MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.4 > MyBB 1.4 General Support > mod_security again
Full Version: mod_security again
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4

Burn

2008-11-13, 07:07 AM
Hi,

I'm a victim of mod_security2 Blush

PHP Version 5.2.6
Apache 2

I have performed all steps in the MyBB Wiki Help:Mod security

The error I receive:
Quote:Forbidden

You don't have permission to access /mybb/admin/index.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

This happens only on links ending with; /something:

mydomain.com/mybb/admin/index.php?module=home/version_check

After 2.5 days my host replies:
Quote:Hi

Please contact the developers/programmers of your script/module as it is a SECURITY Breach/issue and that is why you're getting errors.

This means that your script is open to attacks/exploits and must be "PATCHED" immediately by developer/programmer to resolve bugs or security holes and then itw ill run fine.

Any suggestions on what to tell them next? I'm not very interested in changing hosts. I have many websites and it's just over a year since last move.

Thanks

Burn

Matt

2008-11-13, 08:49 AM
It's nothing to do with MyBB, they have to disable it.

Tomm M

2008-11-13, 08:58 AM
Tell your hosts to stop being preposterous Toungue

There isn't any security issues with MyBB writing the URL in this way - it just matches mod_security's protocol. The only way around it is to ask your host to whitelist your domain against mod_security, and if they refuse, tell them that you agree that any implications will be your fault.

If they refuse totally, then I suggest you find a host that is more willing to give you a better service.

Smile

Matt

2008-11-13, 09:03 AM
Who do you host with??

Burn

2008-11-13, 09:26 AM
Hi Matt,

Thanks for your answer. My host is Cirtexhosting at cirtexhosting.com.

Burn

Matt

2008-11-13, 09:31 AM
Well that looks like a very professional service... message them again and just ask them to remove it, and if they don't, I would highly recommend you change hosts. I can help you out with that if it comes to it, drop me a PM.

Tomm M

2008-11-13, 10:17 AM
(2008-11-13, 09:31 AM)Matt_ Wrote: [ -> ]... message them again and just ask them to remove it...

They won't remove it as it protects their servers from a lot of problems...

As mentioned, ask them to whitelist your domain against mod_security. This fixes most of these problems - and all the hosts I've dealt with are happy to do it...

Matt

2008-11-13, 10:17 AM
Well, that's what I meant Toungue

Burn

2008-11-13, 10:34 AM
(2008-11-13, 10:17 AM)Tom.M Wrote: [ -> ]As mentioned, ask them to whitelist your domain against mod_security. This fixes most of these problems - and all the hosts I've dealt with are happy to do it...

I already did and the result is in my first post.

I'm not sure if they read all info i provided,so I'll try to talk to them again.

Burn

Dennis Tsang

2008-11-13, 06:31 PM
Please try this: upload to admin/index.php.

This should change the module separator from / to @, which hopefully works with mod_security. This is untested so some things may break (esp. with form submissions, I haven't been able to test everything).
Pages: 1 2 3 4
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.4 > MyBB 1.4 General Support > mod_security again