MyBB Community Forums

I was hesitant to post this on here only because it may or may not be my hosts problem. So I look to you guys for help.

I've been getting A LOT of the "500 Internal Server Error" over the past few weeks. I do the usual thing, send in my support ticket. Eventually my host gets back to me and they say everything seem to be loading OK. Which it wasn't when I submitted the ticket. That's it, no explanation as to why I was down. My crappy hosts response time is horrible but that's another issue. When it is back online the links sometimes take 8-30 seconds to load.

Awhile back I posted this thread. The conclusion of that was somehow my /cache folder was renamed /cache.off and somehow my .htaccess file was missing. Fixed those two issues and everything worked.

But still I'm getting these "500 Internal Server Error" on a daily basis. Eventually my site will be back up, but it will go back down eventually. This is the pattern I have to deal with. I've searched on here and Googled my problem with no success. I believe my problem may lie in my .htaccess file and mod_security. Because I have a few entries in my error log where mod_security pops up.

Quote:[Sun Aug 02 00:18:43 2009] [error] [client 70.170.25.72] ModSecurity: Access denied with code 503 (phase 2). Pattern match "=(http|www|ftp)\\:/(.+)\\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\\x20?\\?" at REQUEST_URI. [file "/dh/apache2/template/etc/mod_sec2/gotroot/50_asl_rootkits.conf"] [line "23"] [id "390144"] [rev "2"] [msg "Command shell attack: Generic Attempt to remote include command shell"] [severity "CRITICAL"] [hostname "ej8squad.com"] [uri "/eyewonder/interim.html"] [unique_id "SnU900t32iwAABkzCkIAAAAB"]
[Sun Aug 02 00:18:46 2009] [error] [client 174.106.6.209] ModSecurity: Access denied with code 503 (phase 2). Pattern match "=(http|www|ftp)\\:/(.+)\\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\\x20?\\?" at REQUEST_URI. [file "/dh/apache2/template/etc/mod_sec2/gotroot/50_asl_rootkits.conf"] [line "23"] [id "390144"] [rev "2"] [msg "Command shell attack: Generic Attempt to remote include command shell"] [severity "CRITICAL"] [hostname "www.ej8squad.com"] [uri "/eyewonder/interim.html"] [unique_id "SnU91kt32iwAABkVBtsAAAAE"]
[Sun Aug 02 00:20:17 2009] [error] [client 70.170.25.72] ModSecurity: Access denied with code 503 (phase 2). Pattern match "=(http|www|ftp)\\:/(.+)\\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\\x20?\\?" at REQUEST_URI. [file "/dh/apache2/template/etc/mod_sec2/gotroot/50_asl_rootkits.conf"] [line "23"] [id "390144"] [rev "2"] [msg "Command shell attack: Generic Attempt to remote include command shell"] [severity "CRITICAL"] [hostname "ej8squad.com"] [uri "/eyewonder/interim.html"] [unique_id "SnU@MUt32iwAABzQEAAAAAAB"]
[Sun Aug 02 00:21:26 2009] [error] [client 70.170.25.72] ModSecurity: Access denied with code 503 (phase 2). Pattern match "=(http|www|ftp)\\:/(.+)\\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\\x20?\\?" at REQUEST_URI. [file "/dh/apache2/template/etc/mod_sec2/gotroot/50_asl_rootkits.conf"] [line "23"] [id "390144"] [rev "2"] [msg "Command shell attack: Generic Attempt to remote include command shell"] [severity "CRITICAL"] [hostname "www.ej8squad.com"] [uri "/eyewonder/interim.html"] [unique_id "SnU@dkt32iwAAClMPWEAAAAH"]
[Sun Aug 02 00:21:40 2009] [error] [client 174.106.6.209] ModSecurity: Access denied with code 503 (phase 2). Pattern match "=(http|www|ftp)\\:/(.+)\\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\\x20?\\?" at REQUEST_URI. [file "/dh/apache2/template/etc/mod_sec2/gotroot/50_asl_rootkits.conf"] [line "23"] [id "390144"] [rev "2"] [msg "Command shell attack: Generic Attempt to remote include command shell"] [severity "CRITICAL"] [hostname "www.ej8squad.com"] [uri "/eyewonder/interim.html"] [unique_id "SnU@hEt32iwAAC5eVvoAAAAA"]
[Sun Aug 02 00:21:50 2009] [error] [client 70.170.25.72] ModSecurity: Access denied with code 503 (phase 2). Pattern match "=(http|www|ftp)\\:/(.+)\\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\\x20?\\?" at REQUEST_URI. [file "/dh/apache2/template/etc/mod_sec2/gotroot/50_asl_rootkits.conf"] [line "23"] [id "390144"] [rev "2"] [msg "Command shell attack: Generic Attempt to remote include command shell"] [severity "CRITICAL"] [hostname "www.ej8squad.com"] [uri "/eyewonder/interim.html"] [unique_id "SnU@jkt32iwAAC50WPgAAAAG"]
[Sun Aug 02 00:23:57 2009] [error] [client 70.170.25.72] ModSecurity: Access denied with code 503 (phase 2). Pattern match "=(http|www|ftp)\\:/(.+)\\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\\x20?\\?" at REQUEST_URI. [file "/dh/apache2/template/etc/mod_sec2/gotroot/50_asl_rootkits.conf"] [line "23"] [id "390144"] [rev "2"] [msg "Command shell attack: Generic Attempt to remote include command shell"] [severity "CRITICAL"] [hostname "www.ej8squad.com"] [uri "/eyewonder/interim.html"] [unique_id "SnU-DUt32iwAADWb1N0AAAAF"]
[Sun Aug 02 00:24:43 2009] [error] [client 98.183.151.252] ModSecurity: Access denied with code 503 (phase 2). Pattern match "=(http|www|ftp)\\:/(.+)\\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\\x20?\\?" at REQUEST_URI. [file "/dh/apache2/template/etc/mod_sec2/gotroot/50_asl_rootkits.conf"] [line "23"] [id "390144"] [rev "2"] [msg "Command shell attack: Generic Attempt to remote include command shell"] [severity "CRITICAL"] [hostname "www.ej8squad.com"] [uri "/eyewonder/interim.html"] [unique_id "SnU-O0t32iwAADl-6uYAAAAH"]
[Sun Aug 02 00:27:16 2009] [error] [client 98.24.155.239] ModSecurity: Access denied with code 503 (phase 2). Pattern match "=(http|www|ftp)\\:/(.+)\\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\\x20?\\?" at REQUEST_URI. [file "/dh/apache2/template/etc/mod_sec2/gotroot/50_asl_rootkits.conf"] [line "23"] [id "390144"] [rev "2"] [msg "Command shell attack: Generic Attempt to remote include command shell"] [severity "CRITICAL"] [hostname "www.ej8squad.com"] [uri "/eyewonder/interim.html"] [unique_id "SnU-1Et32iwAAEkECQ8AAAAB"]

This is all Greek to me. My host said that's just mod_security doing it's job. Which is probably true. Is it a combination of some files within my installation of Mybb and my host that is at fault? I'm looking for help people.

Error log excerpt. I'm getting quite a few "Premature end of script headers:" Again, the logs are Greek but I'm learning as I go.

Quote:[Mon Aug 03 01:18:16 2009] [error] [client 76.120.159.249] File does not exist: /home/dorionus/ej8squad.com/\\"http:, referer: http://www.ej8squad.com/%5C%22http://www...=lostpw%5C
[Mon Aug 03 01:18:16 2009] [error] [client 76.120.159.249] File does not exist: /home/dorionus/ej8squad.com/missing.html, referer: http://www.ej8squad.com/%5C%22http://www...=lostpw%5C
[Mon Aug 03 01:18:16 2009] [error] [client 76.120.159.249] File does not exist: /home/dorionus/ej8squad.com/www.ej8squad.com, referer: http://www.ej8squad.com//www.ej8squad.co...=lostpw%5C
[Mon Aug 03 01:18:16 2009] [error] [client 76.120.159.249] File does not exist: /home/dorionus/ej8squad.com/missing.html, referer: http://www.ej8squad.com//www.ej8squad.co...=lostpw%5C
[Mon Aug 03 01:18:17 2009] [error] [client 76.120.159.249] File does not exist: /home/dorionus/ej8squad.com/\\"http:, referer: http://www.ej8squad.com/%5C%22http://www...=lostpw%5C
[Mon Aug 03 01:18:17 2009] [error] [client 76.120.159.249] File does not exist: /home/dorionus/ej8squad.com/missing.html, referer: http://www.ej8squad.com/%5C%22http://www...=lostpw%5C
[Mon Aug 03 01:18:17 2009] [error] [client 76.120.159.249] File does not exist: /home/dorionus/ej8squad.com/www.ej8squad.com, referer: http://www.ej8squad.com//www.ej8squad.co...=lostpw%5C
[Mon Aug 03 01:18:17 2009] [error] [client 76.120.159.249] File does not exist: /home/dorionus/ej8squad.com/missing.html, referer: http://www.ej8squad.com//www.ej8squad.co...=lostpw%5C
[Mon Aug 03 01:18:18 2009] [error] [client 76.120.159.249] File does not exist: /home/dorionus/ej8squad.com/\\"http:, referer: http://www.ej8squad.com/%5C%22http://www...egister%5C
[Mon Aug 03 01:18:18 2009] [error] [client 76.120.159.249] File does not exist: /home/dorionus/ej8squad.com/missing.html, referer: http://www.ej8squad.com/%5C%22http://www...egister%5C
[Mon Aug 03 01:18:19 2009] [error] [client 76.120.159.249] File does not exist: /home/dorionus/ej8squad.com/www.ej8squad.com, referer: http://www.ej8squad.com//www.ej8squad.co...egister%5C
[Mon Aug 03 01:18:19 2009] [error] [client 76.120.159.249] File does not exist: /home/dorionus/ej8squad.com/missing.html, referer: http://www.ej8squad.com//www.ej8squad.co...egister%5C
[Mon Aug 03 01:46:00 2009] [error] [client 74.129.244.189] File does not exist: /home/dorionus/ej8squad.com/uploads/avatars/avatar_725.jpg, referer: http://www.ej8squad.com/thread-5006.html
[Mon Aug 03 01:46:00 2009] [error] [client 74.129.244.189] File does not exist: /home/dorionus/ej8squad.com/missing.html, referer: http://www.ej8squad.com/thread-5006.html
[Mon Aug 03 04:20:15 2009] [error] [client 70.174.143.136] File does not exist: /home/dorionus/ej8squad.com/(null)
[Mon Aug 03 04:20:15 2009] [error] [client 70.174.143.136] File does not exist: /home/dorionus/ej8squad.com/missing.html
[Mon Aug 03 04:23:26 2009] [error] [client 60.241.76.173] File does not exist: /home/dorionus/ej8squad.com/uploads/avatars/avatar_601.jpg, referer: http://www.ej8squad.com/thread-452-page-18.html
[Mon Aug 03 04:23:26 2009] [error] [client 60.241.76.173] File does not exist: /home/dorionus/ej8squad.com/missing.html, referer: http://www.ej8squad.com/thread-452-page-18.html
[Mon Aug 03 04:40:43 2009] [error] [client 93.91.197.231] Premature end of script headers: showthread.php, referer: http://www.ej8squad.com/forum-14.html
[Mon Aug 03 04:40:43 2009] [error] [client 93.91.197.231] File does not exist: /home/dorionus/ej8squad.com/internal_error.html, referer: http://www.ej8squad.com/forum-14.html
[Mon Aug 03 04:41:24 2009] [error] [client 96.2.116.213] Premature end of script headers: newreply.php, referer: http://www.ej8squad.com/thread-9460.html
[Mon Aug 03 04:41:24 2009] [error] [client 96.2.116.213] File does not exist: /home/dorionus/ej8squad.com/internal_error.html, referer: http://www.ej8squad.com/thread-9460.html
[Mon Aug 03 04:42:48 2009] [error] [client 96.2.116.213] Premature end of script headers: showthread.php, referer: http://www.ej8squad.com/thread-9433.html
[Mon Aug 03 04:42:48 2009] [error] [client 96.2.116.213] File does not exist: /home/dorionus/ej8squad.com/internal_error.html, referer: http://www.ej8squad.com/thread-9433.html
[Mon Aug 03 04:42:52 2009] [error] [client 96.2.116.213] Premature end of script headers: newreply.php, referer: http://www.ej8squad.com/thread-9460.html
[Mon Aug 03 04:42:52 2009] [error] [client 96.2.116.213] File does not exist: /home/dorionus/ej8squad.com/internal_error.html, referer: http://www.ej8squad.com/thread-9460.html
[Mon Aug 03 04:42:57 2009] [error] [client 93.91.197.231] Premature end of script headers: showthread.php
[Mon Aug 03 04:42:57 2009] [error] [client 93.91.197.231] File does not exist: /home/dorionus/ej8squad.com/internal_error.html
[Mon Aug 03 04:43:17 2009] [error] [client 96.2.116.213] Premature end of script headers: showthread.php, referer: http://www.ej8squad.com/thread-8883-page-4.html
[Mon Aug 03 04:43:17 2009] [error] [client 96.2.116.213] File does not exist: /home/dorionus/ej8squad.com/internal_error.html, referer: http://www.ej8squad.com/thread-8883-page-4.html
[Mon Aug 03 05:29:21 2009] [error] [client 98.174.170.252] Premature end of script headers: index.php
[Mon Aug 03 05:29:21 2009] [error] [client 98.174.170.252] File does not exist: /home/dorionus/ej8squad.com/internal_error.html

Oh and before I forget here's my .htaccess file.

Options -MultiViews +FollowSymlinks -Indexes

#
# If mod_security is enabled, attempt to disable it.
# - Note, this will work on the majority of hosts but on
#   MediaTemple, it is known to cause random Internal Server
#   errors. For MediaTemple, please remove the block below
#
<IfModule mod_security.c>
	# Turn off mod_security filtering.
	SecFilterEngine Off

	# The below probably isn't needed, but better safe than sorry.
	SecFilterScanPOST Off
</IfModule>

#
# MyBB "search engine friendly" URL rewrites
# - Note, for these to work with MyBB please make sure you have
#   the setting enabled in the Admin CP and you have this file
#   named .htaccess
#
<IfModule mod_rewrite.c>
	RewriteEngine on
	RewriteRule ^forum-([0-9]+)\.html$ forumdisplay.php?fid=$1 [L,QSA]
	RewriteRule ^forum-([0-9]+)-page-([0-9]+)\.html$ forumdisplay.php?fid=$1&page=$2 [L,QSA]

	RewriteRule ^thread-([0-9]+)\.html$ showthread.php?tid=$1 [L,QSA]
	RewriteRule ^thread-([0-9]+)-page-([0-9]+)\.html$ showthread.php?tid=$1&page=$2 [L,QSA]
	RewriteRule ^thread-([0-9]+)-lastpost\.html$ showthread.php?tid=$1&action=lastpost [L,QSA]
	RewriteRule ^thread-([0-9]+)-nextnewest\.html$ showthread.php?tid=$1&action=nextnewest [L,QSA]
	RewriteRule ^thread-([0-9]+)-nextoldest\.html$ showthread.php?tid=$1&action=nextoldest [L,QSA]
	RewriteRule ^thread-([0-9]+)-newpost\.html$ showthread.php?tid=$1&action=newpost [L,QSA]
	RewriteRule ^thread-([0-9]+)-post-([0-9]+)\.html$ showthread.php?tid=$1&pid=$2 [L,QSA]

	RewriteRule ^post-([0-9]+)\.html$ showthread.php?pid=$1 [L,QSA]

	RewriteRule ^announcement-([0-9]+)\.html$ announcements.php?aid=$1 [L,QSA]

	RewriteRule ^user-([0-9]+)\.html$ member.php?action=profile&uid=$1 [L,QSA]

	RewriteRule ^calendar-([0-9]+)\.html$ calendar.php?calendar=$1 [L,QSA]
	RewriteRule ^calendar-([0-9]+)-year-([0-9]+)\.html$ calendar.php?action=yearview&calendar=$1&year=$2 [L,QSA]
	RewriteRule ^calendar-([0-9]+)-year-([0-9]+)-month-([0-9]+)\.html$ calendar.php?calendar=$1&year=$2&month=$3 [L,QSA]
	RewriteRule ^calendar-([0-9]+)-year-([0-9]+)-month-([0-9]+)-day-([0-9]+)\.html$ calendar.php?action=dayview&calendar=$1&year=$2&month=$3&day=$4 [L,QSA]
	RewriteRule ^calendar-([0-9]+)-week-(n?[0-9]+)\.html$ calendar.php?action=weekview&calendar=$1&week=$2 [L,QSA]

	RewriteRule ^event-([0-9]+)\.html$ calendar.php?action=event&eid=$1 [L,QSA]

	<IfModule mod_env.c>
		SetEnv SEO_SUPPORT 1
	</IfModule>
</IfModule>

#
# If Apache is compiled with built in mod_deflade/GZIP support
# then GZIP Javascript, CSS, HTML and XML so they're sent to
# the client faster.
#
<IfModule mod_deflate.c>
	AddOutputFilterByType DEFLATE application/x-javascript text/css text/html text/xml
</IfModule>

Thanks for taking the time to read all this.

Mod_security isn't very compatible with MyBB so in order to use it without errors you will need to ask your host to whitelist your domain from mod_security. If they don't do that then there's not much you/we can do.

The .htaccess file attempts to disable it but obviously with those errors it didnt work.

My host is useless. They told me to disable "Extra Web Security". Why would I want to disable it? They even recommend that I have it on. Anyway, I did what the idiot tech suggested and still have the flippen Internal Server Error. I've restarted the VPS and uploaded a fresh copy of the .htaccess folder too.

Can anyone recommend a good VPS host with excellent customer support?

---

Just an update if anyone is curious. I finally got a response from someone that wanted to take time to solve my issue. The fix is a work-around but at least I'm back online. Below is the reply I got.

Quote:The issues you were having were not directly related to the mod_security
triggers. There is some strange issue between mod_fcgi and your site.
Error logs for apache were simply giving me "communication error". Trying
to find an exact cause for that proved really difficult, in fact, Im
still not sure what the cause is.

Ultimately, I just threw my hands in the air and disabled fastCGI on your
domain. Once I did so your site popped right up.

If you need anything else, please let me know.

Thanks!
Mike M

I use rosehosting - affordable VPS hosting, and the suport is the best I have ever had in eight plus years of dealing with web hosts.