PHP4 vulnerable to Hackers after 8/8/08?

[muskie]

I have two older ecommerce sites. They are built aroud PHP4. I have been told somewhat vaguely that after 8/8/08 these sites will be totaly open and vulnerable to hackers and visuses with no offical patches released to fix any of those issues. Does anyone out there know if this is true and if so know what my recourse would be?
Thanks,
Muskie

[paradice]

I suspect your information is based on this accouncement from php's website:

The PHP development team would like to announce the immediate availability of PHP 4.4.8. It continues to improve the security and the stability of the 4.4 branch and all users are strongly encouraged to upgrade to it as soon as possible. This release wraps up all the outstanding patches for the PHP 4.4 series, and is therefore the last normal PHP 4.4 release. If necessary, releases to address security issues could be made until 2008-08-08.

This references the official "end of life" of php4, which is 8 August 2008. After that time, there will be no more security fixes made. Since php5 has been out now almost four years, this is understandable.

While your sites will not be "totally open and vulnerable" at that time - if any new hacks are found, they won't be officially fixed.

If your ecommerce sites generate income, it would probably be in your best interest to upgrade to php5 compatible software.

[Tech Manager]

I have two older ecommerce sites. They are built aroud PHP4. I have been told somewhat vaguely that after 8/8/08 these sites will be totaly open and vulnerable to hackers and visuses with no offical patches released to fix any of those issues. Does anyone out there know if this is true and if so know what my recourse would be?
Thanks,
Muskie

Nothing particularly special about 8/8/08 unless you purchased a lot of stock in companies selling Y2K fixes. Support for PHP 4 was discontinued December 31, 2007. Older versions of PHP have more security risks and fewer features than new versions. You should consider updating to PHP 5.2+ and prepare for version 6+.

If you are running your sites on PHP4 you should consider running some tests of your sites using your current version of PHP and the newer version as some code may be deprecated and/or require adjustments to your php.ini file at minimum.

If you are running an older version of MySQL you might consider testing your sites with a more recent version.

Good luck.

Good luck.