Solved

PHP update on Win2k8 IIS server

Posted on 2014-03-18
8
354 Views
Last Modified: 2014-03-24
Hi all,
   I have 3 web servers at a client site that need to be updated, i need to upgrade the php to clear some security issues that have been hilighted.

I am running Server 2008 with IIS, the version of PHP is 5.3.10.0 (from the exe). I want to know the best way to update this and if possible a dummy guide (simple steps) along with knowing the risks to the content already in place.

The servers each are running between 40 and 100 sites so i want to ensure that any changed i make will have a minimal impact. I can take a Snapshot of the machines before hand for a roll back if required but i would like that to be a last resort.

Any support or links here would be much appreciated,
0
Comment
Question by:ncomper
  • 3
  • 3
  • 2
8 Comments
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 333 total points
ID: 39937002
Some "interesting" things may show up in a PHP5.3+ upgrade to PHP 5.4 or PHP 5.5.  For example, call-time-pass-by-reference is no longer deprecated; instead it causes a fatal error.  The definition of error_reporting(E_ALL) has changed.  And the default character set may be different if it is not specified in the function calls.  Unfortunately there is no good way to predict if any of these risks will cause problems, except for the call-time-pass-by-reference (you can scan the PHP code for instances of &$ and & $ to detect this).

PHP has a changelog that details the release differences.  If you're moving up from 5.3.10, you might start your research at 5.3.11.  Example here:
http://www.php.net/ChangeLog-5.php#5.3.11

The MySQL extension is deprecated at PHP 5.5.  What to do here:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/PHP_Databases/A_11177-PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 39937379
Replacing your version of PHP is easy.  Knowing the risks is next to impossible with about 200 sites written by many different people.  Which is why I have only seen two hosting companies upgrade their version of PHP on a server in the last 10 years.  In one case we were told it was going to happen.  In the other case, I got a big job fixing old code to work with the new version.  Everyone else has required that you move to a 'new' server with more recent version of PHP.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39937395
Tell the clients to move to the "new" server -- what a great idea!  It puts the responsibility for compatibility testing and any required upgrades squarely where it belongs - with the owner of the scripts.

That's why I love EE.  Answers that make sense from real-world experience.

Best to all, ~Ray
0
 
LVL 5

Author Comment

by:ncomper
ID: 39939306
We have had an additional discussion internal and have put forward the following option.

1) Clone the server and drop into a Test environment
2) Provide access to the test server to 3rd party developers
3) Upgrade server PHP to 5.3
4) Test all sites for compatability
5) If successful Replace live server with Updated VM

Now that is over simplified from the actual steps and my initial concerns are as follows

a) Clone server will need to be placed in the Live network to allow for external access
b) Name of server will need to be changed along with IP addresses to remove conflict

Completing the above could cause issues as i think i will need to Drop the server from the domain to allow for the Name change, the IP addresses are linked to Secure sites within IIS.

As i am not a web developer i am not aware of the impact from the above so any advice here would be much appreciated.

** all site belong to the business we have 3 developer teams that work on various sites so we are not a hosting provider
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 333 total points
ID: 39939330
3) Upgrade server PHP to 5.3
I understood that you were already running PHP 5.3.10?

I think you need professional help.  What you have is not a question with an answer, it's a project that needs technical advice and PM skills over time.  Your choices are (1) Hire a professional and move forward with the project or (2) Step away from the project, learn everything a professional already knows, then return to the project.  There are many intricacies involved in the upgrades and the need for precision is important.  You probably do not want to go it alone, with hundreds of web sites hanging in the balance.

As the great firefighter Red Adair famously said, "If you think it's expensive to hire a professional, just wait till you hire an amateur!"  

Best of luck with the project, ~Ray
0
 
LVL 5

Author Comment

by:ncomper
ID: 39939341
Ray thanks for the comment,
   As you can see that was only a Typo on the version number. The Developers have been tasked with completing the updates and so "The professionals" will be in charge of the project and deliverable, not myself, as i refused to complete project above for your exact reasons (totally not my area or skill set).

My request above was to find the best way to make a cloned server available for the external company to begin the test works without touching the Live infrastructure.

If this was an internal change/Test i would clone the server, place it on an isolated VM network and complete the test upgrade process. As i need the external company to have access to the machine some kind of connectivity would be required and this is what i need to organize.
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 167 total points
ID: 39940354
I think the 'Test' server idea is a good, there are just a lot of details that have to be taken care of to get it to work.  But not nearly what it would take if you upgraded PHP and the sites failed because then it becomes an emergency to get them back on line.
0
 
LVL 5

Author Closing Comment

by:ncomper
ID: 39950324
Overall
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
This article discusses how to create an extensible mechanism for linked drop downs.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now