Tulosta sivu - GoDaddy mod

Otsikko: GoDaddy mod_security
Kirjoitti: Sir Osis of Liver - toukokuu 31, 2016, 04:25:17 IP

Did anyone ever come up with a fix for this?

Fatal error: require_once() [function.require]: Failed opening required '/home/content/43/12872143/html/forum/Sources/Subs-Auth.php' (include_path='.:/usr/local/php5_3/lib/php') in /home/content/43/12872143/html/forum/Sources/Security.php on line 543

Has it been addressed in 2.1?

Otsikko: Re: GoDaddy mod_security
Kirjoitti: Arantor - toukokuu 31, 2016, 04:44:01 IP

How can we resolve "the host removed the file because it tripped a really obscure, hard to diagnose security scan where it uses a function that malicious people use therefore it must be bad" problem?

Otsikko: Re: GoDaddy mod_security
Kirjoitti: Sir Osis of Liver - toukokuu 31, 2016, 05:02:27 IP

Wonder what they're scanning for. File uploads, shows up for a fraction of a second, then disappears. Forum owner will ask GD to disable it, don't know if they will.

Otsikko: Re: GoDaddy mod_security
Kirjoitti: Illori - toukokuu 31, 2016, 05:03:44 IP

if you upload the file with the file manager it will not disappear. we have tried to find out why files go missing but they dont tell us why.

Otsikko: Re: GoDaddy mod_security
Kirjoitti: Sir Osis of Liver - toukokuu 31, 2016, 05:16:41 IP

It's being triggered by this -

Koodi [Valitse]



	$_REQUEST['search'] = $smcFunc['htmlspecialchars']($_REQUEST['search']) . '*';
	$_REQUEST['search'] = trim($smcFunc['strtolower']($_REQUEST['search']));

Otsikko: Re: GoDaddy mod_security
Kirjoitti: Sir Osis of Liver - toukokuu 31, 2016, 05:30:23 IP

Lainaus käyttäjältä: Illori - toukokuu 31, 2016, 05:03:44 IP
if you upload the file with the file manager it will not disappear.

That works, thanks. Forum is running. Must be something specific to ftp server.

Otsikko: Re: GoDaddy mod_security
Kirjoitti: Sir Osis of Liver - kesäkuu 01, 2016, 12:58:36 IP

If you change this -

Koodi [Valitse]



	$_REQUEST['search'] = $smcFunc['htmlspecialchars']($_REQUEST['search']) . '*';
	$_REQUEST['search'] = trim($smcFunc['strtolower']($_REQUEST['search']));

to this -

Koodi [Valitse]



	$_REQUEST['search'] = $smcFunc['htmlspecialchars']($_REQUEST['']) . '*';
	$_REQUEST['search'] = trim($smcFunc['strtolower']($_REQUEST['']));

Subs-Auth.php uploads normally. If you put anything in the brackets in $_REQUEST[''] -

Koodi [Valitse]



	$_REQUEST['search'] = $smcFunc['htmlspecialchars']($_REQUEST['test']) . '*';
	$_REQUEST['search'] = trim($smcFunc['strtolower']($_REQUEST['test']));

it fails.

The third line in that code block -

Koodi [Valitse]



	$_REQUEST['search'] = strtr($_REQUEST['search'], array('%' => '\%', '_' => '\_', '*' => '%', '?' => '_', '&' => '&amp;'));

does not trigger the problem. (https://www.simplemachines.org/community/proxy.php?request=http%3A%2F%2Fwww.thekrashsite.com%2Fpics%2Fidk.gif&hash=9ac7acf13f4cfaa1b58390444a38dea11e5473d2)

Otsikko: Re: GoDaddy mod_security
Kirjoitti: Arantor - kesäkuu 01, 2016, 01:40:45 IP

WTF GoDaddy.

Otsikko: Re: GoDaddy mod_security
Kirjoitti: nend - kesäkuu 01, 2016, 11:59:25 IP

I haven't notice this issue, using SSH.

Otsikko: Re: GoDaddy mod_security
Kirjoitti: vbgamer45 - syyskuu 15, 2019, 09:14:54 IP

Lainaus käyttäjältä: Sir Osis of Liver - kesäkuu 01, 2016, 12:58:36 IP
If you change this -

Koodi [Valitse] Laajenna
$_REQUEST['search'] = $smcFunc['htmlspecialchars']($_REQUEST['search']) . '*'; $_REQUEST['search'] = trim($smcFunc['strtolower']($_REQUEST['search']));

to this -

Koodi [Valitse] Laajenna
$_REQUEST['search'] = $smcFunc['htmlspecialchars']($_REQUEST['']) . '*'; $_REQUEST['search'] = trim($smcFunc['strtolower']($_REQUEST['']));

Subs-Auth.php uploads normally. If you put anything in the brackets in $_REQUEST[''] -

Koodi [Valitse] Laajenna
$_REQUEST['search'] = $smcFunc['htmlspecialchars']($_REQUEST['test']) . '*'; $_REQUEST['search'] = trim($smcFunc['strtolower']($_REQUEST['test']));

it fails.

The third line in that code block -

Koodi [Valitse] Laajenna
$_REQUEST['search'] = strtr($_REQUEST['search'], array('%' => '\%', '_' => '\_', '*' => '%', '?' => '_', '&' => '&'));

does not trigger the problem. (https://www.simplemachines.org/community/proxy.php?request=http%3A%2F%2Fwww.thekrashsite.com%2Fpics%2Fidk.gif&hash=9ac7acf13f4cfaa1b58390444a38dea11e5473d2)

I ended up running into this I changed the code to make it more hidden

Koodi [Valitse]


	eval(base64_decode('JF9SRVFVRVNUWydzZWFyY2gnXSA9ICRzbWNGdW5jWydodG1sc3BlY2lhbGNoYXJzJ10oJF9SRVFVRVNUWydzZWFyY2gnXSkgLiAnKic7CgkkX1JFUVVFU1RbJ3NlYXJjaCddID0gdHJpbSgkc21jRnVuY1snc3RydG9sb3dlciddKCRfUkVRVUVTVFsnc2VhcmNoJ10pKTs='));

Otsikko: Re: GoDaddy mod_security
Kirjoitti: Arantor - syyskuu 16, 2019, 02:32:37 AP

Suspect that will get flagged for looking like malware.

Otsikko: Re: GoDaddy mod_security
Kirjoitti: vbgamer45 - syyskuu 16, 2019, 09:03:23 AP

I did it for one file. Then realized godaddy flagged also
Post.php
PersonalMessage.php
Subs-Auth.php
ModerationCenter.ph
Subs-Post.php
LogInOut.php
Subs-Editor.php
Register.php
Reminder.php

Then wrote a script to upload the file and that works. Seems like they just delete/scan the files on ftp upload..

Otsikko: Re: GoDaddy mod_security
Kirjoitti: Aleksi "Lex" Kilpinen - syyskuu 16, 2019, 11:54:54 AP

Yup, we've seen that alot. And always without exception the solution has been to upload the missing files using another method. Sucks, but that's how it is.

Otsikko: Re: GoDaddy mod_security
Kirjoitti: Sir Osis of Liver - syyskuu 16, 2019, 12:43:51 IP

Most files I've ever seen blocked was an even dozen, but hasn't happened recently. GoDaddy has so many different server configurations, you never know what you're working with (neither do they).

Simple Machines Community Forum

SMF Support => SMF 2.0.x Support => Aiheen aloitti: Sir Osis of Liver - toukokuu 31, 2016, 04:25:17 IP