Previous Thread
Next Thread
Print Thread
Hop To
Joined: Dec 2003
Posts: 6,560
Likes: 78
Joined: Dec 2003
Posts: 6,560
Likes: 78
Here is my experience with a brand new bluehost shared pro plan.
I installed ubb 7.7.2.
A net new install.
I used the default permissions
folders 755
files 644
Since I already knew they don't support 777

All went well til I edited a option in the control panel and clicked on submit.
I think it was cookies.
It bumped me off and displayed a error.
I could not log back in.
Quote
Not Acceptable!

An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.
So I used the cpanel no errors were present.
I called bluehost. about mod_ security.
After listening to a 5 minute ordeal about how important it was they finally offered to disable it.
I said do it.
Then they stated it can take up to 24 hours for a push.

Then I asked about specific errors.
This was what they said . In general terms.
Quote
You have four error log entries.
1.. html access
2. javascript.text
3. image.gif
4. image.png

They could not provide any specifics because I was not going to wait for second level support.
So now I am waiting for 24 hours for the push.

I did run the test script and found a few deficiencies prior.
But no failures.
For file size and variables but I do have access to fix them. in the php editor.

BTW,
They pre install wordpress and it is a royal pain to get rid of.
Besides it is a hosted version though free for 1 year..
You need to enable it for your site before you can goto to settings and delete it.
Unless you want to manually delete the database then the files and edit the .htaccess file.
Which I tried and it barked back.

Then you are charged by wordpress.com after 1 year and 1 month or it expires according to the ..htaccess file.
The hell is I did not request a wordpress site that they offer.

Last edited by Ruben; 07/21/2019 5:51 PM. Reason: added comment

Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Joined: Apr 2004
Posts: 1,945
Likes: 145
UBB.threads Developer
UBB.threads Developer
Joined: Apr 2004
Posts: 1,945
Likes: 145
which plan did you purchase from Bluehost?

it sounds like you wanted this one:
https://www.bluehost.com/hosting/shared

but instead you ended up ordering this one:
https://www.bluehost.com/wordpress/wordpress-hosting

I'm with Bluehost and never had to deal with file permissions on any of the many client accounts with various hosting options I've had with them. Though, I always steer clear of their "WordPress Hosting" package because i usually need something beyond just WordPress. I install WordPress myself, if I need it. I have no need for them the manage it for me. And I have no need for a dedicated WordPress only package, which sounds like something you might have.

see attached screenshots to compare traditional "Shared Web Hosting" vs "Shared WordPress Hosting."
Attachments
download_20190721_155644.jpg download_20190721_155648.jpg


Current developer of UBB.threads PHP Forum Software
Current Release: UBBT 7.7.5 // Preview: UBBT 8.0.0
isaac @ id242.com // my forum @ CelicaHobby.com
Joined: Dec 2003
Posts: 6,560
Likes: 78
Joined: Dec 2003
Posts: 6,560
Likes: 78
I double checked the purchase it is the pro plan no mention of Wordpress Wordpress


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Joined: Apr 2004
Posts: 1,945
Likes: 145
UBB.threads Developer
UBB.threads Developer
Joined: Apr 2004
Posts: 1,945
Likes: 145
I dont know what to say.

One of my main test/dev sites is on a Bluehost Pro shared hosting account. I also have WordPress installed on that same hosting account.

WordPress (self managed)
https://id242.com

UBB.threads 7.7 3 WIP
https://id242.com/forums

Using a Bluehost SSL certificate.


Current developer of UBB.threads PHP Forum Software
Current Release: UBBT 7.7.5 // Preview: UBBT 8.0.0
isaac @ id242.com // my forum @ CelicaHobby.com
Joined: Apr 2004
Posts: 1,945
Likes: 145
UBB.threads Developer
UBB.threads Developer
Joined: Apr 2004
Posts: 1,945
Likes: 145
Originally Posted by Ruben
I used the default permissions
folders 755
files 644
Since I already knew they don't support 777

I can confirm. On Bluehost, setting file attributes to 666 or 777 on php files will give an error. They wont execute.

---

From im / pm with gizmo -

Originally Posted by Gizmo
Bluehost's rules are hitting something on the page Ruben is requesting

their hints say what the log contained that matched i guess

cookie setting is an odd thing to match

iirc they're regular text strings it matches

so if there was a post containing "html access", it'd throw a mod security error

or if say a page in the control panel included that string


Current developer of UBB.threads PHP Forum Software
Current Release: UBBT 7.7.5 // Preview: UBBT 8.0.0
isaac @ id242.com // my forum @ CelicaHobby.com
Joined: Dec 2003
Posts: 6,560
Likes: 78
Joined: Dec 2003
Posts: 6,560
Likes: 78
Still waiting for my 24 hours to be up mod-security is still enabled.

I also started over with a fresh install.
I was logged in browsing the control panel with out editing anything.
But as soon as I logged out and attempted to login again mod-security error pops up.
I can view forums calendar help active topics as a guest.
But of course there is nothing to look at other than the one default category.


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Joined: Dec 2003
Posts: 6,560
Likes: 78
Joined: Dec 2003
Posts: 6,560
Likes: 78
Well it is well past 24 hours mod_security is still on.
I called.
This rep stated that what I was told was in error.
That they will not disable mod_security.
They said they only support wordpress and custom apps I need to get in contact with the developer.
Then I asked about wordpress and my .htaccess file since it has expires for cache etc and I was told all bluehost sites are now wordpress sites.
I tried again to edit my .htaccess file with no luck.
here is my htaccess file.
Quote
# BEGIN WordPress
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType text/html "access plus 5 minutes"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 6 hours"
</IfModule>
<ifModule mod_headers.c>
Header set X-Endurance-Cache-Level "2"
</ifModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php70” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php70 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
could any of this cause a issue. with mod_security.
I have had no luck editing it.
I have to do something.

The site is at acusersforum.com/ub/


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Joined: Dec 2003
Posts: 6,560
Likes: 78
Joined: Dec 2003
Posts: 6,560
Likes: 78
Update
I can't use the login url
But guess what I registered a new users and that works.
Of course it is not a admin.
But as soon as I logout that user and log back in the mod_security error is back.

I just tried ubb7.7.1 same mod_security issue.
The only differece is 7.7.1 during install tries to use https: for paths and 7.7.2 does not.

Last edited by Ruben; 07/22/2019 5:08 PM.

Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Joined: Jul 2006
Posts: 116
Likes: 4
P
Member
Member
P Offline
Joined: Jul 2006
Posts: 116
Likes: 4
You could try to disable mod_security with .htaccess. Add the following to your .htaccess file:
Quote
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

Joined: Dec 2003
Posts: 6,560
Likes: 78
Joined: Dec 2003
Posts: 6,560
Likes: 78
Already tried that. It makes no difference.


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Joined: Apr 2004
Posts: 1,945
Likes: 145
UBB.threads Developer
UBB.threads Developer
Joined: Apr 2004
Posts: 1,945
Likes: 145
ruben, i sent you a pm laugh


Current developer of UBB.threads PHP Forum Software
Current Release: UBBT 7.7.5 // Preview: UBBT 8.0.0
isaac @ id242.com // my forum @ CelicaHobby.com
Joined: Apr 2004
Posts: 1,945
Likes: 145
UBB.threads Developer
UBB.threads Developer
Joined: Apr 2004
Posts: 1,945
Likes: 145
It looks like Bluehost may have mod_security pattern match the URL to look for "http" and "https" in the URL's query string.

UBB.threads currently uses urlencode(get_current_url()) and appends it to the LOGIN link, so that a user will be taken back to the previous page (Originating Current URL) when they successfully log in.

This is an example of what Bluehost may be pattern matching for:
Code
Pattern match "(?:;|/|\\\\|
)(?:\\\\b(?:cat|ls|perl|uname|pwd|cp|kill|tclsh8?|cpp|f(?:etch|tp)|http|https|python|chown|rm|kill|ping|rsync|r
diff-backup|scp|wget|curl|links|g\\\\+\\\\+|ch(?:grp|own)|passwd|r?(?:b|d)ash|t?c?sh|telnet|clang|nc)
\\\\b
|\\\\bsleep\\\\b [0-9])"

Request that they remove "http" and "https" from your mod_security patern match. Meanwhile, I'll look at passing the OCU data through to the login page in a different manor for an upcoming version of UBB.threads.


Current developer of UBB.threads PHP Forum Software
Current Release: UBBT 7.7.5 // Preview: UBBT 8.0.0
isaac @ id242.com // my forum @ CelicaHobby.com
Joined: Jul 2006
Posts: 116
Likes: 4
P
Member
Member
P Offline
Joined: Jul 2006
Posts: 116
Likes: 4
Originally Posted by Ruben
Already tried that. It makes no difference.
Do you have access to the error log file? The exact mod_security error should show up there.

Joined: Dec 2003
Posts: 6,560
Likes: 78
Joined: Dec 2003
Posts: 6,560
Likes: 78
Isaac,
You are spot on with the problem.
When I select login I get for a url
http://acusersforum.com/ub/ubbthreads.php?ubb=login&ocu=http%3A%2F%2Facusersforum.com%2Fub%2Fubbthreads.php%3Fubb%3Dcfrm

I get the mod_security error.

But while that url is in the browser I just edit it and remove http
acusersforum.com/ub/ubbthreads.php?ubb=login&ocu=%3A%2F%2Facusersforum.com%2Fub%2Fubbthreads.php%3Fubb%3Dcfrm
It works.

Also this URL works
acusersforum.com/ub/ubbthreads.php?ubb=login
Could this be a temporary fix till the next version?

Not sure at this point in time where to edit and just hardcode the login link to that right now



Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Joined: Apr 2004
Posts: 1,945
Likes: 145
UBB.threads Developer
UBB.threads Developer
Joined: Apr 2004
Posts: 1,945
Likes: 145
I'm working on a solution for you right now, and will post it today.


Current developer of UBB.threads PHP Forum Software
Current Release: UBBT 7.7.5 // Preview: UBBT 8.0.0
isaac @ id242.com // my forum @ CelicaHobby.com
Joined: Apr 2004
Posts: 1,945
Likes: 145
UBB.threads Developer
UBB.threads Developer
Joined: Apr 2004
Posts: 1,945
Likes: 145
I really dont like this solution, but it should work for you as a dirty patch.

in /libs/ubbthreads.inc.php

FIND:
Code
return "$http://{$_SERVER['HTTP_HOST']}{$url}";

REPLACE WITH:
Code
return "//{$_SERVER['HTTP_HOST']}{$url}";

Protocol-relative links (PRL), also known as protocol-relative URLs (PRURL), are URLs that have no protocol specified. For example, //example.com will use the protocol of the current page, either HTTP or HTTPS

Last edited by isaac; 07/23/2019 9:06 AM. Reason: added scheme def

Current developer of UBB.threads PHP Forum Software
Current Release: UBBT 7.7.5 // Preview: UBBT 8.0.0
isaac @ id242.com // my forum @ CelicaHobby.com
Joined: Dec 2003
Posts: 6,560
Likes: 78
Joined: Dec 2003
Posts: 6,560
Likes: 78
I will give it a try after my third call to bluehost.
Thank You.


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Joined: Dec 2003
Posts: 6,560
Likes: 78
Joined: Dec 2003
Posts: 6,560
Likes: 78
Maybe if I complained more I might have had more success.
But I got tired of calling back.
Bottom line what I have been told by Bluehost.
Talking all net new shared account plans only.

All new shared hosting accounts are wordpress accounts.
It comes with wordpress preinstalled at the root.
Bluehost only supports wordpress and addons that are what are in the cp, But most all are wordpress plugins.
They call it the market place. section.

There is no way to view any mod_security errors on your own.
Customer service can only see high level errors and you need to get 2nd level support to get details..
Current policy is they will not disable Mod_security nor edit any rules anymore.
Even though I was told on the first call they would..
they later stated that person was in error.

Editing htaccess to disable mod_security is ineffective.

In addition I found that zlib comes disabled and input_variables plus post file sizes are inadequate.
But they can be changed on your own in the php ini editor in the control panel.

For now the dirty patch Isaac provided above works.
Thank you


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Joined: Jun 2006
Posts: 626
Addict
Addict
Joined: Jun 2006
Posts: 626
I am using 7.7.1 in a shared account plan with Bluehost and everything is running just fine, however, I have been with them for several years.

If I go to 7.7.3 will I then run into the same type of problem as Ruben is having???

Joined: Apr 2004
Posts: 1,945
Likes: 145
UBB.threads Developer
UBB.threads Developer
Joined: Apr 2004
Posts: 1,945
Likes: 145
Originally Posted by Daryl Fawcett
If I go to 7.7.3 will I then run into the same type of problem as Ruben is having???

as stated in my first and second replies to this topic, no. No, you will not have any of these such problems at all.

edit:
in addition, there has been a workaround implemented since UBB.threads 7.7.3 to avoid this specific mod_security setting.

Last edited by isaac; 08/12/2019 6:56 PM.

Current developer of UBB.threads PHP Forum Software
Current Release: UBBT 7.7.5 // Preview: UBBT 8.0.0
isaac @ id242.com // my forum @ CelicaHobby.com
Joined: Dec 2003
Posts: 6,560
Likes: 78
Joined: Dec 2003
Posts: 6,560
Likes: 78
Something I stumbled upon is a company known as eig is acquiring a lot of hosting company's including bluehost and changing hosting specs unknown to the customer. Here is a list of acquired company's
EIG hosting

Last edited by Ruben; 09/20/2019 4:45 PM.

Blue Man Group
There is no such thing as stupid questions. Just stupid answers

Link Copied to Clipboard
ShoutChat
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
spam issues
by ECNet - 03/19/2024 11:45 PM
Looking for a forum
by azr - 03/15/2024 11:26 PM
Editing Links in Post
by Outdoorking - 03/15/2024 9:31 AM
Question on barkrowler and the like
by Mors - 02/29/2024 6:51 PM
Member Permissions Help
by domspeak - 02/27/2024 6:31 PM
Who's Online Now
1 members (Havenofsobriety), 522 guests, and 99 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Los Angeles
Los Angeles
by isaac, August 6
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20230217)