mod_security, 403 and x_m_l_r_p_c

[Fireater]

Hello Jim and everyone!

I have a number of sites running xoops, joomla and drupal as well as wordpress. Since it would be cumbersome to log in into each of them and posting, I (used to) use w.bloggar to post to all these multiple sites at once using the x_m_l_r_p_c servers. This enabled me to post very fast and efficiently in a better environment of my desktop.

At some point of time long ago, access to the x_m_l_r_p_c servers got restricted on page-zone.

At that time, I used to rename x_m_l_r_p_c.php into something else as a workabout and everything used to work fine. [read x_m_l_r_p_c without the underscores]. Nobody knew what the renamed file was and thus they cannot access it.

Recently, am getting a 403 error.

I understand that in the past there were some exploits using badly coded x_m_l_r_p_c servers, so I was patient when the mod_security forbade access to x_m_l_r_p_c scripts even if the file was renamed. I tried to post using the conventional logging in and then post routine.

But now, access to x_m_l_r_p_c has become so necessary for me that I am forced to seek ways to address this issue.

I have been with page-zone since 2002 and had never a chance to find fault with the services this company provides. However this is making me desperate to do something, even move although it would pain me a very lot!

I want to know if there are others who have this problem and how they have coped up.

Also, I want to know how this mod_security stops the access?

Does it scan all the files on the servers looking for the particular string and put them on a blacklist or something?

coz many of my x_m_l_r_p_c files are not named as such.

Even if i use the word here on this forum, the search nor submit new thread refuses to work just like it did on the customer support.

Is this such a great threat??


THank you in advance for any advice!

Jagan Mohan.

[Jim]

A customer since 2002. I commend you and thank you for your longtime support. I celebrate our long time customers every day, and without mod_security I wouldn't have many like you. You would need to put in a ticket, with the details of exactly what you are trying to do, and the steps you take, along with any needed passwords, so I can duplicate it and watch the audit log in real time to see what can be tweaked and still have security.

Also, Apache 2 is out for cPanel servers in beta. The next step is to put it into edge builds. I'd predict it will be stable in about three months. Apache 2 combined with php5 will be a huge performance boost for websites.