Solved: 8 Years, 8 Months, 2 Weeks ago mod_security again
#1
Solved: 8 Years, 8 Months, 2 Weeks ago
Hi,

I'm a victim of mod_security2 Blush

PHP Version 5.2.6
Apache 2

I have performed all steps in the MyBB Wiki Help:Mod security

The error I receive:
Quote:Forbidden

You don't have permission to access /mybb/admin/index.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

This happens only on links ending with; /something:

mydomain.com/mybb/admin/index.php?module=home/version_check

After 2.5 days my host replies:
Quote:Hi

Please contact the developers/programmers of your script/module as it is a SECURITY Breach/issue and that is why you're getting errors.

This means that your script is open to attacks/exploits and must be "PATCHED" immediately by developer/programmer to resolve bugs or security holes and then itw ill run fine.

Any suggestions on what to tell them next? I'm not very interested in changing hosts. I have many websites and it's just over a year since last move.

Thanks

Burn
#2
Solved: 8 Years, 8 Months, 2 Weeks ago
It's nothing to do with MyBB, they have to disable it.
MyReactions - All Plugins

Can you still feel the butterflies?

Free never tasted like pudding.
#3
Solved: 8 Years, 8 Months, 2 Weeks ago
Tell your hosts to stop being preposterous Toungue

There isn't any security issues with MyBB writing the URL in this way - it just matches mod_security's protocol. The only way around it is to ask your host to whitelist your domain against mod_security, and if they refuse, tell them that you agree that any implications will be your fault.

If they refuse totally, then I suggest you find a host that is more willing to give you a better service.

Smile
#4
Solved: 8 Years, 8 Months, 2 Weeks ago
Who do you host with??
MyReactions - All Plugins

Can you still feel the butterflies?

Free never tasted like pudding.
#5
Solved: 8 Years, 8 Months, 2 Weeks ago
Hi Matt,

Thanks for your answer. My host is Cirtexhosting at cirtexhosting.com.

Burn
#6
Solved: 8 Years, 8 Months, 2 Weeks ago
Well that looks like a very professional service... message them again and just ask them to remove it, and if they don't, I would highly recommend you change hosts. I can help you out with that if it comes to it, drop me a PM.
MyReactions - All Plugins

Can you still feel the butterflies?

Free never tasted like pudding.
#7
Solved: 8 Years, 8 Months, 2 Weeks ago
(11-13-2008, 09:31 AM)Matt_ Wrote: ... message them again and just ask them to remove it...

They won't remove it as it protects their servers from a lot of problems...

As mentioned, ask them to whitelist your domain against mod_security. This fixes most of these problems - and all the hosts I've dealt with are happy to do it...
#8
Solved: 8 Years, 8 Months, 2 Weeks ago
Well, that's what I meant Toungue
MyReactions - All Plugins

Can you still feel the butterflies?

Free never tasted like pudding.
#9
Solved: 8 Years, 8 Months, 2 Weeks ago
(11-13-2008, 10:17 AM)Tom.M Wrote: As mentioned, ask them to whitelist your domain against mod_security. This fixes most of these problems - and all the hosts I've dealt with are happy to do it...

I already did and the result is in my first post.

I'm not sure if they read all info i provided,so I'll try to talk to them again.

Burn
#10
Solved: 8 Years, 8 Months, 2 Weeks ago
Please try this: upload to admin/index.php.

This should change the module separator from / to @, which hopefully works with mod_security. This is untested so some things may break (esp. with form submissions, I haven't been able to test everything).


Attached Files
.php   index.php (Size: 10.87 KB / Downloads: 116)
Dennis Tsang
Former MyBB Team Member
Web: http://dennistt.net


Forum Jump:


Users browsing this thread: 1 Guest(s)