Search results

Makes sense. PHP code does get parse before being sent out as a result or whatever for the web server (in this case Apache) to use.

Doesn't the HTTP Responses triggered by mod_security prevent "leaky" or vulnerable scripts from running and therefore no error will be generated?

What is this 'SMF' you speak of? As pointed out by bdistler, mod_security is most likely the cause of this 403 HTTP Response.

Looks like this message is still up after the server recovering. Interesting.

Your site seems to be working now.

If it's due to inactivity, you could be able to unsuspended the account yourself. If it's for another reason, open an appeal, if you can.

Additionally, you can create folders and add index.html in each one you want for a more cleaner look (not needing the file name in the URL all the time).

True. What I mean't is that I didn't get that at the time of checking. Probably went away before I had a look myself. They can. An example would be when you add a new add-on domain, from there, you would see a newly created folder (if not there before adding) called 'cgi-bin', I believe that's...

Something doesn't look right here. It's still getting that page. A staff member should be able to handle this issue, either if they decide to visit this thread or you mention them here. Call who you like. Lol. It seems to be working now.

1. Isn't the default page supposed to have more than 0 bytes? 2. That's the folder that gets left over when it comes to domains. I'm just saying that as an option.

Give it some time for the cache and such to update. After that, you should have access to the actual site over HTTP and free to safely delete the cgi-bin folder afterwards. :)

X10Premium uses different servers, however, I'm unsure if mod_security is installed on them. Mod_security is simply there to prevent spammers and web applications from being exploited. If you're on that blacklist and it cannot be removed for reasons, then you may have to take it into your hands...

You may want to either remove, cut, replace or censor out parts of your email from your post as this could be picked up by a bot and could be used for spamming towards, stored somewhere else on the web and so on. :)

Yup. That's the closest method of SSL when it comes to (free) hosts that don't allow SSL on user accounts. Works pretty well too.

Just to add on to what bdistler said, there's a way of getting your website to use SSL regardless if the host doesn't allow it. Cloudflare's Universal SSL (flexible) could do the job, though on the free plan only the modern OSes and browsers would support it (aka validation error on the...

What I mean't is that the code could be injected into a submission element (such as a hidden text box) and after submission, that code could've been placed into that file as a result.

I believe the fake 404 HTTP response is to try to hide the fact that there's an issue with the script (PHP to be exact). Yes, this is very misleading for the webmaster and can cause a whole bunch of confusions.

Strange. The X10Premium site claims this to be a feature.

I would check for any suspicious browser extensions and software that was installed (regardless if authorised). The browser does download the resulting webpage, so code injection caused by software / add-ons is possible..

It would make sense if this injects itself into pages, that could potentially cause this. We don't know how this new option works. It could be using predefined input to do the job but the code got injected to that area required. If not that then I'm wondering how it got in.