need some help

Status
Not open for further replies.

gamersc

Member
Messages
43
Reaction score
1
Points
8
Hi gamersc,

I'll touch on a few things you mentioned here to close this off.

gamersc said:
i develop php and one thing i have learned is that mod security messes up new php version codes making it no good to even bother with.
This is not true. Mod Security has nothing to do with PHP, and it essentially acts as a filter for incoming requests containing certain patterns of data. If data submitted closely matches that of a suspicious request or possible web-based attack, the request is cancelled.

gamersc said:
i mean why am i getting a
We've found that you're connecting with a network proxy, VPN, or Tor, and we're unable to complete your request because of this. Please disable any such service, sign out and back in.
If you are connecting from a shared connection, a proxy or a VPN, please disable this and try again. Many people use this in an attempt to circumvent other security measures we place to help keep x10Hosting accounts secure.

gamersc said:
this site is just making it where we have to upgrade to even use their services and i do not like forced upgrades. if they want us to upgrade then they should show us why we should instead of making the free host so bad. as i see it is if the free hosting is bad then i guess the upgrades are worse.
This is not true. There is absolutely no obligation to upgrade to our premium services; they are on completely separate servers, and free hosting is in absolutely no way to be considered as a "free trial" for them. We do have Mod Security on premium hosting, but since vulnerable websites and abuse is a lot less common on premium hosting, we give the user more control.

gamersc said:
this is the only hosting service provider that uses mod security or doesn't white list its users like they should if using it when requested to be.
Please read my previous post. We are happy to unblock specific rules for specific accounts in the event of a false-positive.

gamersc said:
so maybe they should force all users using old and outdated scripts to update instead of forcing all users to deal with this crappy security.
Please understand that we have thousands of accounts on our free hosting software, hosting a huge variety of open source, closed source and custom-made software, and it is near impossible for us to guarantee that people will not host out-of-date or vulnerable software. That said, we do handle any compromises or vulnerable software on a case-by-case basis.

In any case, it looks like you've arrived to a conclusion here, and I don't see this thread going anywhere else, so I'll go ahead and lock this thread.

i quoted this from a thread that was closed immature.

that was some professional help i mean it was.

this site has became bad with the support. the rating i give it is 1/10. slow response. no actual support given.

oh btw i am not on any proxy or vpn or such. i am unable to access cpanel.

i am in the usa. same location this company is hosted at.

mod security is not good as i dont see any other sites using it that i have been with and no issues with them.

also when someone states that nothing was done that was given. it means something wrong with your software.


so explain to me why:

1.) i am getting as i stated "
We've found that you're connecting with a network proxy, VPN, or Tor, and we're unable to complete your request because of this. Please disable any such service, sign out and back in.

"
2.) why i keep getting 403 only on mycodes adding pages. (nothing but <div>ahi</div> added)

3.) how the support dude dead-i can't even give proper support answers nor read the replies then closes the thread without a actual solution given. other then he just don't care.

this is how sites like these closes down, cause they become bad with how they handle situations. unprofessional response time, unprofessional handling of questions, unprofessional handling of issues.

i have had to go to the forums i was told 4 months no answer was uncalled for. thats something.
 

caftpx10

Well-Known Member
Messages
1,534
Reaction score
114
Points
63
From what I see here, you were provided with support. You were informed of what was the cause of the issue you were experiencing and you were also informed with the facts that you would need to be aware of to reduce confusion.


Time to (try) to answer your questions:

1. There are many reasons why this could be happening and so the answer cannot be absolute. You might want to consider performing an IP lookup on your IP and look out for anything that might make it appear to be a proxy. In addition, you should also check your IP on any online (spam) blacklists. You may need to change your IP or even your ISP (if exceptions cannot be done and if you are willing to do so). Note that schools, workspaces and anything usually like so use proxies. Mobile networks technically count too.

2. Mod_security2 has a rule (pattern-based) set up that is to do with HTML injection being put through via the POST or/and even the GET method.

3. There are multiple types of staff here. The one you are speaking of is a volunteer. They will not have access to all of the appropriate resources in order to troubleshoot issues (to either look or make changes on particular things). For this reason, you will have to wait for someone with the appropriate access privileges that would be required to look into the specific issue you are having to come along.
They do in fact read the posts in the thread and the closing reason was perfectly fine. They have answered with the correct information you were asking for and the thread was going on longer than it should (pretty much asking the same thing all over again).
(I am aware that you have been waiting for almost half a year. The above reason would be partially the reason. There likely is a little more to this.)
What I should also point out is that the volunteers are the ones who are most active in the free hosting forum and as the name implies, they do not get paid for assisting and so they should be appreciated for their efforts regardless if they reach your thread or not.


What you had quoted pretty much explains the reason why mod_security2's ruleset has been made very strict so I will not be repeating.

Fun fact: web hosting services such as GoDaddy will use mod_security2 for their shared hosting services (note that it is paid) but it will be nowhere as strict. One of the rules would be to block those for one minute if there are a whole load of requests coming from one IP address, or would that be something like F2B hooked with IPTables? Something along those lines. If you play around with a site hosted on their shared hosting servers and trigger it then you would come along a better example.


Point is this: a vast majority of your questions had been answered already, even if they are not on your thread. So personally I am not sure why are being questioned again.

Granted, free hosting is not going to be as good as paid hosting most of the time. Free hosting services are going to be very restrictive in some ways to prevent a great opportunity of abuse and to try to keep the resources balanced even with that large volume of traffic. After all, what do the malicious users have to lose apart from their free hosting account? And yes, there are many reasons why someone would try to get revenge which these restrictions would often prevent which I shall not be stating for reasons (guess and you are pretty much correct every time).

If anything, I believe that free hosting services such as this without advertisements are offering what they are offering (hosting, support) out of generosity. I am sure that they do not want to have these sorts of blocks and restrictions but they are up with within good reasoning.


I am only a free hosting user here, just like many others. No special access to anything nor am I someone who got hired to say good things about the service.
The information above is based on what was posted, experience and opinions. Those three things would also apply to those who I attempt to assist.
I do generally do understand why you are frustrated.


Hopefully this would help tidy at least some things up even if it kind of went off-topic at some points.
 

gamersc

Member
Messages
43
Reaction score
1
Points
8
From what I see here, you were provided with support. You were informed of what was the cause of the issue you were experiencing and you were also informed with the facts that you would need to be aware of to reduce confusion.


Time to (try) to answer your questions:

1. There are many reasons why this could be happening and so the answer cannot be absolute. You might want to consider performing an IP lookup on your IP and look out for anything that might make it appear to be a proxy. In addition, you should also check your IP on any online (spam) blacklists. You may need to change your IP or even your ISP (if exceptions cannot be done and if you are willing to do so). Note that schools, workspaces and anything usually like so use proxies. Mobile networks technically count too.

2. Mod_security2 has a rule (pattern-based) set up that is to do with HTML injection being put through via the POST or/and even the GET method.

3. There are multiple types of staff here. The one you are speaking of is a volunteer. They will not have access to all of the appropriate resources in order to troubleshoot issues (to either look or make changes on particular things). For this reason, you will have to wait for someone with the appropriate access privileges that would be required to look into the specific issue you are having to come along.
They do in fact read the posts in the thread and the closing reason was perfectly fine. They have answered with the correct information you were asking for and the thread was going on longer than it should (pretty much asking the same thing all over again).
(I am aware that you have been waiting for almost half a year. The above reason would be partially the reason. There likely is a little more to this.)
What I should also point out is that the volunteers are the ones who are most active in the free hosting forum and as the name implies, they do not get paid for assisting and so they should be appreciated for their efforts regardless if they reach your thread or not.


What you had quoted pretty much explains the reason why mod_security2's ruleset has been made very strict so I will not be repeating.

Fun fact: web hosting services such as GoDaddy will use mod_security2 for their shared hosting services (note that it is paid) but it will be nowhere as strict. One of the rules would be to block those for one minute if there are a whole load of requests coming from one IP address, or would that be something like F2B hooked with IPTables? Something along those lines. If you play around with a site hosted on their shared hosting servers and trigger it then you would come along a better example.


Point is this: a vast majority of your questions had been answered already, even if they are not on your thread. So personally I am not sure why are being questioned again.

Granted, free hosting is not going to be as good as paid hosting most of the time. Free hosting services are going to be very restrictive in some ways to prevent a great opportunity of abuse and to try to keep the resources balanced even with that large volume of traffic. After all, what do the malicious users have to lose apart from their free hosting account? And yes, there are many reasons why someone would try to get revenge which these restrictions would often prevent which I shall not be stating for reasons (guess and you are pretty much correct every time).

If anything, I believe that free hosting services such as this without advertisements are offering what they are offering (hosting, support) out of generosity. I am sure that they do not want to have these sorts of blocks and restrictions but they are up with within good reasoning.


I am only a free hosting user here, just like many others. No special access to anything nor am I someone who got hired to say good things about the service.
The information above is based on what was posted, experience and opinions. Those three things would also apply to those who I attempt to assist.
I do generally do understand why you are frustrated.


Hopefully this would help tidy at least some things up even if it kind of went off-topic at some points.
point is i requested for my site to be whitelisted.

point is allot of ppl are getting that vpn error and none of what was given is true. and still got the same answer.

3rd it took the team to answer.

rating stays until the issue is resolved. as issue was not resolved nor even bother to be resolved. its not considered resolved.

do not close a thread til the issue is resolved.

same script on other hosting site no issue. but only one this with mybb, wordpress, phpbb, wiki, and other scripts that has been updated to the newest version x10host kills em. but yet no issue on other free hosting sites. yeah ur right but noticed how they do not mark everything as a threat. this site security is horrible. it marks everything as a threat.

ur a member. notice how fast u answered. watch how long before a support person does.

in fact i know it will take a long time. i asked about a issue about wordpress it took to april to be answered. it was opened in feb.

i was a helper of a hosting community. they actually was way better then x10hosting. but unfort someone hosted copyrighted content and the website got removed.

but this site support is horrible. the features and how the hosting is, its even worse.
 
Last edited:

Dead-i

x10Hosting Support Ninja
Community Support
Messages
6,084
Reaction score
368
Points
83
but only one this with mybb, wordpress, phpbb, wiki, and other scripts that has been updated to the newest version x10host kills em.
I'm really not sure what you mean by this. Can you clarify?

ur a member. notice how fast u answered. watch how long before a support person does.
While I do try to answer questions quickly, please can I remind you that there is absolutely no support guarantee on free hosting.

you're connecting with a network proxy, VPN, or Tor
Where are you connecting from?

point is i requested for my site to be whitelisted.
We will not completely whitelist a free hosting account from all our security rules.

dead-i i know u removed my post. was it to blunt?
There is no need to make irrelevant comments on other people's threads, when we are trying to solve their issues.
 

gamersc

Member
Messages
43
Reaction score
1
Points
8
I'm really not sure what you mean by this. Can you clarify?


While I do try to answer questions quickly, please can I remind you that there is absolutely no support guarantee on free hosting.


Where are you connecting from?


We will not completely whitelist a free hosting account from all our security rules.


There is no need to make irrelevant comments on other people's threads, when we are trying to solve their issues.

so then whats the point of having free hosting if we cant use: mybb, phpbb and/or wordpress type applications.

i am at home on a non vpn network.

i asked a question it gets removed. that part is funny about no support thing. funny that on facebook we should be getting a reason timeframe answer.

as i stated sounds more like you wish to your members into upgrading. whitelisting isnt hard to do.
 

caftpx10

Well-Known Member
Messages
1,534
Reaction score
114
Points
63
Users can use such web applications. The problem is that depending on the user action, they can end up tripping a few rules.
Some of the rules that get triggered would be posting something like 3 or more URLs, posting about gold (yes, spam bots do that).

It was said that your free hosting account cannot be whitelisted completely, meaning that some rules affecting functionality can be disabled for your account where most appropriate but it shall not be disabled for all the rules (including those not being an issue) because of security (which is very much the intention of the module and the rule set).
 
Status
Not open for further replies.
Top