• Welcome to Simple Machines Community Forum. Please login or sign up.
December 06, 2021, 01:57:27 PM

News:

SMF 2.0.18 has been released! Please update. Read more.


500 server errors and MariaDB, Need some ideas

Started by Dena, June 02, 2020, 07:51:51 PM

Previous topic - Next topic

Dena

We were getting 500 server errors and after a fair amount to effort, my partner tracked it down to posting "select from" would cause the error. You can have any number of characters before the text and any number of characters between the two words. As long as the text contains those two words in that order, a crash is a sure thing and can be produced on command. We are aware that this is part of the MySQL language and in a dynamic website could indicate SQL injection.

We have two real options. Pack up and find another server in which case we get a refund on the advance payment or go to the second level of support which is $250 and hour. They have the bet policy where as if the failure is in your software, you pay for the fix. If it's in their software, they fix it free of charge. At this point we would like to make bleep sure that this isn't a problem in Simple Machines before we take it up with the site provider.

Back side information. No we were not aware that there were two databases when we purchased the site and the support person we were talking to thought it was MySQL. Even the site interface indicates MySQL in most places and only one location (the cPannel) says MariaDB. In other words, everybody was given a snow job. I have searched this site and know more about MariaDB. I am aware it may not be fully compatible with Simple Machines. My MAC has a test machine with the real MySQL and it doesn't have an issue. I looked at putting MariaDB on my MAC but there isn't an out of the box install. It can be done but it take a lot of games to make it work and I would prefer not to go there.

Any thoughts you might have on the problem would be appreciated and if this indicates an issue in Simple Machines, that would also be helpful. We would like to make a decision on this soon as we are currently a very small site and three members have already encountered this issue.

LiroyvH

If you post the words "select from", that generates a 500? Is the machine running mod_security by any chance? If so, deliberately cause the error a few times and then have a look at its (audit) logs and see what triggers it. Fix or disable the rule responsible for it and should be problem solved.

Also, MariaDB appears as mySQL in many places. Even on the command line. That's normal.
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Dena

I am not sure what mod_security is so we probably aren't unless it's something that defaults on. As for the logs, the simple machine logs are clean (2.0.17) and while we don't have access to the system console, the support person did and said they were clean as well.

vbgamer45

Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

LiroyvH

No, I meant mod_security logs if it's installed on the server. It's a server-side module, not a mod for SMF.
Hard to give any advice if you don't know the server configuration.

Either way, this isn't something SMF would do by itself. I also doubt any mod would, but which ones are you using? In the end it's your own responsibility and choice though.

Truth be told, if it's gambling on $250 whilst it is "a very small site": that sounds like more than what a full year worth of hosting would typically cost, lol. Maybe even a multitude depending on how small. As such, I'd probably move. Issue gone? Well, guess it was on their end after all. Still there? Well, start analysing. Why would you gamble $250 whilst moving is way cheaper and instantly reveals where the problem was as well without the risk of losing 250? (And since you don't know the server config there's no way for you to verify anything either.) But maybe ask them if they're running mod_security (or something similar) first. It sounds like a security system interfering with your site. But nobody can give you a guarantee without the details. (And not even with them, but then at least an educated guess could be made.)
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Dena

I figured it wasn't a mod however the user interface contains some feature I would expect to be accessed from the system console. I thought access to it could be called something else so this could be a question to ask the next time we talk with support.

We have the rather standard requirement of being able to have email addresses verified at signup time and add to the list MySQL (the real one). Strangely enough, over time we might require a rather large database. It also helps to have the ability to forward email because privacy is somewhat of an issue on the site. Some of those things don't come on a bottom end site but that's a decision for latter.

As for the current mod list.
Currently installed mods

Members Only BBC
Activity in Profile
PostLimit
Copyright and Footer Links
Buddies With Me (aka Followers)
AJAX Recent Topics - important mod for our members
Minimum Characters to Count Post
Member Color
SimpleTickers
Buddies Block
@mention members
Users Online Today
Custom Report Mod - hate moderating a site without it.
Bookmarks

Loaded but not active pending resolution of the problem

Tapatalk SMF 2.0 Plugin
Simple Audio Video Embedder
AdditionalMembergroups
Ultimate Menu

Loaded but will probably remove as the honey pot contains people who shouldn't be in it so it can't be trusted.

Stop Spammer

Kindred

It is definitely mod_security on the server.

Also, holy smokes...   I pay $72 a year for hosting and have free support that has solved every problem I have had in the last 12 years!!  And over that time, I have never had a ticket open longer than 30 minutes!
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.<br /><br />"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Dena

I have been asked to find out who your hosting company is. It's very tempting if they can provide all the features that we need.

Kindred

I use a company called ICDSoft.

and WOW, they currently have a major sale going on!!

https://www.icdsoft.com/
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.<br /><br />"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Dena

And we have another win for SMF community support. It turned out that mod_security is a default install on their servers. The first line support wasn't aware of this but had sufficient doubt after we explained things that he contacted a system administrator for the servers. We reproduced the error while a trace was in place and then the fix was installed. The following is the message from the administrator.

QuoteI whitelisted rules 300014-300016 in modsec. They very commonly cause false positives.

After the fix was installed, we repeated the test and the data was posted without tissues. Fix time was under 10 minutes and no charge for the fix as it was on their side. Now if we could just charge them for all the time we spent figuring out where the problem was.

Thank you to all who contributed to uncovering the problem. It would have taken a good deal longer to figure this one out without your assistance.

Kindred

just so you know, you are likely going to get other stupid responses form mod_security as well (we recommend that it be turned OFF on servers - SMF does a very good job of its own security)

for example, if I said "I live in middlesex county" in many cases, mod_security might flag that and other unintuitive combinatons of letters that are something normal, but could be considered spam in other contexts
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.<br /><br />"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Dena

I suspected as much and have informed our users to watch out for other squirrels that may turn up. We asked for it to be turned off but that wasn't done. I suspect part of the problem is because we the person we were talking to was texting the administrator and text is the last way I would communicate something complicated. I worked in programming and support on the side for many years so I have seen how badly even simple instructions get mangled. I prefer face to face, then phone, next email and the very last is text.

At least the next time it happens, I will know what the problem is and the only people who I will bother will be server support. I probably should do more reading on mod_security so next time this comes up, I can tell them exactly what I want.

Advertisement: