It’s ours. Well, kinda Google’s. Auto detection means the Google natural language API picked up negative sentiment in the post content. It’s nothing to do with 1&1.

Fireboat2 is a testing account I use.

Stephen

Hi Stephen,
If it's any help I've noticed this Spam reference, see attached screen snip.

Is the Auto detection mentioned ours or theirs??
'Fireboat2' ???
Cheers, Doug

1&1's feedback upon requesting more detail:

-----
Your database was locked due to a spammed table. You'll need to verify the content of the table and clean up the spammed content or it will get locked again. You should also enable security features like a captcha to protect your website from spambot attacks. Cleaning up the tables improves the performance of the database.

For example: SELECT * from db.Table ORDER BY 1 DESC LIMIT 10;

Reviewing the table its possible this a false positive. Please review.

Best Regards,
Security Team
1&1 IONOS
-----

So all in all, no detail I can work off. Anyone know what a spammed table means? What does spammed content look like? The website already has a captcha system in place, plus bot attack detection. "Reviewing the table it's possible it's a false positive" means 1&1 are admitting their spam detections may have got it wrong?

Hopefully we've members out there who can help me decode this!

Thanks,
Stephen

"I wonder how many of such actions goes back to the international fight against terrorism.."

You can actually trace it back to the fall of the Berlin Wall, and the realisation shortly afterwards that an influential community was short of an enemy which justified its existence.

I try to run my life on fixed principles (which is a foolish thing to do - vide Socrates), and was very unhappy about the Western response to the end of the Cold War. But discussing this would move us into politics, and I cannot see a Politics thread on this site (for which I am deeply thankful!). I will therefore say no more.

My principles also encompass Richard Stallman's approach to the web, in that everything ought to be freely created. You will note that the four web sites I run neither have adverts nor do they solicit cash donations. People have tried to provide these in the past, and I have turned them away. So I have also established my position on that very many years ago...

Are we talking shades of Orwell 1984 ?

Evening Dodgy,
Apart from the 'censorship' you mention.
I wonder how many of such actions goes back to the international fight against terrorism as well as child porn networks. Not simply censorship but surveillance to track the perpetrators. If so I have no problem with that at all, although I agree that the domain providers might apologise after the event if they, or their 'advisers', got it wrong.
In such cases they would of course NOT be inclined to give advance warning of an investigation!

BTW; A word to the wise! I note that you have been a site member since 2009 (congrats. 5 years before me), and your valuable contributions have increased, almost exponentially, since 2017. Retired then perhaps, like me? 😉
You obviously have much to say and a broad range of knowledge and experience to draw on👍 Welcome to the club.
I find it though a little disappointing and surprising that you are making more and more use of our platform without contributing to it's upkeep!
A fiver now and again won't hurt will it?
'On paper' (🤣) we have over 5000 members, most are inactive or look around once in a while, maybe extract some useful info, but never post or contribute.
The majority of the posts, blogs and info, as well as the cost of maintaining the site (also 'your' platform in that sense) are covered by a mere handful of us.
The site costs are not exorbitant but need to be paid.
Stephen, and his assistants, work for free but domain host etc must be paid for.
Looking forward to seeing the Contributors Medal of Honour on your avatar.👍
Your decision. All contributions are voluntary and the site is free!

Best regards, Doug 😎

".....More concerning is that they are even scanning the databases... that does mean they're checking through all user data.............. I personally think it's wrong that they do this. Albeit a robot that does it..."

Given the current move towards extensive web censorship by the Government, and the consequent legal impact on any site which is held to be in breach, I can see why your web host does this. They could well be following Government direction to do it. They may also be required to secretly report any suspicions they have, like the 'Prevent Duty' for schools. See https://www.gov.uk/government/publications/protecting-children-from-radicalisation-the-prevent-duty

False positives from this are going to be fun...



"....If spam is in the database, it's pretty harmless unless it's executed on the website and there are measures in place to prevent code from being surfaced...."

I wouldn't think of Spam as being executable - if it is I would count that as Malicious Software, and I would have a policy of removing it to a safe repository immediately. And telling the Webmaster...

There is a balance to be attained between being fairly safe from Web attacks, and being able to operate with minimum disruption. It is up to your host's security team to define and maintain that balance, and they really ought to gain customer agreement and involvement in how they do that.

I have requested further information, although not holding my breath that they'll get back with anything useful. A few things have crossed my mind, there are data rows with special characters in them, although this is harmless, lots of emoji's of course, but that's acceptable within the utf8mb4 character set. There are a few blob data types, where json data is stored, none contain anything harmful though.

More concerning is that they are even scanning the databases... that does mean they're checking through all user data. Not that there's anything overly sensitive in there (I always treat it as public anyway in case it's ever hacked, so no passwords are stored there, no bank details or anything), but there are websites which do store such things. I personally think it's wrong that they do this. Albeit a robot that does it...

If spam is in the database, it's pretty harmless unless it's executed on the website and there are measures in place to prevent code from being surfaced.

All web hosts are as bad as each other. They do do some things right, the files are daily backed up, the database will now be daily backed up with the files. Generally the support is quite good, not hours on the phone, more minutes. It's just they generally blame the customer for websites going down before they check if it's them.

"The hosting company say the database was locked by the security team as SPAM content was detected in the forum table. Getting it unlocked proved slow and now it is unlocked, I can't see any issue with it."

That raises a lot of questions!

Did they know that locking the database would drop the site for 24 hours? If not, they made a technical error. If they did, I would like to see the security justification for this.

Malicious software - maybe close down the site if you can't clean it immediately.

Spam - surely inform the webmaster and ask what should be done? The spam would have to be very bad to take the site off-web. And surely you would be able to show the webmaster what the problem was later?

I wonder if there was a technical balls-up and this is a convenient excuse? Security is NOT about closing things down if you hear a rumour that there might be a problem - it's about running a business so that there are no nasty surprises. The security team is responsible for running a service just as much as the ops team are. Security should be running things safely - with the accent on 'running'. If they don't, they are just another DoS threat.

I would ask for a report from security which includes the reason for the locking decision...

Better safe than sorry I guess, keep up the good work Stephen

Hi Stephen.
Much relief that this site is up and running again, I was getting a bit concerned 😓.
The club's website that I built (stalbansmes.com) is also hosted on 1&1 and I've not had any problems (yet) but it's the kind of thing that worries me will happen one day 😨 , so I back it up at least once a month.
Robbob.