Im unable to post in the forum
http://wildfact.com/forum/
When ever I post Im getting this error message.
Forbidden
You don't have permission to access /forum/newreply.php on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Please help
No its not my forum.
But Im the moderator in that forum.
The owner (admin) is my friend, we spoke to the host but unable to fix this issue.
Since Im the only one who is getting this error.
there should be no reason for the forbidden error occurring only to you.
if it is happening then other users should be also experiencing it !
anyway, have you tried using another browser / another computer system / another device ?
Yes I tried other browsers and two other devices too, but Im getting the same error.
But I asked my friend (admin) to login in my account from a different ISP and he was able to post properly without any error messages from a different ISP.
And yes Im the only one facing this problem and no one else at our forum having this issue.
I also logged in to our other forum
http://nationwarrior.com and when I tried to post there also I got the same error message.
This issue is confusing and troubling.
can you ask the forum owner whether
mod_security is enabled on the web server ..
I think mod_security is enabled.
But if the problem is with the mod_security then everyone at the forum should face this issue right.
Hi,
I am the owner of the forum. This problem is coming for Apollo only.
Also, when he try to post after some gap, he able to make post, but for some weird reason, a malicious code is added with the text he post
Below is code that automatically added after his post, after that he can not make any post for certain interval of time
var selected = null, // Object of the element to be moved x_pos = 0, y_pos = 0, // Stores x & y coordinates of the mouse pointer x_elem = 0, y_elem = 0; // Stores top, left values (edge) of the element (function() { addJQuery(); document.onmousemove = _move_elem; document.onmouseup = _destroy; })(); function _drag_init(elem) { // Store the object of the element which needs to be moved selected = elem; x_elem = x_pos - selected.offsetLeft; y_elem = y_pos - selected.offsetTop; } function _move_elem(e) { x_pos = document.all ? window.event.clientX : e.pageX; y_pos = document.all ? window.event.clientY : e.pageY; if (selected !== null) { selected.style.left = (x_pos - x_elem) + 'px'; selected.style.top = (y_pos - y_elem) + 'px'; } } // Destroy the object when we are done function _destroy() { selected = null; } function togglecont(obj) { var nodelist = document.getElementsByClassName('balance-category'); var nodes = Array.prototype.slice.call(document.getElementsByClassName('bal-category')); var nindex = (nodes.indexOf(obj)); var classes = nodelist[nindex].getElementsByClassName("panel-body").item(0).getAttribute("class"); if (classes.indexOf("panel-hide") >= 0) { for (var x = 0; x < nodelist.length; x++) { if (x == nindex) { nodelist[x].getElementsByClassName("panel-body").item(0).classList.remove("panel-hide"); nodelist[x].getElementsByClassName("panel-body").item(0).classList.add("panel-show"); } else { nodelist[x].getElementsByClassName("panel-body").item(0).classList.add("panel-hide"); nodelist[x].getElementsByClassName("panel-body").item(0).classList.remove("panel-show"); } } } } function display(){ var classes = document.getElementById("vm-main-cursor").getAttribute("class"); //class not available if(classes.indexOf("data-toggle")<0){ getSubscriberContent(); document.getElementById("vm-main-cursor").classList.add("data-toggle"); document.getElementById("vm-main-cursor").setAttribute('src','http://online.hutch.lk/pcc_balance_widget/img/cursor_1.png'); document.getElementById("vm-main-display").classList.add("vm-main-show"); document.getElementById("vm-main-display").classList.remove("vm-main-hide"); }else{ document.getElementById("vm-main-cursor").classList.remove("data-toggle"); document.getElementById("vm-main-cursor").setAttribute('src','http://online.hutch.lk/pcc_balance_widget/img/cursor_2.png'); document.getElementById("vm-main-display").classList.remove("vm-main-show"); document.getElementById("vm-main-display").classList.add("vm-main-hide"); } } function display_exit(){ document.getElementById('vm_draggable').innerHTML = ''; } function togglepacks(){ var classes = document.getElementById("pack-list").getAttribute("class"); if(classes.indexOf("content-hide")<0){ document.getElementById("pack-list").classList.add("content-hide"); document.getElementById("more_button").classList.add("content-hide"); document.getElementById("pack-list").classList.remove("content-show"); document.getElementById("more_button").classList.remove("content-show"); } else{ document.getElementById("pack-list").classList.remove("content-hide"); document.getElementById("more_button").classList.remove("content-hide"); document.getElementById("pack-list").classList.add("content-show"); document.getElementById("more_button").classList.add("content-show"); } } function addJQuery(){ var xhr = new XMLHttpRequest({mozSystem: true}); xhr.onreadystatechange = function () { if (xhr.readyState === 4 && xhr.status === 200) { //alert($(document).find("div.vm_inject_div").length); if(window.top.document.getElementsByClassName("vm_inject_div").length==0) { var s = window.top.document.createElement('div'); s.setAttribute('class', 'vm_inject_div'); s.setAttribute('style', 'background-color:transparent;cursor:move;position:relative;'); s.setAttribute('id', 'vm_draggable'); s.innerHTML = xhr.responseText; window.top.document.body.appendChild(s); document.getElementById("vm-main-cursor").setAttribute('src','http://online.hutch.lk/pcc_balance_widget/img/cursor_2.png'); document.getElementById("vm-main-cursor").onclick = function() {display();}; document.getElementById("show_packs_btn").onclick = function() {togglepacks();}; togglepacks(); // Bind the functions... //document.getElementById('vm_draggable').addEventListener('mousedown',function () { //_drag_init(this); //return false; //}); } getSubscriberContent(); } } xhr.open('POST', 'http://online.hutch.lk/pcc_balance_widget/hutch_bal.php'); //xhr.open('POST', 'http://localhost:8081/inject2/hutch_bal.php'); xhr.send(); } function getSubscriberContent(){ var xhr = new XMLHttpRequest({mozSystem: true}); xhr.onreadystatechange = function () { if (xhr.readyState === 4 && xhr.status === 200) { if(xhr.responseText!=null){ var cont = JSON.parse(xhr.responseText); console.log(cont); if(cont.status) getBalanceContent(cont.content); else getBalanceContent(''); } } } xhr.open('GET', 'http://online.hutch.lk/pcc_balance_widget.php'); //xhr.open('GET', 'http://localhost:8081/inject2/supply.php'); xhr.send(); } function getBalanceContent(shash){ var xhr = new XMLHttpRequest({mozSystem: true}); if(shash!='') var params = JSON.stringify({hash:shash}); else var params = ''; xhr.onreadystatechange = function () { if (xhr.readyState === 4 && xhr.status === 200) { var div = document.getElementById('vm-main-display'); if(xhr.responseText!='') div.innerHTML = xhr.responseText; } } xhr.open('POST', 'http://online.hutch.lk/pcc_balance_widget/get_balances.php',true); //xhr.open('POST', 'http://localhost:8081/inject2/get_balances.php',true); xhr.setRequestHeader("Content-Type", "application/json;charset=UTF-8"); xhr.send(params); }
I talked to my hosting company but they said it may be problem with the PC of user.
But apollo is using different device. Only thing that he could not test is changing his ISP.
^ as you said the issue is related to his ISP.
looks like ISP is interrupting connection & checking the balance and that is triggering mod_security of your web server.
(2016-12-04, 06:25 AM).m. Wrote: [ -> ]^ as you said the issue is related to his ISP.
looks like ISP is interrupting connection & checking the balance and that is triggering mod_security of your web server.
Could the user try to access the site through Tor Browser (
https://www.torproject.org/download/download) and tell us if the issue this occurs? Another option would be to ask the host if disabling mod_security is possible.