Announcement

Collapse
No announcement yet.

Mod Security

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Mod Security

    Getting really hacked off with this now....

    A number of my clients have complained that their sites have stopped working properly. When looking into this it turns out that this is a new mod security issue resulting in 406 Not Acceptable errors.

    Support have been good in re-enabling this when requested but this is only for the sites I know have stopped working and I have to contact support. What about the sites where no-one has complained/spotted the problems. Now I have to trawl through each and every site testing everything to see if there are problems.

    Not happy

    Eukhost - please stop tweaking stuff and breaking my sites. OK, you'll say that it's a security issue, fine, then deal with it but make sure your tweaks don't break sites or at least go in and fix them! It's no use blocking these 'holes' just so the sites don't even work anymore - what's the point of that?

    What does this latest mod security tweak affect on my sites? So far I seem to have mainly had databases failing to update, either through php script or when making wordpress changes and cron jobs have stopped. What else do I now need to check?

  • #2
    Dear David.

    We are sorry to hear that there has been issue with your websites.
    No changes are made to the mod_security config where your accounts are hosted but have had done some tweaking with PHP and apache settings.

    We agree that the mod_security does affect some genuine code and are aware that this can be sorted by just disabling it.
    However, we do not recommend to disable this restriction completely but exclude only those conflicting paths so everything can be work as expected.

    Could you please PM the domain name that has an issue so that I can take a quick look and investigate the issue further ?
    If you have opened any ticket in this regards then please post the ID here.

    Regards,
    Kieran A.
    Regards,
    Kieran A.
    Cloud Administrator
    Skype :: Kieran.Alen | eUKhost

    Comment


    • #3
      Originally posted by Kieran View Post
      ... Could you please PM the domain name that has an issue so that I can take a quick look and investigate the issue further ?
      Unfortunately I have 37 domains at present, any of which could have problems (and many have). Can I ask you to check all my domains, databases, WP installations, cron jobs, mail forms and numerous other scripts for me? That's just the point I was trying to make. So far this morning I have spent nearly 3 hours checking, and rectifying just two sites, and I'm still not sure they are 100% working!

      Support have been great (special mention to Nelson ) BUT they can only deal with problems I have found - what about the one's I've missed?

      See my problem?

      Comment


      • #4
        With these latest tweaks what should I be checking on my sites? What functions are affected?

        Comment


        • #5
          Originally posted by WildStar View Post
          Unfortunately I have 37 domains at present, any of which could have problems (and many have). Can I ask you to check all my domains, databases, WP installations, cron jobs, mail forms and numerous other scripts for me? That's just the point I was trying to make. So far this morning I have spent nearly 3 hours checking, and rectifying just two sites, and I'm still not sure they are 100% working!

          Support have been great (special mention to Nelson ) BUT they can only deal with problems I have found - what about the one's I've missed?

          See my problem?
          Yes. If requested, we can check all the domains hosted under appropriate hosting account and see if anything is affected with the Mod_Security rules.
          The mod_security can causes issue only for URIs which are accessed via HTTP requests. So there is no need to check the databases, cron jobs or other back end files.

          Now we are checking the error logs for all the domains hosted under your reseller account and shall let you know if we can exclude only those files/folders
          without affecting the whole website security.

          Originally posted by WildStar View Post
          With these latest tweaks what should I be checking on my sites? What functions are affected?
          The following changes were done on the server and you are informed by an email notification sent on 26 March 2012.

          * Implemented open_basedir protection.
          * Enabled safe_mode option
          * Disabled expose_php option
          * Forced the webserver to use customized userbased PHP.ini files in secure manner.

          I will post an update once all the logs are checked. Please let us know if you still have any doubt in this regards.

          Regards,
          Kieran A.
          Regards,
          Kieran A.
          Cloud Administrator
          Skype :: Kieran.Alen | eUKhost

          Comment


          • #6
            Kieran, once again thank you for your response and I appreciate your taking the time to look into this

            I do have a little concern, you say "...there is no need to check the databases, cron jobs or other back end files." - these are exactly the ones I have just been having problems with!

            Also, please do not change an php.ini files - where used they are there for a reason, some of which are absolutely required to allow contact forms to work and I was promised these would be left a while ago when this was previously discussed at some length.

            Many thanks

            Comment


            • #7
              Originally posted by WildStar View Post
              Kieran, once again thank you for your response and I appreciate your taking the time to look into this
              You are welcome

              Originally posted by WildStar View Post
              I do have a little concern, you say "...there is no need to check the databases, cron jobs or other back end files." - these are exactly the ones I have just been having problems with!
              As per the error logs, there were some WP and other static URIs for which mod_security rules were causing issues.
              I have excluded all those URIs and also changed one of the rule which caused a PCRE limit to be exceeded.

              Originally posted by WildStar View Post
              Also, please do not change an php.ini files - where used they are there for a reason, some of which are absolutely required to allow contact forms to work and I was promised these would be left a while ago when this was previously discussed at some length.
              I haven't changed anything from php.ini file. If you wish to enable or disable any function/variable value for your account then
              please contact us on live chat or submit a support ticket. We will get it done for you.
              Regards,
              Kieran A.
              Cloud Administrator
              Skype :: Kieran.Alen | eUKhost

              Comment


              • #8
                Thank you very much Kieran for all your work. Looking forward to a much quieter, stress free period.

                Really appreciated

                Comment


                • #9
                  Re: Mod Security

                  Originally posted by WildStar View Post
                  Thank you very much Kieran for all your work. Looking forward to a much quieter, stress free period.

                  Really appreciated
                  Thank you very much Kieran for all your work.

                  Comment

                  Working...
                  X