Help - Search - Members - Calendar
Full Version: Gallery2 And Xp Publisher
TotalChoice Hosting Family Forums > TotalChoice Hosting General Support > Security Discussions > Software/Scripts/Other Alerts
Gail
Mar 2 2008, 04:33 PM
Hi All,

First - I didn't know where to post this topic so if it is in the wrong place - please feel free to move it.

I have been working with a computer friend on designing a couple of web sites. I installed Gallery2 to his domain name which is hosted with another hosting company. He had sent me image files and I tried using the XP Publishing Wizard which I have used a few times to upload files to Gallery2 on domain names hosted by TCH. I have accomplished this task without any problems.

When I tried this method while working with Gallery2 on my friend's domain name - my IP address was blocked by mod_evasive. The reason for being blacklisted was this could be a possible Denial of Service attack. The settings for the mod_evasive on that server are:

DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1

The person who owns the servers relayed this info in an Email to me plus the following:

QUOTE
NONE of these settings can be violated via normal surfing, so I suspect that your program is not respecting the RFC specification. This makes your program faster, but really hurts the server in terms of load. It is highly likely that your program is violating DOSPageCount by hitting the same page more than twice a second. This would be true if you are trying to upload more than one image at a time.


Of course the owner and my computer friend took their shots at larger hosting companies who take their chance at receiving a DoS attack rather than 'running their ship as tight' and thus dealing with nuisance calls. This is why all their servers are slow. These words bother me more than my IP being blocked (Hey - it ain't my Gallery!) but I don't understand how mod_evasive works etc. to respond to the comments. I do know the two servers (that my domain names are hosted on here) are not slow.

I have never felt that server security at TCH is being compromised and I don't believe it ever will be as long as the same people are running the company. I am curious however - does TCH use mod_evasive and if so - I am assuming you have configured the settings differently to allow XP Publisher and Gallery (or other php scripts) to work in harmony without everyone's IP being blocked? I did read a little about mod_evasive and I noticed a few sites suggested configuration settings which were higher than this gentleman has used.

I would appreciate your comments to help me sort out in my mind how this works with TCH.

Thanks.

Gail
TCH-Bruce
Mar 3 2008, 08:11 AM
mod_evasive is an Apache module to help deal with DOS attacks. Not sure why you would be having problems publising to a server running that module with your XP Publishing Wizard but you can probably get around the problem using FTP instead.
Gail
Mar 3 2008, 11:03 PM
Hi Bruce,

Thanks for the reply. I am not even sure if my friend is going to stick with Gallery2. If he does, I gather it will be him or someone else who will upload the photos once the site is up and running.

I was just curious and was asking if TCH uses mod_evasive and what the settings are. I find it strange that I have never had a problem using the XP Publishing Wizard (which works great) on the servers on TCH and I know someone who has used it on another hosting company and has never had a problem. When I try to use it on again another hosting company, my IP is blocked because 'the program is trying to upload more than one image at a time'. I guess I am asking why there would be a difference between hosting companies when it comes to using XP Publisher. Would it be the settings for mod_evasive and/or would there be other factors as well?

Gail

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.