[GLLUG] Web Hosting Options

Patrick Collora collorap at msu.edu
Thu Nov 3 07:39:22 EDT 2011 

To clarify, I'm not entirely blaming LiquidWeb for these problems.  They 
do provide excellent support, and the site is running smoothly 
otherwise.  My results are probably typical of any site that accepts a 
lot of user input and is running on a hosting account with a similar 
ModSecurity ruleset.  One of the reasons I'm so frustrated after being 
on their server less than a week with only a couple of issues reported 
is that LiquidWeb's configuration with ModSecurity seems to be similar 
to the configuration used by our first hosting company, Domatic.  We had 
the exact same issues with them.

1.  Users would encounter 403 errors due to false positive matches.
2.  They would repeat their requests until the firewall blocked them.
3.  The hosting company was either unwilling or unable to notify me or 
provide me a report of the blocked IPs.  I had to rely on the individual 
to contact me.

Now it seems like I have to deal with the same problem all over again, 
and I'm not looking forward to it.  I realize that ModSecurity also 
blocks many real attacks, but the number of false positives seems 
excessive.  Perhaps the dedicated or VPS route would be best.  Our site 
doesn't generate that much traffic, so it always seemed a little 
overkill to me.

Patrick Collora wrote:
> Hey Everyone,
>
> Do any of you have any recommendations regarding reasonably priced 
> Linux/Apache web hosting without too may restrictions?  I was 
> previously using A2 Hosting <http://www.a2hosting.com/>.  They were a 
> good host until recently when they began limiting our CPU usage and 
> number of connections.  Routinely our site would simply be 
> inaccessible during peak hours, especially if a search engine was 
> indexing the site.  We never exceeded the 50GB transfer limit of the 
> account.  Now I'm using LiquidWeb <http://www.liquidweb.com/>.  
> Performance is excellent, but immediately we started having trouble 
> with 403 errors and IP addresses being blacklisted.  I discovered that 
> the culprit is ModSecurity <http://www.modsecurity.org/>.  ModSecurity 
> looks for patterns in form input and blocks the HTTP request if it 
> appears malicious.  For example, one site member had text like "system 
> (blah blah blah...)" in a photo description.  It was blocked because 
> it looked like an attempt to call system().  I found I can't even type 
> the text "/bin/bash" into a form input on their server because it 
> looks like a command.  If a user makes several attempts to submit a 
> blocked request, they permanently blacklist the IP unless someone 
> requests to have it removed.  They were unwilling to provide me with a 
> report of the IP addresses blocked, so I have no way of knowing how 
> severe the problem is.  Anyway, it looks like we may be leaving 
> LiquidWeb soon.  I was surprised because I've seen them get good 
> reviews from people, even some on their list, but to have them start 
> blocking legitimate users and requests because some text vaguely 
> matches an attack signature is simply unacceptable.
>
> My website is http://www.lighting-gallery.net
>
> Thanks.
> -- 
> Patrick Collora
>
>
> _______________________________________________
> linux-user mailing list
> linux-user at egr.msu.edu
> http://mailman.egr.msu.edu/mailman/listinfo/linux-user
>    

-- 
Patrick Collora

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.egr.msu.edu/mailman/public/linux-user/attachments/20111103/9c701fac/attachment.html>

More information about the linux-user mailing list