
  1. Try uploading from a different browser. This way, you will see if the problem is with your browser or website.
  1. Deactivating plugins. Yes, unfortunately, plugins, as third-party software, often lead to problems with your website. Still, a simple deactivation of recently installed or updated plugins may be the solution. If this solves the issue, inform the developer of the problem so they can fix it.
  1. Check if the memory limit is not exhausted. If this is the problem, you might want to increase your memory limit.
  1. Finally, check if the file permissions are correct. Go to your /wp-content/folder/ using your FTP client of choice and find the uploads folder. Right-click on it and select “File Permissions”. Next, go to the Numeric value box and enter 744 or 755. If both don’t work, try with 644. Then, check the “recurse into subdirectories box and select “Apply to directories only. ” Finally, press OK, and this should solve your problem.

Fixing WordPress Keeps Logging Out Problem

This is definitely the most frustrating issue you can stumble upon, especially when you haven’t saved your work, and you are in the middle of configuring vital settings. The worst part is that this issue is caused due to negligence and oversight by the person configuring the website.

The issue is often caused by placing a different URL in the site address and the WordPress address boxes in your website’s settings. Every time you log in to your website, WordPress will set a cookie to your browser that will authenticate your login session. The cookie is set for the WordPress address stored in your settings menu. So, if there is a difference between the site address and the WordPress address, the login session can’t be authenticated.

The worst part is that in 99% of cases, the problem is that you added www in one of the boxes. For example:

WordPress Address (URL) : https://yourwebsite.com

Site Address (URL) : https://www.yourwebsite.com

Frustrating indeed, but easily solvable.

Screenshot of the WordPress and Site Address bars

Solution:

The solution is as simple as going to your dashboard –> settings–> general and making the WordPress address and the Site address the same. Don’t forget to hit “save changes” at the end.

Connection Timed Out

Finally, we have the connection timed-out error. Usually, this issue appears when the server gives up trying to recover your website’s data. Naturally, this happens for a variety of reasons. The most common is within your server. It simply lacks the resources to load your website. This can be caused because you reached your bandwidth limit, because too many users are trying to enter simultaneously, or you reached your visitors limit, set by some hosting companies. Moreover, if you are using shared hosting, another website could be hogging all the server’s resources.

Solution:

  1. One solution is to downsize your website. Get back to the default theme, reduce the number of plugins, and optimize your image and video use. This will reduce your resource needs.
  2. Upgrade your hosting plan. If shared hosting is not enough anymore, obviously, you must go a step further. Unfortunately, though, dedicated server hosting plans can cost significantly more than what you are used to. Still, if the website earns money, each minute down is a huge loss.
  3. Finally, you can simply join HostArmada and enjoy our cloud-based hosting infrastructure. This allows us to redirect occasional influxes and maintain all our customers online all the time. We even have a 99.9% uptime guarantee policy, affecting shared hosting customers.

So, if you want an easy and cost-efficient solution to the connection time problem, all you need to do is check our plans and choose the best fit for your needs. On top of that, you will receive a lightning-fast loading time and top-notch security.

Conclusion

Knowing how to deal with these issues will help you mitigate sudden problems with your WordPress website without the need for a professional. Still, if the issues prove to be more severe, we highly recommend seeking the help of someone with experience dealing with WordPress. Those issues may be easily solvable, but touching the database of your website is not a joke and it may easily destroy your entire work if not done with precision. So, if you think you are not ready to solve those issues on your own, there is no shame in simply asking a professional for help. It will certainly save you a lot of time and trouble.

 

The post Top 8 Common WordPress Errors and how to fix them appeared first on HostArmada Blog.

]]>
https://www.hostarmada.com/blog/top-8-common-wordpress-errors-and-how-to-fix-them/feed/ 0
In the search for the best PHP framework: Laravel vs Symfony https://www.hostarmada.com/blog/in-the-search-for-the-best-php-framework-laravel-vs-symfony/ https://www.hostarmada.com/blog/in-the-search-for-the-best-php-framework-laravel-vs-symfony/#respond Fri, 22 Jul 2022 14:06:02 +0000 https://www.hostarmada.com/blog/?p=2597 Starting a new PHP development project is always challenging, especially when deciding on the PHP Framework you will use. Despite sounding easy at first glance, choosing the proper framework is crucial for your project and how fast you can finish it.  A PHP framework is a platform for building PHP applications whose primary goal is […]

The post In the search for the best PHP framework: Laravel vs Symfony appeared first on HostArmada Blog.

]]>
Starting a new PHP development project is always challenging, especially when deciding on the PHP Framework you will use. Despite sounding easy at first glance, choosing the proper framework is crucial for your project and how fast you can finish it. 

A PHP framework is a platform for building PHP applications whose primary goal is to cut short your delivery time, help you with coding, implement a layer of security, and integrate basic standard functionalities effortlessly. To achieve that, a PHP framework consists of vast libraries with codes that can be implemented, and the developer won’t need to write already established codes from scratch.

Why do you need a PHP framework?

PHP coding is not an easy task, and while you can do it all on your own, it will take a lot more time. Furthermore, you can and probably will make a small typo or another coding mistake, affecting your whole code. You won’t worry about errors using a PHP framework since the code was tested and verified before adding it to the used libraries. Furthermore, it will save you time and energy since, without it, you will still have to write the same code that’s already been provided. 

As the world’s most popular programming language, with 45.4% (in 2021) of people using it, PHP has a wide variety of frameworks to choose from. Having said that, it’s not hard to test many of them until you discover that only a few are the real deal. Among them, Laravel and Symfony are, without a doubt, the best ones. So today, we will compare these head to head! 

A Brief Introduction

Introducing Symfony

Symfony is an open-source, free-to-use PHP web development application framework, which was first introduced in late 2005. The platform gained some popularity, but what really made it a hit was the release of the 2.0 version in 2011. Over 32,000 websites use Symfony as their foundation. The framework was used to build some notable governmental websites in France, including the Cultural ministry’s web portal. Furthermore, the Interpol website was also created using this framework. 

Symfony has one major advantage over other frameworks – you can use any Symfony component outside the framework, and it will still do a tremendous job. This makes work with Symfony much more beneficial, and you can also use it in other projects. This framework can be of help when building e-commerce websites, content management systems, and even sending emails via Symfony.

Introducing Laravel

Just like with Symfony, what truly made Laravel a PHP framework superstar is version 4.0, which was introduced in 2013. This modification was a complete rewrite of the framework, which decoupled the functionalities into separate components. These components are then managed with Composer. 

What really makes Laravel a top PHP framework is the syntax’s simplicity, which is extremely easy to learn, write, read and maintain. Over 387,000 websites use Laravel, among which are Weebly, Epik, Snapwidget, and others. Most users are in the US, but the framework is used worldwide. A huge recognition came in 2016 when Laravel was announced as the most popular framework of the year.  

There are many similarities between the two frameworks, but what really counts are the differences. Let’s review these! 

Installation process

As far as the installation procedure goes, both Symfony and Laravel are fairly straightforward. However, you will need to install a dependency manager beforehand, and since both frameworks work with Composer, we’d suggest using it. 

Image of software installation

Symfony offers an alternative installation method via installing a new binary in your system. This will give you several advantages and nifty commands, which can help you greatly, especially when there is a missing dependency.

Laravel also allows for different installation methods, but there aren’t any advantages to that. In fact, sticking to the default composer method is your best option. 

Winner: Symfony – Although both are pretty straightforward, Symfony’s additional advantages can’t be overlooked.

Configuration

When it comes to configuration, Laravel is much easier to use. The framework uses the default PHP syntax. It has .env files as a base, and the application configuration is saved as .php file. Laravel separates the basic and the special configurations, making the use more organized and easy.

Symphony’s configuration is entirely different and much more complicated at first glance. This framework separates the environment configuration and the bundle configuration. The former is stored as .env, where the essential information is held. The latter uses YAML files predominantly. They determine how the website will behave in any environment. 

Winner: Laravel – Symfony’s configuration is much more complex. Although it allows you to create different files for different environments, the complexity of the YAML syntax and the need to learn it altogether makes the familiar PHP syntax of Laravel the better choice.

Templates

There are no significant differences between Symfony’s Twig and Laravel’s Blade templating engines. The latter is typically considered to be easier to use, but syntax aside, there are no major differences in functionality, and both have fans. 

Both allow the usage of “for” loops and “if” statements, work fast, and generate their templates into PHP codes. Most importantly, they are great at preventing XSS attacks due to escaping output by default.

There are some minor differences, though. Symfony’s Twig allows users to filter, while with Laravel’s Blade, you can directly add PHP code to your templates. Furthermore, Blade makes functionality extensions simpler. 

Winner: Tie – While many consider Laravel’s engine to be more user-friendly, the differences between Twig and Blade are way too small to claim that either one is better. 

Coding Style

The coding style is another difference between the two frameworks. Symphony is entirely based on coupled classes created by dependency injections. This makes the entire process of long-term maintenance and testing a whole lot easier.

Image of programming code

Laravel, on the other hand, automatically scans for dependencies and resolves them automatically, making the dependency configuration redundant. Naturally, this means that the whole process is a lot easier, which is turning into a theme for Laravel’s use. However, while Laravel is, without a doubt, easier to use in this case, it may result in some issues with maintenance and testing in the long run. 

Winner: Symfony – The long-term solution is always better than the easier short-term one.  

ORM

The object-relational mapping (ORM) feature is essential for both frameworks, and while they have some differences, their main objective remains the same. 

Symfony integrates a third-party ORM – Doctrine, while Laravel uses its product, Eloquent, to interact with its database. Doctrine entities can be used outside a specific scenario, which gives them greater flexibility. It implements DataMapper patterns, which know nothing about the database, but they can use the data itself. The information about all interactions between the models and the database is stored in a separate layer called Entity manager. Thus this manager does all the operations. One of the most significant advantages of this ORM is the database operation optimization abilities because the processes are queueing rather than running simultaneously. 

Laravel’s Eloquent, on the other hand, implements the ActiveRecord pattern, where all models are aware of the database and work directly with it. It allows the ORM to update, create and delete a record. Furthermore, Eloquent is much more PHP developer-friendly and can be learned much quicker. 

Winner: Symfony – While Eloquent is the easier option, Doctrine has more valuable features and helps the database processes to be better organized and run smoother. 

Security

Security is essential in all PHP frameworks, and both Symfony and Laravel are among the top choices in this regard. Symfony has one genuinely robust security system, but it’s a bit complicated to set it up. On the other hand, it’s pretty sophisticated, with several authentication methods and a well-designed permission model.  

Image of a person clicking on a padlock

Laravel’s security is less complicated and lacks many of Symphony’s features. However, for most projects, Laravel’s basic protection is quite enough, and the easy set-up makes it a preferred security model for many.

Winner: Symfony – despite being the more complicated option, Symfony’s solution has better features and is more tightly secured. This being said, Laravel’s protection is by no means weak, but it simply can’t hold a candle against Symfony.  

Request-Response Lifecycle

The lifecycle is probably the single most important thing when choosing the right framework for your project. This is the process of converting a request into a response and is essential for your project.

Symfony uses a system called Event Dispatcher. It fires different events and event listeners to handle them. Events follow strict steps and the event listeners follow closely. Typically the listeners are related to CSRF token validation, security checks, and the entire signing process. The best thing about Event Dispatcher is that you can add functionality by creating custom event listeners and assigning them to the correct event. 

Laravel has an entirely different way of converting requests into responses. Middleware, as the method is called, is once again a much easier solution with some limitations. A request has to go through different stages or layers, if you will, on its way to the controller. These layers are basically the equivalent of Event Listeners in Symfony and are responsible for the security and other features. Once the controller gives the response, it has to go through the same layers. Naturally, if you want to add new features, you need to create a new middleware. 

Winner: Laravel – as with almost everything else, Laravel has a more straightforward approach, making the whole process far less complicated. 

Which one is better?

Picking up a winner is not an easy task. Both frameworks are extremely good and have their strengths and weaknesses. 

Symfony is better if you’re building a complex application for a huge company, as it’s easily scalable, effortlessly maintained, and comprehensively structured. This framework is perfect if you are searching for a long-term solution, as it has a predictable release schedule for the next few years. Thus surprises are highly unlikely. 

Laravel, on the other hand, is a gateway framework, as it’s easy to learn and has a far simpler syntax than Symfony. Furthermore, there are tons of learning materials online. This makes Laravel developers easier to find, which is perfect for start-ups or small companies with lower budgets. 

Our pick leans toward Syomfny due to its versatility, scalability, and overall adoption level by the development community. But no matter which one is right for you, your business and your website would need excellent hosting service. Here at HostArmada, we offer precisely that. So give us a call, and let’s help you choose the best hosting for your needs. 

The post In the search for the best PHP framework: Laravel vs Symfony appeared first on HostArmada Blog.

]]>
https://www.hostarmada.com/blog/in-the-search-for-the-best-php-framework-laravel-vs-symfony/feed/ 0
Hackers exploit the PHP Git repository adding backdoor to PHP’s source code https://www.hostarmada.com/blog/hackers-exploit-php-git-repository-add-backdoor/ https://www.hostarmada.com/blog/hackers-exploit-php-git-repository-add-backdoor/#respond Fri, 09 Apr 2021 13:04:56 +0000 https://www.hostarmada.com/blog/?p=1756 According to the latest online sources, HostArmada can confirm that the official PHP git repository, at http://git.php.net/, was the target of two malicious attacks made on 2021-03-28. Hackers pushed the two malicious exploits to the php-src repo from Rasmus Lerdorf and Nikita Popov’s names. It is unknown how exactly this happened, but everything points towards […]

The post Hackers exploit the PHP Git repository adding backdoor to PHP’s source code appeared first on HostArmada Blog.

]]>
According to the latest online sources, HostArmada can confirm that the official PHP git repository, at http://git.php.net/, was the target of two malicious attacks made on 2021-03-28. Hackers pushed the two malicious exploits to the php-src repo from Rasmus Lerdorf and Nikita Popov’s names. It is unknown how exactly this happened, but everything points towards hackers compromising the git.php.net server (rather than compromising any individual git account).

HostArmada continues to be a reliable source of news. After our latest blog post about cybersecurity, we continue the trend of reporting the major news that our clients and other interested parties should keep an eye out for. Please keep reading to find out more about this incident as it develops!

Here are the two referenced commits that we are talking about in this blog post:

What did the hackers do?

Hackers exploit GitHub.

Everything points towards a compromise of the git.php.net server. Hackers pushed the backdoored code on the server under the guise of a very minor and inconspicuous edit. The malicious attackers pushed the two commits to the php-src repo for the popular scripting language. This backdoor would have allowed them to perform remote code execution (RCE), PHP maintainers revealed in an official statement. These unknown chaos agents would have used the backdoor for the remote takeover of any website that uses PHP. Maintainers are now reviewing the repositories for any signs of further compromise.

The security incident can be described as a supply-chain attack. Threat actors will target an open-source project, library, or another component that is relied upon by a large user base. By compromising one core target, it may be possible for malicious code to trickle down to a wide-reaching number of systems.

A recent example is the SolarWinds fiasco, discussed in our previous blog post, in which the vendor was breached, and hackers planted a malicious update for its Orion software. Once malicious users deployed this malware, tens of thousands of organizations were compromised, including Microsoft, FireEye, and Mimecast.

An investigation is still underway with no confirmed reports pointing to the identity of the attacker.

The malicious code includes reference to ‘Zerodium,’ a US company known for buying zero-day exploits. The company has so far denied involvement. In a tweet Zerodium CEO said:

“Cheers to the troll who put ‘Zerodium’ in today’s PHP git compromised commits. Obviously, we have nothing to do with this. Likely, the researcher(s) who found this bug/exploit tried to sell it to many entities, but none wanted to buy this crap, so they burned it for fun.”

Zerodium CEO Chaouki Bekrar

Repercussions of the attack

Hackers exploit GitHub.

While preliminary investigations are still underway, PHP maintainers have decided that maintaining their own git infrastructure is an unnecessary security risk at this time. In the interest of cybersecurity and to prevent other hackers from interfering, they will discontinue the git.php.net server. As of right now and indefinitely. Instead, the repositories on GitHub, which were previously only mirrors, will become canonical. This means that in the future, they should push changes directly to GitHub rather than to git.php.net.

Previously the write access to repositories handles through their home-grown karma system. You will now need to be part of the PHP organization on GitHub. If you are not part of the organization yet or don’t have access to a repository you should have access to, contact Nikita Popov at nikic@php.net with your php.net and GitHub account names, as well as the permissions you’re currently missing. Membership in the organization has to have 2FA turned on. This change also means that it is now possible to merge pull requests directly from the GitHub web interface.

Have the hackers left Github users unsafe?

Hackers may indeed have exploited the PHP repository itself. However, PHP maintainers found the backdoor left by the attacker(s) early. This was way before its malicious code could have reached the latest PHP release. This means that no released versions of PHP included this backdoor. This has prevented what could have been a major disaster for the global online community. According to a Web Technology Surveys study, PHP is thought to underpin almost 80% of all websites. This includes all WordPress sites, which are built on PHP.

The PHP team is currently reviewing the repositories to ensure that no other modifications were made by the attacker(s), but nothing has been found up to now. HostArmada will continue to monitor the situation further to provide you with updates as it develops further. We are quite eager to hear the results of the investigation!

In the wake of the Microsoft Exchange Github Scandal

This wasn’t the only cybersecurity alert that has happened for Github in the recent past. After security researcher Nguyen Jang posted a proof-of-concept exploit on GitHub that abuses a Microsoft Exchange vulnerability revealed earlier, GitHub, which is Microsoft-owned, removed the code to the alarm of security researchers worldwide.

The PoC code, something short of an actual functioning exploit, consisted of a 169-line Python file. It took advantage of CVE-2021-26855, a Microsoft Exchange Server flaw that allows an attacker to bypass authentication and act with administrative privileges. The bug, referred to as ProxyLogon, was one of four Microsoft Exchange zero-days that Microsoft patched in an out-of-band release on March 3, 2021. It’s part of the “Hafnium” attack that prompted a US government warning last week, which we’ve also discussed in our previous blog post.

Jang posted a write-up of his work, in Vietnamese, with a link to the code on GitHub. And a few hours later, the link to the code on GitHub no longer functioned.

It is safe to say that this bodes some concern over Microsoft’s ability to handle cybersecurity threats and its ability to hold wholesome interactions with cybersecurity researchers and experts. We’ll have to monitor how the giant techno-corp will react and adapt to this uncertain and dangerous climate. We wish them luck and success in this endeavor!

Closing Remarks

Expect us to be following the trends in cybersecurity in future blog posts as well. There is a lot to cover and currently happening across the world. The timing isn’t great either, given the rest of the issues the denizens of Earth are currently experiencing as a global society and the Covid-19 pandemic. The last thing we need is an unstable world wide web filled with threat actors looking to exploit big corporations and regular internet users in criminal and malicious ways. Unfortunately, that is what the current climate is showing us. Regardless this is an opportunity for companies such as HostArmada to raise awareness about these issues and be part of our global efforts to innovate and adapt to these new challenges.

Furthermore, we here at HostArmada, want to assure you that we have not been impacted by these cybersecurity threats as of now and are only reporting them to make sure our clients are well-informed about the state of the digital world.

If you have further questions, suggestions, or concerns, you can always reach us. HostArmada remains ready to be deployed 24/7!

The post Hackers exploit the PHP Git repository adding backdoor to PHP’s source code appeared first on HostArmada Blog.

]]>
https://www.hostarmada.com/blog/hackers-exploit-php-git-repository-add-backdoor/feed/ 0
PHP 8 available on all HostArmada services https://www.hostarmada.com/blog/php-8-available-on-all-hostarmada-services/ https://www.hostarmada.com/blog/php-8-available-on-all-hostarmada-services/#respond Fri, 19 Feb 2021 14:04:41 +0000 https://www.hostarmada.com/blog/?p=1458 PHP is still the most widely used server-side programming language for dynamic websites. In fact, according to W3Techs’ report, it empowers 79.1% of all websites with known server-side programming logic. To put that into a better perspective, the overwhelming majority of websites are currently up and running around the internet with PHP’s help. That is […]

The post PHP 8 available on all HostArmada services appeared first on HostArmada Blog.

]]>
PHP is still the most widely used server-side programming language for dynamic websites. In fact, according to W3Techs’ report, it empowers 79.1% of all websites with known server-side programming logic. To put that into a better perspective, the overwhelming majority of websites are currently up and running around the internet with PHP’s help. That is why we are very excited to announce that HostArmada has now made the newest and most requested PHP version available – PHP 8 on all our web hosting solutions!

It’s available, but what exactly is new?

PHP version 8.0 is a significant update over the 7.4 branch of the PHP programming language. There are many new features and optimizations, including named arguments, union types, attributes, constructor property promotion, match expression, nullsafe operator, and JIT. It introduced improvements in the type system, error handling, and consistency. According to the PHP 8 roadmap, many long-expected, exciting features and enhancements have arrived with the release.

It adds much more clarity, transparency, efficiency to the development workflow and gives developers a chance to build better, faster, and safer websites and applications. Many built-in functions are now pickier about the input they accept, and PHP 8 itself is more stringent about how that information is passed to functions. Issues that previously resulted in notices directly result in warnings. And issues that resulted in warnings now result in errors. In other words, PHP 8 is not as lenient as previous versions. It will not try quite as hard to make code work no matter what.

What does having PHP 8 available mean for your existing applications?

Should you upgrade your online projects immediately? Probably not. First of all, you should confirm that everything is working with PHP version 7.4. Because of the many new features and improvements, there’s a higher chance you’ll need to make some changes in your PHP code to get it fully adapted to the new PHP 8. If you’ve maintained your code up to date with the latest releases, though, the upgrade shouldn’t be too hard since most breaking changes that could occur were deprecated before in the 7.* versions.

New major features breakdown

Here are some of the most important major features PHP 8 introduces:

  1. Attributes – Also known as annotations in other languages, provide a mechanism to add metadata to your codebase. Attributes can be used with classes, methods, functions, and properties. They’re easier to work with than the docblock approach adopted by many PHP 7 projects.
  2. Constructor Property Promotion – PHP 8 adds support for Constructor Property Promotion, a shorthand syntax that lets you combine property definition, type-hinting, and population inline in the constructor’s signature.
  3. JIT – The JIT — just in time — compiler promises significant performance improvements. It is implemented and introduced as an almost independent part of OPcache.
  4. Union Types – PHP’s type system continues to develop with PHP 8. It’s now possible to hint types as a “union” of two or more types, where the type’s value can derive from any of the types in the union.
  5. Match Expression – The new match expression is presented as a compact, safer alternative to the commonly known switch. It does not require the use of case and break statements, supports combined conditions, and returns a value instead of entering a new code block.
  6. Nullsafe Operator – PHP 8 now supports inline null checking with automatic short-circuiting with the use of the Nullsafe Operator. You can build up a chain of checks that will abort, returning null when evaluating any element fails.
  7. Stricter Type System – A fair number of changes in this area enhance the strictness and consistency with which type checking is enforced.
  8. Named ArgumentsNamed Arguments allow you to pass in values to a function by specifying the value name so that you don’t have to consider their order. You can also skip optional parameters!

How to upgrade to PHP 8?

The cPanel service offered with our Shared Hosting solutions has an easy-to-use feature known as “PHP selector”. That is what you can use to change your PHP version to PHP 8. Please bear in mind this update to the arrangement will affect all the websites hosted on the cPanel. For the convenience of our clients, we have published a HostArmada PHP selector tutorial where you can find a step-by-step guide on changing your PHP version, as well as additional information on how to use it effectively and manage your PHP extensions.

If you are a client of our Cloud SSD VPS or Dedicated CPU solutions, the PHP 8 is available on demand. The only thing you will need to do is to submit a ticket via your Client Area with HostArmada and request the installation and configuration of PHP 8.

If you still have questions or encounter issues with this process, despite our guide, there is nothing to worry about because our expert support team is here to help at any time as we are available 24/7.

The post PHP 8 available on all HostArmada services appeared first on HostArmada Blog.

]]>
https://www.hostarmada.com/blog/php-8-available-on-all-hostarmada-services/feed/ 0