I have gotten to the point that when it comes to my systems when somebody tells me I am wrong it is just a matter of time before not only do I diagnose the issue but I can prove it.
I was trying to get WHMCS working. Every time I would try to save the initial configuration page I would get a 403(permission denied) error with nothing logged by the web server. I contacted WHMCS support and they basically told me it’s on your end. You need to contact your system admin or server provider. It was immediately evident this is a boilerplate answer because the “technician” never even looked at the url to try to see if I MIGHT be the server admin.
I started digging and I noticed that when I triggered the 403 error Virtualmin(my control panel) would also croak. I then thought..oh crap that’s an XSS vulnerability. I then went and looked at my application firewall(Wordfence) that protects my WordPress installation and sure enough in THAT log is the XSS alert along with the url(WHMCS) that caused the problem. The application firewall stopped not only the offending(WHMCS) process but any other process it attempted to touch(Virtualmin). This is exactly what it is supposed to do..if it only stopped the aggressor process and left the potentially compromised victim running that’s a huge vulnerability.
ETC Marylands Enhanced WordPress Hosting gives you much better security out of the box than most hosts at this price point. From increased security, dedicated IPV6 address, free SSL, WordPress with enhanced security, and a professional theme you can be sure your website will be ready to go with a solid foundation in both security and design. Along with Curely Marketing we offer a superior value from the basic foundations to the final product. Contact ETC Maryland for a web host that truly can help protect your website from threats in today’s online world.