Yesterday I went to post a member of the week posting. Nobody responded, so I "randomly" chose myself. I wrote everything up and submitted. That's when I was confronted with a 403 error message (which means "access denied" for those that aren't hip to numbers and whatnot). I also tried posting to a thread and got the same thing.
I submitted a trouble ticket last night and the problem was forwarded to upper level support. This morning I received a message saying that the issue has been resolved. Well, it hadn't. I set up one of my test users for them to use so that they could see the error, but oddly enough the test user didn't have a problem. That's when I asked exactly what this alleged fix is that they say they implemented.
"The problem came up because some of the POST requests sent to the pghp (sic) scripts was filtered by a security module on the server, since they were found to contain suspicious strings, like UNIX shell commands."
So, all the POST requests going to their system are sniffed for suspicious strings. I'm not very happy about that. They seem to have fixed a few of the problems, but I can reproduce the error right this very moment. You can too! It's a fun science project you can do at home.
1) Log in
2) Go to any thread
3) Enter the following text as your message: wget
4) After wget, put a space and then http://fakedomain.org
5) Profit
Isn't that sweet? I had to put steps 3 and 4 as seperate steps because if I put the text I'm describing, I get the very error I'm trying to demonstrate. I believe the host has crossed the fine line between security and paranoia. I'm going to append to my trouble ticket, and if they don't either find a way for me to somehow flag the post data as "good" or give me a list of what might be filtered and what might not, then I'll seriously consider switching hosts. This is an inane way to prevent the servers from being h4x0rd.