000webhost.com back after being hacked
Roughly a week about the hack of 000webhost.com‘s client database became public (technically 000webhost.com was hacked in March 2015 already, but the hack became public just a few days ago) and 000webhost.com publicly admitting on Facebook and on their website that they indeed have been hacked and client information have been leaked the 000webhost.com website now seems to be back, and so is their support forum.
Sadly i see no changes so far. Their support forum still uses vBulletin 3.8.2 which was end of life years ago and i also don’t see any changes to the PHP version used on the servers they host the free accounts on. To verify, simply visit Server24 PHP Info or any other of their servers and you will find them using PHP 5.2.17. The exact same PHP version that was exploited to gain access to their systems and download the client database. I am not sure if sticking with a PHP version that is way outdated is a good idea, especially not if the version seems to have security issues that will not get patched because of it being end of life and no longer supported.
I lost count on how many discussions or suggestion were made at the 000webhost.com forums about upgrading PHP from 5.2.17 to 5.3.10 or even more recent versions. Out of the first posts, after the forum came back online, many of them were about…guess what? Exactly, how 000webhost.com now thinks about updating the PHP version. However, as of now there is no information available on whether they consider updating the PHP version or not. Maybe they are still in the process of figuring out if updating PHP breaks some of the tools they offer through their control panel, their support ticket system, their helpdesk system or anything else related to the functionality of their hosting service. I am eagerly waiting for the helpdesk blog to come back online as well, maybe there is a little more information available on a possible upgrade of PHP (and all other software they use, vBulletin for example).