I recently discovered that a prominent web hosting company had a version of ruby installed and available to its users that had a well-publicized DDoS vulnerability. Simply put, any site using that copy of Ruby, to say run Rails, would also be vulnerable.
Rather than try to wait it out for an update, one thing I have opted to do on several other web hosts is to install my own Ruby installation along with gem eco-system.
If you're not familiar with how to do this, here are some instructions:
- You will need access to gcc on your web host. If your web host does not allow you access to gcc, then you should first find out what operating system it does use, install that OS in a virtual machine, and carry out the following steps.
- Get to a shell on your web host or virtual machine. Unpack the source code in a folder of your choosing, and change directory into this folder.
- ./configure --prefix=/path/where/ruby/should/be/installed --disable-pthread
- make
- make install
- Ruby is now installed. Edit your PATH variable so that the shell finds your copy of ruby before the system-installed version. You can verify this by yping: which ruby. It should return the path of the newly-installed ruby.
- Ruby by itself isn't very useful, so you probably will want to install rubygems. Download an appropriate version, unpack it to a folder of your choosing, and inside that folder run: ruby setup.rb
Voila! You now have ruby and rubygems installed on your shared host (or in a virtual machine, in which case you can zip up the installed files and unpack them on your shared host). You can continue on to install all the versions of rails you need by doing gem install -v=VERSION_NUMBER rails --include-dependencies