MyBB Community Forums

Hi all,

Site information:
URL: http://forumauthority.com/
Version: 1.8.7


Having a slight problem with my forum. We are trying to implement a thread with HTML code using the HTML in posts plugin. However when the thread is submitted, it gives the user the error of: "403: forbidden" (see image below).
This error is also apparently occurring for some of my users on standard, non-html threads. (though I have not been able to verify this one through self-replication).

The error occurs (at least, the one that I replicated) upon posting a HTML code for paypal buttons within the thread.
This is the exact error that I am getting:
http://i67.tinypic.com/110dlya.png

I have tried the following:

1. Disabled all plugins (error remained)
   
2. Tried without HTML (error occured still, but intermittently.)
   
3. Ensured that the .htaccess contains:
   <IfModule mod_security.c>  
   # Turn off mod_security filtering.   SecFilterEngine Off    # The below probably isn't needed, but better safe than sorry.    SecFilterScanPOST Off</IfModule>

However, as you can probably imagine, the error still occurs. I contacted my host but he was stumped by the issue, as am I. So I have come here in the hope that one of you could help me. Most likely I am overlooking something simple.

I'd be very grateful for any and all help that I can get, as I am rather stumped as to what is causing this. The site does run through cloudflare as a CDN and cache, but I also disabled this to ensure that it wasnt caching an issue, but it still occured (though cloudflare is now back on).

Many thanks in advance,
Katos.

---

Test accounts can be created if needed (forgot to mention that, sorry!)

if the problem was suddenly started without doing any changes then it could be changed file permissions
or additional security imposed by web host (eg mod_security). if it is mod_security then it might not be
possible to bypass it through .htaccess - instead it should be disabled from the server level by webhost

(2016-05-12, 11:56 AM).m. Wrote: [ -> ]if the problem was suddenly started without doing any changes then it could be changed file permissions
or additional security imposed by web host (eg mod_security). if it is mod_security then it might not be
possible to bypass it through .htaccess - instead it should be disabled from the server level by webhost

I reckon it is our mod_security. I spoke to the webhost and he said he wasnt sure, and checked the mod_Security but couldn't find a ruleset that would cause this (though tbh I am not sure he's familiar with MyBB and the rulesets that might conflict) do you know what rules to check so I can pass this on, or ...?

Also, would you happen to have a list of file permissions (CHMod) so that I can check this just to confirm. I did wonder about this, but I am fairly sure that they haven't been changed.

Thanks for your swift reply @.m.

file permissions :
basically folders should be with CHMOD 755 and php files with CHMOD 644

mod_security rules :
check if server error log consists of mod_security instances. if so, rules can be traced through the error log !

(2016-05-12, 01:08 PM).m. Wrote: [ -> ]file permissions :
basically folders should be with CHMOD 755 and php files with CHMOD 644

mod_security rules :
check if server error log consists of mod_security instances. if so, rules can be traced through the error log !

CHMOD has been checked and confirmed to be fine.
We have recently moved host and still have the same issue, and the error log for this new host is empty!
Any ideas? I am at my wits end here.