Logbook full of errors

John11

John11

Verified User
Joined
Feb 15, 2022
Messages
12
Location
https://t.me/pump_upp
Reseller hosting
OCSP Staple
Let's Encrypt SSL Certificate
Server LiteSpeed
Server: Apache/2

I've added a photo that shows a small part of the error, the problem I find below is the following.

Website regularly cannot be found, no error message.

Joomla backhands a SecurityCheck Pro component.

Can't add suspicious files marked as mall ware as safe. I get an error message 304 I am apparently blocked from performing an action. Blocks my IP for this kind handling.

The other error that he gives is the MODSEC] mod_security rule [id "77220150"]
 

Attachments

  • Screenshot_4.png
    Screenshot_4.png
    77.8 KB · Views: 87
Active8 said:
Hmm , I am afraid as Reseller you cant manage (directly) mod_security ask your hoster/admin
Click to expand...
Thank you responding

Website regularly cannot be found, no error message. this error comes from
Code: 
max_execution_time
exceeded , increase max_execution_time in the php.ini time.exceeded. so the hoster must change this.

this one not sure
Can't add suspicious files marked as mall ware as safe. I get an error message 304 I am apparently blocked from performing an action. Blocks my IP for this kind handling.
Click to expand...

I think that the hoster must put my IP address in Whitelist in ModSecurity, not sure if this will help

So, what do you think about this errors in the logbook?
 
John11 said:
So, what do you think about this errors in the logbook?
Click to expand...
Lot of Mod_Security errors, if the administrator is not willing to help you maybe its time to move to another provider(without mod_security enabled).
 
Active8 said:
Lot of Mod_Security errors, if the administrator is not willing to help you maybe its time to move to another provider(without mod_security enabled).
Click to expand...
I've only been there for 5 days, and problem after problem that they are very lax about. I even ask them what they have changed, they don't answer. One thing is for sure, the hosting in the Netherlands is all deception, it is about money, and there are no problems.
 
John11 said:
the hosting in the Netherlands is all deception, it is about money, and there are no problems.
Click to expand...
Dont agree :) there are good hosters but frankly most of them are after your money, specially the last years lot of small hosters are buyed by big companys and after that they all raised the prices :(

Maybe its time to do your own hosting/server with DA, we have started years ago with Reseller but it was somehow not satisfying so we have started with own dedicated servers with DA and some other panels.
Be aware you must have some linux skills or willing to learn it , its not an easy learning curve but after you have managed it , its worth it
 
Active8 said:
Dont agree :) there are good hosters but frankly most of them are after your money, specially the last years lot of small hosters are buyed by big companys and after that they all raised the prices :(

Maybe its time to do your own hosting/server with DA, we have started years ago with Reseller but it was somehow not satisfying so we have started with own dedicated servers with DA and some other panels.
Be aware you must have some linux skills or willing to learn it , its not an easy learning curve but after you have managed it , its worth it
Click to expand...
The hosting I now have after the major disaster with Versio, which I walked away from after 6 months. Now I'm at https://mijn.host/ , the information is perfect, the revieuws are all perfect too, but the helpdesk is lax with information and execution.

It's been a long time since I set up server myself, a lot of knowledge was just lost over the years.

I am thinking of dedicated server, but you really need to know all the settings.
 
You can ask your hosting provider to whitelist a certain rule of modsec for your domain.

I'm also a customer at mijn.host, but my experience is very good so far. I have been to many Dutch hosting providers, but mijn.host is the first company where my websites scores very high on security tests (A+). My experience with the helpdesk is also very good so far, but maybe it depends on the case.
 
user8394 said:
You can ask your hosting provider to whitelist a certain rule of modsec for your domain.

I'm also a customer at mijn.host, but my experience is very good so far. I have been to many Dutch hosting providers, but mijn.host is the first company where my websites scores very high on security tests (A+). My experience with the helpdesk is also very good so far, but maybe it depends on the case.
Click to expand...
I recently joined my.host and the reason why I bought a hosting from them was because of the excellent reviews at trust post.

In addition, OCSP, but now the monkey comes out of the sleeve. (OCSP is turned on as support, but it won't get the result if you don't turn on the MUST-OCSP.

Their writing
(Thanks for your response and patience.
We've looked into this further for you and were also able to activate OCSP Must Staple. This is not supported by DirectAdmin by default yet, but our engineer managed to get it done.)

The result is that they do describe this on their website
https://my.host/kb/can-i-use-ocsp-stapling-on-my-hosting-package/

Anyway, now it all seems to work from the OCSP
 
OCSP Must Staple is an option which needs to be configured when issuing the SSL certificate, not on the web server. If the certificate is issued with OCSP Must Staple, it's very important that OCSP stapling is activated on the web server, otherwise you will get SSL errors when loading a website, because OCSP stapling is required by the certificate but not available on the web server.

If the certificate is issued without OCSP Must Staple, you can use OCSP stapling by activating this on the web server. But the browser is not required to use OCSP stapling. This is the most common practice.

The majority of websites are not even using OCSP stapling, and websites with OCSP Must Staple are even more rare. But good the hear mijn.host managed to get OCSP Must Staple working for your website. As far as I know DirectAdmin doesn't support OCSP Must Staple out of the box yet.
 
user8394 said:
OCSP Must Staple is an option which needs to be configured when issuing the SSL certificate, not on the web server. If the certificate is issued with OCSP Must Staple, it's very important that OCSP stapling is activated on the web server, otherwise you will get SSL errors when loading a website, because OCSP stapling is required by the certificate but not available on the web server.

If the certificate is issued without OCSP Must Staple, you can use OCSP stapling by activating this on the web server. But the browser is not required to use OCSP stapling. This is the most common practice.

The majority of websites are not even using OCSP stapling, and websites with OCSP Must Staple are even more rare. But good the hear mijn.host managed to get OCSP Must Staple working for your website. As far as I know DirectAdmin doesn't support OCSP Must Staple out of the box yet.
Click to expand...
OCSP Must Staple is absolutely correct that only the host can do this. As far as I know, OCSP has been around for quite a few years, it's just not used much, that was precisely the reason I bought the hosting from mij.host. As far as I know, there are no other hosters in the Netherlands that have OCSP on their server.

Vimexx does indicate that they want to apply this, but from experience that really won't happen. DNSSEC was already a problem at Vimexx on one .eu extension. As you can read on the website of my.host, and then indicating to the client OCSP is enabled is misleading or misleading if the must-staple is not enabled.

The only thing I wasn't sure about was the SSL certificate to be installed first or afterwards. My thoughts were that you had to add OCSP first so that the SSL certificate includes a small part of it in its CA .
 
The article you mentioned earlier doesn't work. I checked their website and I think you referred to this article: https://mijn.host/kb/kan-ik-ocsp-stapling-gebruiken-op-mijn-hostingpakket/

The last paragraph says you have to ask the customer support to activate this, so that's not misleading in my opinion. And as you already mentioned Vimexx (and many, many other providers) doesn't even have the option to activate OCSP.
As I told earlier I'm also a customer of mijn.host. I just did some tests and found out that security protocols as DNSSEC, DANE, DMARC, IPv6 are already working for my website. I now also contacted the support to activate OCSP for my website.
I hope more providers will follow to support these security protocols.
 
user8394 said:
The article you mentioned earlier doesn't work. I checked their website and I think you referred to this article: https://mijn.host/kb/kan-ik-ocsp-stapling-gebruiken-op-mijn-hostingpakket/

The last paragraph says you have to ask the customer support to activate this, so that's not misleading in my opinion. And as you already mentioned Vimexx (and many, many other providers) doesn't even have the option to activate OCSP.
As I told earlier I'm also a customer of mijn.host. I just did some tests and found out that security protocols as DNSSEC, DANE, DMARC, IPv6 are already working for my website. I now also contacted the support to activate OCSP for my website.
I hope more providers will follow to support these security protocols.
Click to expand...
OCSP aanzetten is niet een groot probleem, en zal weergeven dat OCSP staple werkt/aanstaat
Het vergeten aan te zetten van ocsp-must is wel een probleem, omdat dan de OCSP staple dan niet werkt

Dat is de reden die ik opgaf, over de verwijzing in hun website dat ik dat juist misleidend vindt, of men dit nu vergeet aan te zetten de ocsp-must is een ander verhaal. Vele weten dit nog niet eens over ocsp-must dat die juist aan moet staan. en zodra men de melding krijgt "OSCP Staple" staat aan, en jij blij maar werkt niet, dat probeer ik duidelijk te maken.

mijn.host in NL is de enige die tot nu toe toepast, kan er meer zijn maar die heb ik nog niet gevonden.

werkt in jouw .htaccess bestand de headers allemaal wel goed?
Of test je dit alleen maar in https://securityheaders.com/
Dan denk je dat alles goed staat maar dat blijkt totaal niet zo te zijn, en dat kan je hier testen https://observatory.mozilla.org/ & hier https://csp-evaluator.withgoogle.com/
 
Ow vergeten hier nog zo'n perfecte test website, wel eert een gratis account aanmaken https://www.immuniweb.com/websec/

Ik kan je website even niet testen, maar je komt er zelf wel achter dat hoe je dingen soms ziet, totaal anders zijn. En dat bedoelde ik met de vorige topic aangaande de ocsp staple en de ocsp-must
 
You must log in or register to reply here.
Back
Top