We don’t normally comment, let alone write a blog post, on security issues as we’re firm believers in security through obscurity. This provides another layer of defense against any would-be hackers. However, a couple of recent changes on our hosting infrastructure do deserve comment because they may affect a small minority of customers in how they’ve previously accessed their website.
1) We’re completely removing FollowSymLinks, including overrides except where SymLinksIfOwnerMatch applies. This is to prevent any content, images or data theft from other users on the server (users really should not be symlinking to data that isn’t their own anway). It is important that you do not try to override FollowSymLinks in .htaccess because Internal Server 500 errors will appear if you do.
2) We’re also disabling mod_userdir. This was installed on a couple of servers for testing purposes but we’ve decided that servers run better without it. This offers better protection for image hotlinking and other common nuisances.
Our Knowledge Base is being updated with additional information at present. If you have any questions on either of these minor changes, please contact our hosting support team.