News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Having problems with mod_security?

Started by [Unknown], April 26, 2005, 12:07:59 AM

Previous topic - Next topic

BGonaSTICK

Superb - just about to go and request my host deal with this (they have mod_security installed), but for info, I was (am) getting 403's on the 'next >>' link used for cycling through posts on a board.

Interestingly enough, this was only happening in Firefox (V1.5.0.7, V1.5.0.8 and V2.0 at least). No 'errors' caused on the board, but the logfile was stuffed with them.

I'll try your fix first, but I'm sure this is it.

Thanks a lot as usual.

FNF

I think this is the best place to post a problem I am having.. I and one other person are the only ADMINs on our site, and one Global Mod. Recently, somehow, someone registers on the site, and they somehow are able to send out ADMIN notifications to all users, and they happen to be porn/spam.  >:(

I have deleted their acounts twice now as this has happened on two different occasions..

I have no idea how this could happen. Anyone?

Also, isn't it possible to make a new poster have all new posts to a certain count "authorised" before they are even seen to stop this too?

help! What can I do to stop this security issue?


Jacen

I'd say you have a password security breach.
"I've always found that sticking your fingers in your ears and humming loudly solves a whole slew of problems."

青山 素子

Quote from: FNF on November 27, 2006, 01:53:18 PM
I think this is the best place to post a problem I am having.. I and one other person are the only ADMINs on our site, and one Global Mod. Recently, somehow, someone registers on the site, and they somehow are able to send out ADMIN notifications to all users, and they happen to be porn/spam.  >:(

Are you sure it isn't just a PM notification?
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Bashar

as a host, wouldn't this breach the security and allow users to run banned URLs by mod_security ?

Jacen

Not from what I understand.

Besides, I'm sure you can disable the disabling of mod_security
"I've always found that sticking your fingers in your ears and humming loudly solves a whole slew of problems."

joeyteel

Quote from: Jacen on December 17, 2006, 06:08:00 AM
Not from what I understand.

Besides, I'm sure you can disable the disabling of mod_security

Yes, you can, but unless you compile mod_security to also disable .htaccess modification of rules you can still prevent the rules set in the server config from taking effect unless the host has specified their rules as mandatory and thus can't be disabled by .htaccess files

Jacen

Or the host can ban the disabling of it via their TOS :)
"I've always found that sticking your fingers in your ears and humming loudly solves a whole slew of problems."

Jacen

1) Why do you WANT to be spamed?
2) isn't that off topic?
"I've always found that sticking your fingers in your ears and humming loudly solves a whole slew of problems."

J. Williams

Quote from: Jacen on January 07, 2007, 05:29:03 AM
1) Why do you WANT to be spamed?
2) isn't that off topic?

I've reported it, so it should be dealt with soon :)
Joshua Jon Williams
Back in Action.

Jacen

"I've always found that sticking your fingers in your ears and humming loudly solves a whole slew of problems."

aboutpik


youngspider

i must say thank u very much to the person ...gave that nice Sharing its 100% Work ....

angelamae

#53
I tried this and it still is giving me issues when i try to copy/paste text into a thread.. :(

how can i get it to not???

Oldiesmann

If the fix didn't work, complain to your host and ask them to disable that feature. If they won't listen to you, find a better host.
Michael Eshom
Christian Metal Fans

crud3w4re

hmm anyone using hostgator? I just signed up with them, are they doing this?
www.anoniche.com
Join my site ...please :)

LiroyvH

Hi crud3w4re,

First of all,
Beware of hostgator, they are a massive overseller,
if may happen that you get in trouble if your community ever grows big.

If you want to check if mod security is enabled,
put this in a php file (for example, phpinfo.php) and upload it to your site with them:

<?php
phpinfo();
?>

Just open the file from your browser and you will see all the functions enabled,
just do a search with your browser on that page for "mod_security" and if it gives you results, then yes, they have it enabled.


Yours,
- Liroy
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

crud3w4re

So .. Are you saying that if my site gets big, they'll kill the site?
www.anoniche.com
Join my site ...please :)

LiroyvH

I'm not saying they will do it,
i'm just saying chances that that happends are quite large :)
They offer impossible things...
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

MOH: Rising Sun Master

NOTE TO KXUK HOSTING USERS:

     If you are having a problem with mod_security, email me at [email protected] and I shall fix you up o.O

Advertisement: