PHP bug allowing site hijacking still menaces Internet 22 months on
Dark Steve wrote:
daneren2005 wrote:">show nested quotes
I finally just gave up and turned on auto security updates on my server.
Is updating really that much of an issue? You make it sound like you begrudgingly "gave up" and decided to keep your server software up to date.
I can understand if people are running a version that was superseded a few weeks before, but running a version that is months or years out of date? Why? If you care enough to keep a server running, how hard is it to keep the software up to date?
"portmaster -a" (formerly "portupgrade -a"). Done. I run that at least once a week, it's not hard.
(Though I'd always do it manually, never via cron job, just in case mysql doesn't automatically restart or I lose email or something. It's always good to keep an eye on updates/upgrades.)
'
Yes - I read this article and thought... crap I have a virtual server I need to probably update... so I did. Which promptly broke every single page in my website... then I spent two hours fixing all of those pages... admittedly it was some sloppy programming on my part, and in fixing it - I moved the common code to a page that gets included instead of being copy / pasted into every page...
The site is more of a hobby then anything else... it grew over time... and it could be better, I could have applied better programming principles... but I didn't...
In any event, my crappy hobbyist programming principles aside, you can't just go updating things every week... because in any real professional environment - you would need to test things... are you really going to run regression tests every time PHP is updated?
Updates need to be done, but they aren't trivial...