Can't post anything: "The connection was reset"

Started by backend, July 23, 2014, 11:11:52 AM

Previous topic - Next topic

backend

So I was in Vegas from July 17-22. I didn't have time to do any posting while there. Today I logged in and noticed there was no posts made since July 17! I didn't think anything of it. But then when I tried to post something, I got the following error message in my Firefox browser (and other browsers):


"The connection was reset

The connection to the server was reset while the page was loading."


I even tried my my phone on a wap version of the forum, but still nothing.


I never made any changes to the website or the forum.

In fact, I even tried to login from using another user name and that too failed. Basically anything that involves submitting a form (posting, logging in, searching etc.) you won't be able to.

I have my site hosted on GoDaddy and I noticed they no longer have the option to submit support ticket, so I have had to call them and I was on hold for half an hour and I just gave up and decided to call them later.



What can cause this? the forum is fully browsable (assyrianvoice-dot-net-slash-forum) but just can't post of course.

Please help!


kat

Godaddy are quite famous, for this. Chances are, they've changed something, in the configuration.

Possibly, mod_sec.

Best to have a natter, with them, first. :)

backend

Quote from: K@ on July 23, 2014, 11:19:54 AM
Godaddy are quite famous, for this. Chances are, they've changed something, in the configuration.

Possibly, mod_sec.

Best to have a natter, with them, first. :)

Thanks a lot for the reply!  Any idea what the ideal setting for 'mod_sec' should be?

Mmm interesting and frustrating that this would coincidentally happen on the day I leave (and no user bothered to email and let me know the forum is down) - at least it didn't ruin my Vegas vacation :)

Since this is a hosted site on a shared server, I hope they won't mind changing the setting to make my forum workable again.

Ninja ZX-10RR

mod_security should be just turned off ;) they usually do it if you ask them kindly AFAIK :)
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.

♥ Jess ♥

STOP EDITING MY PROFILE

backend

I am speaking to them right now and he can't figure out what the problem is. He is probably going to escalate it to his advanced team.

Actually, he thinks it is due to my DB being large size (about 975 MB) but I don't think that should be an issue. 975 MB is not a big deal compared to some other DBs I have seen that are 10x as big and also being hosted on shared hosting.


kat

Godaddy are weird, with mod_sec. They're notorious for having it set quite harshly and they refuse to change it.

To show you how silly it is, it'll freak at the word "Essex", coz it contains the letters "SE, "E" and "X", in that order.

It should be banned, itself, methinks.

backend

GoDaddy has opened an incident ticket to look into this, but I was looking at my error file and I found the following:

"Access denied with connection close (phase 2). 1 [file "/web/httpd2/modsecurity.d/activated_rules/modsecurity_gd_07_post_guardian.conf"] [line "36"] [id "10725"] [msg "BLOCKED - PHP Script hidden as a GIF - Pattern 1 - Location: file"] [hostname "www.sitename.net"] [uri "/forum/index.php"] [unique_id "U8-FCESy-gEAAAcyda0AAABF"]"


does this ring a bell or mean anything to anyone please?

Illori

try asking them to disable mod_security... good luck getting it done.

kat

Yeah, that kinda confirms my thoughts. (Yay me!) ;)

Good luck, coz I have a feeling you're gonna need it, with Nodaddy.

Ninja ZX-10RR

Ehi you two! :)
Quote from: Flavio93Zena on July 23, 2014, 11:47:44 AM
mod_security should be just turned off ;)
I had said that already :P ninja'd :3

Quote from: K@ on July 24, 2014, 04:59:48 PM
Nodaddy.
I am 100% sure that that is not a typo XD
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.

♥ Jess ♥

STOP EDITING MY PROFILE

kat

It was more polite than what I was thinking... :)

Chalky

In case it helps that's an error I was seeing every five minutes when I was hosted with GoDaddy.  Since I moved my site to CoreISP I haven't seen it once  :)

backend

Godaddy has responded and is telling me that there is malware in my website and that they can't help! I don't know if I believe that. I searched my site using multiple security sites but nothing is found.

Again, this is the error I am getting and I would really appreciate if anyone can help:

"ModSecurity: Access denied with connection close (phase 2). 1 [file "/web/httpd2/modsecurity.d/activated_rules/modsecurity_gd_07_post_guardian.conf"] [line "36"] [id "10725"] [msg "BLOCKED - PHP Script hidden as a GIF - Pattern 1 - Location: file"] [hostname "www.assyrianvoice.net"] [uri "/forum/index.php"] [unique_id "U9JVykSy-gEAAA410XcAAAAD"]"

I have responded to them already and asked them to look into this again. I am really frustrated, my 10+ years forum is now down for over a week, for the first time ever.

Arantor

It would really help if they could be clear about what exactly has tripped that rule :(

backend

The funny thing is, in my error log, I see that same error for another section on my website (it is a simple BB software, not SMF)

[Fri Jul 25 06:04:20 2014] [error] [client xx xxx xxx xxx] ModSecurity: Access denied with connection close (phase 2). 1 [file "/web/httpd2/modsecurity.d/activated_rules/modsecurity_gd_07_post_guardian.conf"] [line "25"] [id "10710"] [msg "BLOCKED - Known Template(cached)"] [hostname "www.xxxxxxxx.net"] [uri "/mb/mboard.php"] [unique_id "U9JV00Sy-gEAAC86SsIAAAB1"]


but when I go to that section mentioned above, I don't have a problem like with SMF and can use it fine.

Arantor

At least we know it's mod_security at fault, which is something. I'd love to know what rule is being flouted since the description doesn't really make sense to me.

backend

Ok, here is their email to me. They are actually faulting my home page (index.php) for the malware!

--------------------------------------------------------------
In regard to the inability to access and/or view the assyrianvoice.net website, upon additional review, our hosting administrators have determined a PHP script has been embedded as a GIF file on the home page of the website.  As such, and due to the potential malicious nature of such coding, this is preventing access to the content.  You may review the following information which regard to potential malware.

Malware is short for malicious software. It's a catch-all term that describes harmful applications or other malicious code such as adware, spyware, trojan horses, worms or viruses.

Malware comes in many forms, from an unwanted ad reappearing on your site to an executable file that infects visitors who click on it. Telltale signs that your site is infected can include unexplained ads, links or pop-ups, but some malware can have no noticeable effects at all.

Your best defenses against malware are staying current with third-party application patches and using strong server passwords. When checking for the presence of malware, be sure to check the code residing on your server and not your backup files. Always use a virtual machine for verification to avoid infecting your own computer.

We cannot assist you with removing malware from your server. Consider taking your site down immediately to prevent infecting visitors, and take action quickly to identify/remove it.



Identifying Malware



If you think you're having an issue with malware, change passwords that would be affected such as FTP or database passwords. Then use these guidelines to identify the problem.

............................................................




see problem is, I don't even know if they are talking about the same issue I am having! I told them I have a problem with my forum, and they write back saying I have malware in my home page which is preventing me from accessing the content. I am able to access all content with no problem. The only thing I can't do is post/login/search my SMF forums. Period!

I already replied to them to let them know that they may not be looking at the right problem here.

backend

I already checked my home page and don't see anything wrong with it, but if someone is willing to take a look at it further, I will gladly post it here.

Thanks,

Arantor

That's awfully vague. Specifics from the host would be appreciated.

backend

I just called them to get an update/escalation on my ticket and the wait time was close to 20+ minutes. Been with them for over a decade and noticed their wait times have never been as long as they have been in the last few days.

Advertisement: