Banned Scripts

[dmohs]

The following scripts are not allowed on TCH servers (shared and reseller accounts) Accounts found with any of these scripts installed will be suspended without notice.

 

GreyMatter

PHPShell

CpanelMail

I would like to respond to the last post in that topic, by Head Guru. My response follows.

 

The list is very clear. The list is the list. There is no "suggestion" in Mikes post.

 

I certainly agree. The list is quite clear. What is not clear is the reasoning behind these choices, and therein lies my concern. You see, my "suggestion" was that under the reasoning given behind banning these scripts, almost every program that runs within a shell environment should be banned. If additional scripts are added to this list using the same arbitrary reasoning, I have no way of knowing, short of constant forum polling, that I am running a legal script. If a new script is added, then found on my account, immediate termination would not only disrupt my business, but could also result in a lawsuit by a client using my software to run their own operations.

 

We do not allow ANY TYPE OF PHPSHELL. So running server commands via a script is not allowed.

When I want a directory listing in Perl, I sometimes write:

>$listing = `ls`;

This is a convenient way to get a listing of the current directory's contents. It does so by running the shell command /bin/ls. By the above statement, this technique is not allowed. Am I to remove all instances of this from my programs? I have read both the Terms of Service and the Acceptable Use Policy and have not found a reference to this anywhere. If this is the case, I feel the time required to update all of these scripts would be prohibitive. In addition, since some scripts rely on this type of functionality, I am unsure whether I would be able to reproduce their behavior using another method.

 

If the server is not busy and your site consumes 100% of the server resources your site will be suspended. As stated its case by case.

 

This would suggest that if my script were using 10% of the server resources, but the server was busy, my site could be shut down without notice. Since I have no way of knowing the ongoing server load, my only option is to ensure my script never uses more than some fixed amount – perhaps 1%? However, I know of no way to control this number besides using server tools that I do not have permission to run. Can you suggest a strategy for me to follow that will ensure my script will always behave under these guidelines?

 

To summarize my concern, it does me no good to find a web host who has impeccable uptime if I am under the constant risk of having my site shut down. It is my intention to abide by the rules you have set forth in order to ensure this does not happen, but the topic as discussed here seems to suggest that the rules are not well defined and, therefore, impossible to follow.

[Head Guru]

This topic has been explained over and over again, however for your entertainment I will make one last response.

 

The scripts listed as banned have been banned due to repeated problems with them. It is WELL known that greymatter is a probem script, phpshell is banned as we do not allow end users to have shell access to our boxes and cpanel email has been banned for many reasons. If we are to add another banned script it would be posted here on the forums and we would give notice to any end user before taking action.

 

As a private company we do not have a democracy rules form of management. There are rules put in place for everyone to abide by. The management of TCH chooses what rules and policies to implement. We do not put such in place for fun and games. Such have been implemented to make the shared server environment a safe, happy and productive place to be. With that said, I would ithink that f you can not follow the rules then your account will be terminated and you will be asked to leave the family.

 

We do not allow phpshell nor do we allow shell access on any of our servers. So technically if your running shell commands then your using shell access and it is not allowed. Not sure how else to spell that out for you!

 

Server resource usage is taken on a case by case basis. IF your abusing the server your site will get popped. If your site is using enough resources to effect others on the server we will suspend it. In most cases we will attempt to notify you that your account is in trouble of being suspended and you should take actions to correct the load problems. This is one area that will always remain a grey area. If we were to state that everyone could consume 15% of server resouces before getting suspended, would that be fair? Hell no it would not. Our server loads are always very low, so using the above analogy, if your site eats up 60% of server resources for 10 minutes and then throttles back to nothing your site would have gotten popped at 16%. However, with our current case by case system your site would have been just fine. As I have stated five thousand times on these forums, this is a case by case basis. As system admin with years of experiance it is VERY easy to tell when a site is abusing the server and when a site is not.

 

I find it VERY hard to understand that you cant play by the above rules. They have been explained over and over again and are not going to be changed.

 

We dont police our customers. AT ALL. I dont care what you host in your account, until it becomes my problem. I have also said that 5 billion times.

 

Play by the rules and life is good. Break the rules, and get caught, then life is not so good.

 

Although it is very clear in these forums, we will be added the banned scripts and banned shell use in the AUP & TOS today.

[dmohs]

As I mentioned earlier, it is my full intention to abide by the rules you have set forth both in the Terms of Service and Acceptable Use Policy, as well as any more that are added without my knowledge. My concern has always been the statement that my site will be suspended without notice if I do not abide perfectly by these rules, even if the infringement is accidental.

 

You and I will both agree that the rules, especially those on server resources, are vague. However, your above post indicates that there is a very good reason behind this. I appreciate your reasoning and agree. So, allow me to highlight what I believe to be the most important thing you said:

In most cases we will attempt to notify you that your account is in trouble of being suspended and you should take actions to correct the load problems.

If you truly adhere to this policy, I can be completely at ease. I would have no problem making a correction to a script (or removing it completely) immediately following a warning. If my account was suspended because I did not heed the warning, I would consider the action to be completely fair. It is the notice that makes all of the difference. Even though I am quite certain TotalChoice will never have reason to terminate my account, I would prefer my first contact be from them, rather than a client who has just lost a days worth of productivity.

 

it is VERY easy to tell when a site is abusing the server and when a site is not.

I am only concerned about the cases where the gray area is larger, or the "abuse" unintentional. I am sure there are cases like this.

 

technically if your running shell commands then your using shell access and it is not allowed

This needs to be revisited. If you truly ban all scripts of this nature, you will be eliminating approximately 50% of scripts hosted by TotalChoice (50% is conservative. I have been given higher numbers by developers with more experience than myself). Not many web applications can do without this ability.

 

I respect your time, Mr. Kish. You have certainly earned it - TotalChoice is a phenomenal hosting company and a testament to your ability. Rest assured that it has not been wasted by answering my questions. I have spoken privately with two other TotalChoice customers who were concerned with these issues and wanted clarification. Hopefully this topic will provide that for all of us.

[Deverill]

Sorry to sound impatient, but how much longer are we going to beat this horse?

 

The bottom line is if a server starts choking, Bill and his team will look into it. If they find a script on your account that's causing it they will either terminate the script or shut down the entire account. They won't look through your account looking for thought crimes or nasty rule infractions - they will look at the processes running on the machine and find out which ones are misbehaving.

 

If you and I were on the same server and I had a runaway script wouldn't you expect him to do the same to me? I sure would!

 

As for notice... they will warn if it's a moderate problem but if it's hurting the other clients on that server they'll suspend and email you about it. If you don't check your email often then yes, you will be down for awhile. I'm sure you could change your contact email to an email-enabled cell phone if it's that vital you get instant notification but they will only take normal and reasonable actions to let you know what's happening and again, protecting the other clients on that server will take priority.

 

If you don't do bad scripts you'll never have to worry about it! I read a statistic that said 80% of things people worry about never happen... I'd submit that this is one of them.

 

I'm glad you're interested in following the rules but they have been spelled out as well as can be expected considering the subjectiveness of what's a burden on the server.

 

If it's truly a big concern of yours I'd suggest a dedicated server account. You can pretty much run the CPU into the ground and effectively take yourself down and they won't touch your account.

[dmohs]

how much longer are we going to beat this horse?

You are nearing the end as I also am getting tired of addressing this issue, but until I am satisfied or fed up, I will continue to post.

 

If you and I were on the same server and I had a runaway script wouldn't you expect him to do the same [shut down the account] to me?

Honestly, I do not care nor even want to know what is happening with the other accounts on my server. I care only that my web site is functioning. If it so happens that my web site's continued presence can be achieved only by shutting down another account, then that is what I want. However, for the particular issue we have been discussing here, there exist a number of solutions that do not require this drastic action.

 

[With a dedicated server,]you can pretty much run the CPU into the ground and effectively take yourself down and they won't touch your account.

This does not solve my problem. If my intention is to render my web site inaccessible, there are many ways I can achieve this behavior without writing a faulty script. I have chosen to host the site with TotalChoice, rather than host it on my own server, because I want someone who specializes in this area to be in charge. It ceases to be a benefit when those I have enlisted to keep my site running are the same who bring it down.

 

I understand your frustration at having to constantly discuss this issue. As someone who abhors politics, I would certainly not take this route. I would instead write or contract a program to manage the server load for me so that it was never an issue for either my customers or myself. Perhaps you should also consider such a solution.

[Head Guru]

This thread has reached a end.

 

We have explained our posistion and why we take actions and when we do. If your account does not cause a problem, then there is no problem! If your scripts make server calls, fine. But if they cause issues, we will deal with it! However, phpshell is forbidden.

 

We host over 22,000 domains and do a very good job at it, may I suggest if you can not live within our guidelines that you source a new host.

 

I am closing this thread as I feel there is nothing else to discuss.

 

As I said in my first reply, this is not a democracy and this policy is not up for a vote.

 

Thread closed.