Noticing lots more FireHost errors

[rhd]

I've been noticing a lot more of those strange FireHost blocks that look like this:

Just now, I received one when merely replying to a PM. The weird thing is that I can often adjust the content of my message, and it will get through. In this case, all I had to do was delete some of the quoted PM reply history, and my message got through.

In other cases, I've found that changes sentences will do the trick. Nevertheless, something is wrong. I know I ran into this problem yesterday when trying to share some javascript with the forum. But this PM that got filtered today was just about heatsinks - nothing tech or code related, nothing obscene, no swear words, etc.

 

[hakzaw1]

me too lots of times

 

[JohnTheRipper]

How much is c0ldshadow paying for hosting? Wouldn't a dedicated server work better and be more stable? Or is FireHost one of those "cloud" services?

 

[c0ldshadow]

this issue should be resolved. if you receive a similar block when using private.php to send a PM please let me know. needed to tweak appsec firewall rules.

@ JohnTheRipper, currently paying $365/month for a VPS. firehost has an extremely secure platform (kevin mitnick also using it for hosting lol). the problem here was the web app firewall was being too strict (blocking things it thought was an attack but it was a false positive).

my career is in cyber security so i naturally value having a host with an A+ in security=)

their WAF provides an extra layer of protection for application security, and both application and network related DDoS attacks.

although the hosting is expensive, you get what you pay for, and it helps me sleep better at night knowing that both me and my host cares about security and protecting LPF

p.s. if anyone ever receives one of these blocks again, please email block.requests@firehost.com and CC me (atarasov at hushmail dot com)

another great thing about the firehost WAF setup is they automatically block out a lot of spammers based on IP reputation and user agents. I can obtain a report of lots of the stuff that is being blocked (correctly 99% of the time).

sorry for inconvenience with some of these false positives but know that in the background lots of bad stuff is being blocked (spammers / etc.) which is good. the false positives should go away over time as i tweak rules to fit better for the forum

take care guys
peace
-ave

 

[Lase]

c0ld - I've received this error a bit when shifting computers at uni, would the change of IP from the same username be causing the server to think I'm attacking it?

Lase

 

[c0ldshadow]

hm thats odd. don't think that would cause any issue. the most likely reason for a block is if your post had some formatting in it that was interpreted as an XSS or SQLi attack.

do u remember the exact thing you did when you got the block message?

in the future please follow instructions in the block message, and CC me on the email so we can figure out the exact reason for the block

sorry for any incovenience

 

[Lase]

No worries. I was sending a PM about heatsinks so I don't think any of it could be interpreted as code.

Lase

 

[c0ldshadow]

it could have been interpreted as code if it had codetags / formatting in it or specific keywords involving javascript/SQL (can happen if unlucky)

the problem with private.php used to send PMs should be gone now, i don't think there will be any more false positives from that script
however, if it happens again, plz let me know via the process above