We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Open Photo Site Crashes[solved] | Forum

Kelvin
Kelvin Dec 27 '14
inside83 Can you tell us how Godaddy helped you out ?
inside83
inside83 Dec 27 '14
@Kelvin

Would you like a long or a short story? :)

Kelvin
Kelvin Dec 27 '14
long story :)
inside83
inside83 Dec 27 '14

@Kelvin

I just counted, we exchanged 20 emails with Godaddy's support since 22nd of December regarding mod_sec.

First they stated that they do not provide support for third party software and directed me to OxWall's support.

Only after I wrote that if they are not able to fix this problem, I would be forced to switch hosting provider, they became more friendlier and asked for my IP address (they probably wanted to add it to some white list) and I had to explain that the issue is not just with me but all of my site's member are experiencing the same problem.

Than they got really stupid and wrote:

"When reviewing the site we have accessed the page referencing the upload of files, however the details never load and the page gets stuck after clicking "upload photos" to the hosting account. We are not able to attempt to upload a photo to duplicate the error in question, you will need to review the site and determine the issue causing the upload function not to work properly, we have attempted this in FireFox and Google Chrome.".

Of course I explained that that is exactly the issue I want to fix and told them (once again) that the issue is with mod_sec not being properly configured.

I was constantly sending screenshots and errors I get when I turn on "Inspect element" in Chrome and from Firebug plugin for Firefox.

Than they wrote back and said that mod_sec was now properly configured - and finally pictures could be uploaded the "normal" way.

But when I wanted to embed videos I got an error discussed in another post:

http://www.oxwall.org/forum/topic/12080?page=4#post-128565

@ross pointed out that that was also the issue with mod_sec and I wrote them (Godaddy's support) back with another set of screenshots, error log and steps to reproduce those errors.

Then it was solved and they wrote:

"We have resolved this issue, and we are successfully able to embed the video from youtube at this time using the code directly from youtubes > share > embed options.

To do so, several mod sec rules were whitelisted.

With that being said, mod security rules exist to protect both yourself and our servers, and this would indicate that site code is functioning in a way that is of concern.

While videos do now work at this time, we do request that you verify that the application / extensions you are utilizing are all up to date."


Now, this is a good question for @ross.

How come OxWall is coded in a way that mod_sec has to be disabled?

Should we be worried for the security of our web sites?

From the research I've done in the last few days, I found out that mod_sec is is (among others) what keeps our servers and data safe and should not tampered with.


I am not a newbie, I'm just new at creating online community web sites. I was deciding between BuddyPress and OxWall and went for OxWall. Since I started to use OxWall (some two months ago) I purchased 2 plugins from the store and posted a job on oDesk - so I am a active, paying member of OxWall ecosystem. Just saying this because I think that this more than entitles me the right to get an answer - and a really good one, because I never came across a software that need mod_sec disabled.


PS I'm sorry if there is anything confusing in what I wrote, English is not my native language. If there is, I'll be glad to clarify.

The Forum post is edited by inside83 Dec 27 '14
Kelvin
Kelvin Dec 27 '14
It is like Godaddy have to login your Oxwall account to check mod_sec rules. Can you tell them what is the error code they found ? Because all Oxwall photo plugin should be the same error code.
inside83
inside83 Dec 27 '14
Yes,

I gave them admin login details.

As for the error code, I can only send you what were the error I when I user "Inspect element" in Chrome or Firebug plugin in Firefox.

Did you mean that?

ross Team
ross Dec 28 '14
Great, Inside83, thanks for letting us know.
inside83
inside83 Dec 29 '14
@ross

Thank you for putting up with my nagging and pointing me in the right direction.

BTW, did you read the last two paragraphs in my long post (3 posts up)?

ross Team
ross Jan 13 '15
Inside, sorry for the delay,  our software is 99% secure. There are a lot of checks and authorization methods in the software itself, which prevent harmful ajax or js requests and we are constantly working on discovery of such defects and fixing them immediately. Thus, there is no need to worry about the software security.



The Forum post is edited by ross Jan 13 '15
inside83
inside83 Jan 14 '15
@ross

Thank you for the reassurance 

ross Team
ross Jan 14 '15
You're welcome
Pages: « 1 2 3