FYI - GoDaddy Blocking Upload of 2.0.9 Subs-Post.php

[anothergodaddyuser]

Hello all,

An FYI in case anyone comes across this with GoDaddy...

After some back and forth with GoDaddy over the course of a week it's been verified that on shared hosting accounts this file is being deleted upon upload.

This has been distilled down to the coding on line 1309 in Subs-Post.php - "$socket = fsockopen(strtr($modSettings['smtp_host'], array('smtp.' => 'pop.')), 110, $errno, $errstr, 2);"

This is on a shared Linux hosting account, configuration v2.2, PHP 5. GoDaddy says this can only be uploaded to a VPS or dedicated server.

This was noticed when I tried to update the v2.0.8 tag in the top of the file to 2.0.9 (it's a known quirk, the developer of that file forgot to update the version number when it was released). Upon uploading the file I noticed it was getting deleted, FileZilla had a mention of MALWARE. The file was already on the server without issue and was installed when I used the integrated update utility within SMF. This automatic deletion is only triggered when uploading the file, using outside FTP clients and/or GoDaddy's web based uploader inside their file manager.

It took me 20 minutes to convince GoDaddy to look at what was triggering the MALWARE flag... Being omnipotent as they are, they prefer to push it all on third party developers of course without telling what needs to be done in order to comply with their system.

In closing the incident they sent me the below...

"Dear Sir or Madam,

Thank you for contacting Hosting Support. The above line of code is not allowed to be placed in a shared hosting account.

$socket = fsockopen(strtr($modSettings['smtp_host'], array('smtp.' => 'pop.')), 110, $errno, $errstr, 2); -

It can be uploaded to a VPS or a dedicated server."

Anyways, I figured I'd pass this along to the community.

[Arantor]

Nice to know. This line has been in SMF for a decade. Writing a replacement is... complicated. It is doable, but has consequences and likely GoDaddy will rule *those* as 'insecure' too.

Being omnipotent as they are, they prefer to push it all on third party developers of course without telling what needs to be done in order to comply with their system.

This is not even remotely the first time we have encountered this phenomenon.

[margarett]

It can be uploaded to a VPS or a dedicated server."

Or in a shared hosting account of a good host

Thank you.

[ARG01]

Funny that you should mention this. I have supported Hostgator for the past 10 years due to rarely having any problems. Just this week I suddenly encountered the same issue. HG was unable to arrive at a logical solution so I finally closed my account and moved on. 

[Kindred]

Jeez... the things they do in the name of "protection"

just because those function calls CAN be used by hackers, they assume that no valid software will use them?


Idjits...

[ARG01]

When in reality, true hackers normally don't waste their time on a simple forum. The majority of forum hacks are usually done by allowing the wrong member admin permissions.

[Kindred]

SimpMode... no, that's not quite what I meant.

Often, once a site IS hacked, the hacked files will contain code like fsockopen and sendmail

So, hosts who have no clue about things see a notice that hackers use that code and automatically assume anything with that code is a hacked file. It bascially comes down to idiots who have no clue how to properly and securely configure their own servers... (just like the issues with mod_security)

[Arantor]

Actually the hackers are getting smarter. The last few malware clean ups I did, the hackers were writing bulk emailers but not using fsockopen to do it.

[JBlaze]

Actually the hackers are getting smarter. The last few malware clean ups I did, the hackers were writing bulk emailers but not using fsockopen to do it.

Just like spammers. You block one port, and two more open. It's the way of things.

[Arantor]

Fortunately, the alternatives are sufficiently low key it should be a while before GoDaddy et al catch on, especially as the malware I saw did some seriously funky-ass obfuscation. I was impressed with it.

[iain sherriff]

Funny that you should mention this. I have supported Hostgator for the past 10 years due to rarely having any problems. Just this week I suddenly encountered the same issue. HG was unable to arrive at a logical solution so I finally closed my account and moved on.

I am admining a forum that is on hostgator ATM. The forum ownwer messaged them at my request when i couldn't put 2.0.9. in and they fixed it imediately (said there was something in the httaces file but I dont have details)

[ARG01]

Funny that you should mention this. I have supported Hostgator for the past 10 years due to rarely having any problems. Just this week I suddenly encountered the same issue. HG was unable to arrive at a logical solution so I finally closed my account and moved on.

I am admining a forum that is on hostgator ATM. The forum ownwer messaged them at my request when i couldn't put 2.0.9. in and they fixed it imediately (said there was something in the httaces file but I dont have details)

The longer version:

I was first told by HG that there was a MySQL issue on their end and they were attempting to fix it. This went on for a few days before they came back and blamed it on PHP version conflicting with SMF. I told them that they were wrong and and the problem also exists with my Wordpress sites. They then admitted to rebooting all of their Reseller servers just before the issue began and that all of their Resellers were having the same issue.
After eight days I inquired about an update and that is when they said that there were scripting issues with the SMF software and I should consider an alternate software for my forums. When I told them that I had been using SMF on their servers for 10 years without issues, they then began blaming my browser. I said that the issue exists with IE, FF, Chrome and Opera. This is when they went back to blaming MySQL. Things were at the point where I could not even reach my sites or log into my cPanel or WHM.
Unfortunately, all of my backups resided temporarily on my server as I was in the middle of switching to a new laptop at the same time.

To sum up: This was all beginning to seem all too familiar, reminded me of my GoDaddy days. I told Hostgator to shove it and am now starting over from scratch with a new host.