403 page

[caftpx10]

Best if I list things out.


1. The intention of mod_security2 is to protect websites. Attacks are often recognised by string patterns. It also handles code that is seen as broken in some way.
Of course, just because there is a match doesn't mean that it's an attack.

2. Due to the amount of not well protected sites that typcially go up on free hosting, something like this has to be there with a strict ruleset. In no way is the intention of this is to get users to migrate to a more premium package that would be way less strict.
Granted, there are going to be such sites on any paid host but it's not as bad.

3. Not everyone is going to get the memo about securing their sites, unfortunately.

 

[bdistler]

i mean why am i getting a "We've found that you're connecting with a network proxy, VPN, or Tor

..."
has to do with the [ IP address country code ] restrictions on x10hosting's free-hosting accounts - Premium accounts do not have those restrictions

i mean they use the same services for premium apparently...

while x10hosting discourage it - Premium account users have the ability to completely disable [ mod_security ] on their account via cPanel

 

[Dead-i]

Hi gamersc,

I'll touch on a few things you mentioned here to close this off.

i develop php and one thing i have learned is that mod security messes up new php version codes making it no good to even bother with.

This is not true. Mod Security has nothing to do with PHP, and it essentially acts as a filter for incoming requests containing certain patterns of data. If data submitted closely matches that of a suspicious request or possible web-based attack, the request is cancelled.

i mean why am i getting a
We've found that you're connecting with a network proxy, VPN, or Tor, and we're unable to complete your request because of this. Please disable any such service, sign out and back in.

If you are connecting from a shared connection, a proxy or a VPN, please disable this and try again. Many people use this in an attempt to circumvent other security measures we place to help keep x10Hosting accounts secure.

this site is just making it where we have to upgrade to even use their services and i do not like forced upgrades. if they want us to upgrade then they should show us why we should instead of making the free host so bad. as i see it is if the free hosting is bad then i guess the upgrades are worse.

This is not true. There is absolutely no obligation to upgrade to our premium services; they are on completely separate servers, and free hosting is in absolutely no way to be considered as a "free trial" for them. We do have Mod Security on premium hosting, but since vulnerable websites and abuse is a lot less common on premium hosting, we give the user more control.

this is the only hosting service provider that uses mod security or doesn't white list its users like they should if using it when requested to be.

Please read my previous post. We are happy to unblock specific rules for specific accounts in the event of a false-positive.

so maybe they should force all users using old and outdated scripts to update instead of forcing all users to deal with this crappy security.

Please understand that we have thousands of accounts on our free hosting software, hosting a huge variety of open source, closed source and custom-made software, and it is near impossible for us to guarantee that people will not host out-of-date or vulnerable software. That said, we do handle any compromises or vulnerable software on a case-by-case basis.

In any case, it looks like you've arrived to a conclusion here, and I don't see this thread going anywhere else, so I'll go ahead and lock this thread.