GoDaddy Shared Hosting Now an Issue
Hosted Through GoDaddy’s Inexpensive Shared Hosting Plan?
Hosting on GoDaddy and seen this lately: “Returned Fault: NetConnection.Call.Failed”? You’re not alone…
As of sometime around July 22, 2014, GoDaddy has implemented what are called “Phase 2 mod_security rules”. These rules are extreme and, according to GoDaddy, necessary to preventing brute force attacks on their WordPress installs. What is so awful about preventing these attacks? Well in this case they block any IP that accesses a script repeatedly over a short period of time. This means any application, by any company, that accesses a gateway for a phone application, web application, or AJAX application will be temporarily banned from the site. You can see this for yourself by accessing the WordPress “admin-ajax.php” file that is used to run any behind the scenes data pulls that can make your site look so fancy. It also means that the WP EasyCart admin consoles will lock up after a few clicks around, which is less than ideal.
Minimal Good News
The very little good news we can provide is that although your IP is temporarily blocked, no other users on your site will have the same experience. This means downtime for you, but not for your sales, which is a small win in this situation. That is all we can find for our shared host GoDaddy users though.
Solutions to This Issue
- Contact GoDaddy and ask them to “white list your IP address for the mod_security on your host”. This will prevent their security measures from blocking you on your own server. You can find your IP address by typing in, “what is my IP” on Google. Keep in mind, you will need to have them white list any IP that will be accessing the site using the WP EasyCart admin tools.
- GoDaddy suggests that you upgrade to a VPS server and this option has been verified as a solution by multiple customers.
- Switch hosts, GoDaddy appears to have implemented this to upsell their customers from their very low priced services. Blue Host has speeds of 4-5x that of GoDaddy for WordPress installs and we highly recommend them.
Error Log Through Testing
For your reference, if you are interested in seeing what GoDaddy is doing exactly with their servers:
- [Wed Jul 23 23:21:56 2014] [error] [client XX.XXX.XX.XX] ModSecurity: Access denied with connection close (phase 2). 1 [file “/web/httpd2/modsecurity.d/activated_rules/modsecurity_gd_07_post_guardian.conf”] [line “36”] [id “XXXXX”] [msg “BLOCKED – Bot detected! Score: 54:4:36:0:1:95”] [hostname “yoursite.com”] [uri “/wordpress/wp-content/plugins/wp-easycart/inc/amfphp/Amfphp/index.php”] [unique_id “XXXXXXXXXXXXXXX”]
- [Wed Jul 23 23:21:56 2014] [error] [client XX.XXX.XX.XX] ModSecurity: Access denied with connection close (phase 2). 1 [file “/web/httpd2/modsecurity.d/activated_rules/modsecurity_gd_07_post_guardian.conf”] [line “25”] [id “XXXXX”] [msg “BLOCKED – Automated Attacks(cached)”] [hostname “yoursite.com”] [uri “/wordpress/wp-content/plugins/wp-easycart/inc/amfphp/Amfphp/index.php”] [unique_id “XXXXXXXXXXXXXXX”]
- [Wed Jul 23 23:21:56 2014] [error] [client XX.XXX.XX.XX] ModSecurity: Access denied with connection close (phase 2). 1 [file “/web/httpd2/modsecurity.d/activated_rules/modsecurity_gd_07_post_guardian.conf”] [line “25”] [id “XXXXX”] [msg “BLOCKED – Automated Attacks(cached)”] [hostname “yoursite.com”] [uri “/wordpress/wp-content/plugins/wp-easycart/inc/amfphp/Amfphp/index.php”] [unique_id “XXXXXXXXXXXXXXX”]