Skip to main content
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution
BPickle
New

Odd support answer on disabling Sucuri's Firewall. Was I really chatting with GoDaddy?

Hi.

 

Last week I had an hour and a half conversation via chat with two tech people who claimed to be with GoDaddy. But given the answer I was given to my question, now I'm not so sure.

 

I was asking for a link that I could pass on to my client that would explain to him how to disable the Web Application Firewall (WAF). Instead, I was given https://www.godaddy.com/help/disable-web-application-firewall-waf-bypass-32308 which I had already found before initiating the chat. I was given that link 4 different times, and was repeatedly told by the initial tech and someone above him that the info on that page explained how to disable the firewall. Even after I explained how that page said absolutely nothing about disabling the firewall, I was told:

 

"I would request you to contact a developer where he can review the link and give you the confirmation, as it is confirmed by the godaddy experts that this is the only link for disable the WAF ...."

 

"To be honest, it is the correct link after checking with the godaddy resource team, ...."

 

Even though I initiated the chat from uk.godaddy.com, is it at all possible that these tech people were hackers phishing for account details? I just find it difficult to imagine that a genuine GoDaddy tech person would think that disabling the bypassing of the firewall is the same as disabling the firewall, and that putting code in an htaccess file would disable a Sucuri firewall. And the claim that "GoDaddy experts," in essence, can't understand such basic issues, I just find that hard to swallow.

 

The immediate lead up to the insult that I contact a developer, when I am the developer, was as follows:

 

--------------------------------------------------------

 

Tech: ... Select Security and scroll down to Preventing Firewall Bypass.

 

Me: See? "Preventing Firewall Bypass."

 

Tech: Once you enable the WAF it comes under the status as "Preventing Firewall Bypass."

 

Me: That page is about preventing people from bypassing the firewall. It's not about disabling the firewall, at all.

 

Tech: Cool, can we give a try using the above steps and check If it is working or not, If that works the is correct and you can understand that, I have shared you the correct link.

 

It would be better if you can can do that right now or you can ask the account holder to contact us.

 

Me: Look at #6 on that page. It says to put the code in the htaccess file, or in the nginx config file. Adding code to an htaccess file is not going to change the A @ DNS record to the correct IP.

 

No, you have not shared the correct link.

 

The account holder already contacted you this morning, and it's still not fixed.

 

So just give me a link to a page on your site that explains how to disable the GoDaddy Security Plan, and I'll try and take it from there.

 

Tech: I would request you to contact a developer where he can review the link and give you the confirmation, as it is confirmed by the godaddy experts that this is the only link for disable the WAF ....

 

--------------------------------------------------------

 

That last comment came 40 minutes after I was first given that link. Nearly 30 minutes later was this exchange with the higher level tech, just before our conversation ended:

 

--------------------------------------------------------

 

Me: Then what you are saying is that once a customer buys into the security plan or WAF, he has absolutely no way to disable or remove it on his own. Right?


Higher Level Tech: Adding code as per article is one step, earlier the option was directly available on website security interface to enable/disable it directly. IF not finding option then raising ticket is best thing.

 

Me: "Adding code as per article is one step, ...."

 

That's utterly false. Why would you give out false information like that?

 

You've given absolutely no explanation as to how that would change the DNS A @ record.

 

Higher Level Tech: Once firewall is disabled, you can add A record with @. Currently thats the information we have from our end.

 

Me: Any knowledgeable tech support person who reads that page can see that it has nothing to do with disabling the firewall.

 

Sure, but that has nothing to do with adding code to an htaccess file.

 

--------------------------------------------------------

 

Were these guys hackers, phishing for account details?

1 ACCEPTED SOLUTION
JesseW
Community Manager

Hi @BPickle. Thanks for taking the time to relate your experience. To address your essential question, I think it's far more likely that you encountered agents that are unfamiliar with the Website Security product than malicious actors trying to gain your information. That being said, I'm terribly sorry that you had such an experience. If you'd like to reach out to me via private message with more information about the account you were chatting about, I will have our internal teams review your interactions with our customer care team. 

 

As for disabling the WAF, if you haven't already figured it out, there is a "Deactivate" button in the firewall settings. However, you may also need to manually update the IP address that the domain for the website points to so that it goes directly to the hosting IP instead of the firewall IP. Depending on where the domain is registered and hosted, the instructions on updating DNS can vary. I hope that helps! 

 

JesseW - GoDaddy | Community Manager | 24/7 support available at x.co/247support | Remember to choose a solution and give kudos.

View solution in original post

2 REPLIES 2
JesseW
Community Manager

Hi @BPickle. Thanks for taking the time to relate your experience. To address your essential question, I think it's far more likely that you encountered agents that are unfamiliar with the Website Security product than malicious actors trying to gain your information. That being said, I'm terribly sorry that you had such an experience. If you'd like to reach out to me via private message with more information about the account you were chatting about, I will have our internal teams review your interactions with our customer care team. 

 

As for disabling the WAF, if you haven't already figured it out, there is a "Deactivate" button in the firewall settings. However, you may also need to manually update the IP address that the domain for the website points to so that it goes directly to the hosting IP instead of the firewall IP. Depending on where the domain is registered and hosted, the instructions on updating DNS can vary. I hope that helps! 

 

JesseW - GoDaddy | Community Manager | 24/7 support available at x.co/247support | Remember to choose a solution and give kudos.

View solution in original post

Hi @JesseW. I think you are right that they were unfamiliar with the Website Security product. And that's fine. It's the inability to realize that putting code in an htaccess file wouldn't disable the firewall, and the inability to realize that disabling bypassing a firewall is not the same as disabling a firewall, even when told multiple times, that concerned me. I would expect tech support folks helping English speakers to understand what an htaccess file does, and to understand English webpages on the website of the company they work for.

 

Thank you for the info on the deactivate button.

 

My client tried to change the IP address and got an error message. I then assumed that the IP could not be changed without disabling the firewall, but that was just a guess on my part.

 

I will PM you.

 

Thanks again.