02-19-2020, 08:08 AM
I've just noted an announcement by Cubedata of more Firewall security. And that made me think. How fail safe will the new firewall be? Like is there a chance it could trigger false positives? I'm asking as in my experience of having lived in Canada, South Africa and the UAE, I sometimes trigger a firewall, just by the mere fact of being in South Africa or the UAE, vs it unlikely to happen when I'm in Canada. I then need to use a VPN, which is frowned upon of course, but the only way when the IPs from the ISP are dynamic IPs that could be blacklisted IPs or IPs of a different length or character than expected by the Firewall.
I believe that for security scripts with Firewall there should be a long list of the Pros and Cons - particularly the Cons - and exactly what to expect from a user point of view when the Firewall comes up with a flag. When this happens - there should be damage legislation in place to exactly describe the abuse in plain English and if found to be a false positive how the problem should be dealt with as a protective measure for BOTH the Data Centre and User. I find the consequences are only one-sided with total lack of regard for the user. Once a flag has gone up and if the host is not particularly savvy, the user is already found guilty without a proper investigation. Like it's automatically assumed the Data Centre and Security Websites are experts - which is not always the case.
At post4vps the majority of users live outside North America and Europe. So are very vulnerable to strict hardware that may trigger false positives easily. I'm also an Administrator at a shared hosting Forum and we come across this all of the time. Our host is German with very strict European standard firewalls at their Datacentres. The majority of our members are from outside Germany. You can't imagine the hard work to unblock IPs all of the time, and having to do this also for experienced users who obviously know what they are doing. And I guess in the case of a VPS it may lead to immediate suspension under a non-specific heading like "abuse". And trying to figure out exactly what happened an almost impossibility. Like "abuse of bandwidth"! Now what does that mean specifically?
When on top of it all the IP has been flagged by the Data Centre through the security networks, causing the IP to be listed on blacklists everywhere. Like panic immediately starts with the host of the server who has been informed by the Data Centre (equivalent of God who can't do anything wrong as they're specialists). The host of the server who is most concerned to lose his business would naturally side with the Data Centre, then immediately suspends the user with delays before proving anything. In the meanwhile with time delays IP gets circulated in the Blacklists. Sometimes the verdict is very clear, but sometimes not so clear. And the damage can not be fixed. The IP and even more importantly the domain associated with the IP gets great damage, and sometimes has to be abandoned.
Ironically I think it's come to the point where the user needs to be protected from all of these security Firewall scripts. The best way to be protected is for the user to insist on complete, transparent, and full information of what the firewall security does and what actions to expect from the Datacentre. If the user is innocent the offending "security" network who caused the IP to be blacklisted should be held fully accountable - not just shrug it off as collateral damage and leave everything for the innocent user to "fix". The user probably also needs full disclosure of the IP and previous "clean" ownership of the IP BEFORE the user accepts the IP. Like instead of accepting these security measures like sheep, users, particularly users who have been caught in false positives should speak up and insist on some kind of damage control that should be more widely shared and not only for the user to deal with. Like the same security network used by Data Centers to blacklist an IP should be made accountable for undoing the blacklisting when a false positive has been found. With due apology to the user.
I believe that for security scripts with Firewall there should be a long list of the Pros and Cons - particularly the Cons - and exactly what to expect from a user point of view when the Firewall comes up with a flag. When this happens - there should be damage legislation in place to exactly describe the abuse in plain English and if found to be a false positive how the problem should be dealt with as a protective measure for BOTH the Data Centre and User. I find the consequences are only one-sided with total lack of regard for the user. Once a flag has gone up and if the host is not particularly savvy, the user is already found guilty without a proper investigation. Like it's automatically assumed the Data Centre and Security Websites are experts - which is not always the case.
At post4vps the majority of users live outside North America and Europe. So are very vulnerable to strict hardware that may trigger false positives easily. I'm also an Administrator at a shared hosting Forum and we come across this all of the time. Our host is German with very strict European standard firewalls at their Datacentres. The majority of our members are from outside Germany. You can't imagine the hard work to unblock IPs all of the time, and having to do this also for experienced users who obviously know what they are doing. And I guess in the case of a VPS it may lead to immediate suspension under a non-specific heading like "abuse". And trying to figure out exactly what happened an almost impossibility. Like "abuse of bandwidth"! Now what does that mean specifically?
When on top of it all the IP has been flagged by the Data Centre through the security networks, causing the IP to be listed on blacklists everywhere. Like panic immediately starts with the host of the server who has been informed by the Data Centre (equivalent of God who can't do anything wrong as they're specialists). The host of the server who is most concerned to lose his business would naturally side with the Data Centre, then immediately suspends the user with delays before proving anything. In the meanwhile with time delays IP gets circulated in the Blacklists. Sometimes the verdict is very clear, but sometimes not so clear. And the damage can not be fixed. The IP and even more importantly the domain associated with the IP gets great damage, and sometimes has to be abandoned.
Ironically I think it's come to the point where the user needs to be protected from all of these security Firewall scripts. The best way to be protected is for the user to insist on complete, transparent, and full information of what the firewall security does and what actions to expect from the Datacentre. If the user is innocent the offending "security" network who caused the IP to be blacklisted should be held fully accountable - not just shrug it off as collateral damage and leave everything for the innocent user to "fix". The user probably also needs full disclosure of the IP and previous "clean" ownership of the IP BEFORE the user accepts the IP. Like instead of accepting these security measures like sheep, users, particularly users who have been caught in false positives should speak up and insist on some kind of damage control that should be more widely shared and not only for the user to deal with. Like the same security network used by Data Centers to blacklist an IP should be made accountable for undoing the blacklisting when a false positive has been found. With due apology to the user.
