Advertisement:

Author Topic: Having problems with mod_security?  (Read 317532 times)

Offline BGonaSTICK

  • Semi-Newbie
  • *
  • Posts: 16
Re: Having problems with mod_security?
« Reply #40 on: November 09, 2006, 07:20:57 AM »
Superb - just about to go and request my host deal with this (they have mod_security installed), but for info, I was (am) getting 403's on the 'next >>' link used for cycling through posts on a board.

Interestingly enough, this was only happening in Firefox (V1.5.0.7, V1.5.0.8 and V2.0 at least). No 'errors' caused on the board, but the logfile was stuffed with them.

I'll try your fix first, but I'm sure this is it.

Thanks a lot as usual.

Offline FNF

  • Newbie
  • *
  • Posts: 2
Re: Having problems with mod_security?
« Reply #41 on: November 27, 2006, 01:53:18 PM »
I think this is the best place to post a problem I am having.. I and one other person are the only ADMINs on our site, and one Global Mod. Recently, somehow, someone registers on the site, and they somehow are able to send out ADMIN notifications to all users, and they happen to be porn/spam.  >:(

I have deleted their acounts twice now as this has happened on two different occasions..

I have no idea how this could happen. Anyone?

Also, isn't it possible to make a new poster have all new posts to a certain count "authorised" before they are even seen to stop this too?

help! What can I do to stop this security issue?


Offline Jacen

  • Jr. Member
  • **
  • Posts: 375
  • Gender: Male
Re: Having problems with mod_security?
« Reply #42 on: November 28, 2006, 06:12:42 AM »
I'd say you have a password security breach.
"I've always found that sticking your fingers in your ears and humming loudly solves a whole slew of problems."

Offline 青山 素子

  • Server Team
  • SMF Super Hero
  • *
  • Posts: 17,036
  • 戦場ヶ原、蕩れ!
    • srvrguy on GitHub
    • @motokochan on Twitter
    • Nekomusume Moe
Re: Having problems with mod_security?
« Reply #43 on: November 28, 2006, 12:34:33 PM »
I think this is the best place to post a problem I am having.. I and one other person are the only ADMINs on our site, and one Global Mod. Recently, somehow, someone registers on the site, and they somehow are able to send out ADMIN notifications to all users, and they happen to be porn/spam.  >:(

Are you sure it isn't just a PM notification?
Motoko-chan
Director, Simple Machines

Just because it's pouring down doesn't mean we're gonna drown. There's a time when all you can say is let it rain - Mat Kearney (Let It Rain)

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Offline Bashar

  • Newbie
  • *
  • Posts: 7
  • Gender: Male
    • KuwaitNET Internet Services
Re: Having problems with mod_security?
« Reply #44 on: December 17, 2006, 05:44:47 AM »
as a host, wouldn't this breach the security and allow users to run banned URLs by mod_security ?

Offline Jacen

  • Jr. Member
  • **
  • Posts: 375
  • Gender: Male
Re: Having problems with mod_security?
« Reply #45 on: December 17, 2006, 06:08:00 AM »
Not from what I understand.

Besides, I'm sure you can disable the disabling of mod_security
"I've always found that sticking your fingers in your ears and humming loudly solves a whole slew of problems."

Offline joeyteel

  • Newbie
  • *
  • Posts: 4
Re: Having problems with mod_security?
« Reply #46 on: December 23, 2006, 02:38:41 PM »
Not from what I understand.

Besides, I'm sure you can disable the disabling of mod_security

Yes, you can, but unless you compile mod_security to also disable .htaccess modification of rules you can still prevent the rules set in the server config from taking effect unless the host has specified their rules as mandatory and thus can't be disabled by .htaccess files

Offline Jacen

  • Jr. Member
  • **
  • Posts: 375
  • Gender: Male
Re: Having problems with mod_security?
« Reply #47 on: December 24, 2006, 05:00:20 PM »
Or the host can ban the disabling of it via their TOS :)
"I've always found that sticking your fingers in your ears and humming loudly solves a whole slew of problems."

Offline Jacen

  • Jr. Member
  • **
  • Posts: 375
  • Gender: Male
Re: Having problems with mod_security?
« Reply #48 on: January 07, 2007, 05:29:03 AM »
1) Why do you WANT to be spamed?
2) isn't that off topic?
"I've always found that sticking your fingers in your ears and humming loudly solves a whole slew of problems."

Offline J. Williams

  • SMF Hero
  • ******
  • Posts: 1,535
  • Gender: Male
  • Don't ask me what DiCB stands for!
    • ByMoi
Re: Having problems with mod_security?
« Reply #49 on: January 07, 2007, 05:29:37 AM »
1) Why do you WANT to be spamed?
2) isn't that off topic?

I've reported it, so it should be dealt with soon :)
Joshua Jon Williams
Back in Action.

Offline Jacen

  • Jr. Member
  • **
  • Posts: 375
  • Gender: Male
Re: Having problems with mod_security?
« Reply #50 on: January 07, 2007, 05:47:44 AM »
Now why didn't I think of that? :P
"I've always found that sticking your fingers in your ears and humming loudly solves a whole slew of problems."

Offline aboutpik

  • Newbie
  • *
  • Posts: 3
Re: Having problems with mod_security?
« Reply #51 on: January 08, 2007, 03:35:26 PM »
Thanks a lot,pal! it works! ;D

Offline youngspider

  • Semi-Newbie
  • *
  • Posts: 98
  • Gender: Male
    • sara jahan hamara
Re: Having problems with mod_security?
« Reply #52 on: January 17, 2007, 03:14:03 PM »
i must say thank u very much to the person ...gave that nice Sharing its 100% Work ....

Offline angelamae

  • Semi-Newbie
  • *
  • Posts: 12
Re: Having problems with mod_security?
« Reply #53 on: February 07, 2007, 12:49:33 AM »
I tried this and it still is giving me issues when i try to copy/paste text into a thread.. :(

how can i get it to not???
« Last Edit: February 07, 2007, 12:51:52 AM by angelamae »

Offline Oldiesmann

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 24,817
  • Gender: Male
  • Ask me about the function DB :)
    • oldiesmann on Facebook
    • Oldiesmann on GitHub
    • http://www.linkedin.com/in/michaeleshom on LinkedIn
    • @oldiesmann on Twitter
    • Archie Comics Fan Forum
Re: Having problems with mod_security?
« Reply #54 on: February 09, 2007, 07:32:06 PM »
If the fix didn't work, complain to your host and ask them to disable that feature. If they won't listen to you, find a better host.
Michael Eshom
Webmaster / SMF Lead Developer
oldiesmann@simplemachines.org

Offline crud3w4re

  • Semi-Newbie
  • *
  • Posts: 80
Re: Having problems with mod_security?
« Reply #55 on: February 11, 2007, 06:08:02 PM »
hmm anyone using hostgator? I just signed up with them, are they doing this?
www.anoniche.com
Join my site ...please :)

Offline CoreISP

  • Server Admin
  • Server Team
  • SMF Super Hero
  • *
  • Posts: 17,355
  • Gender: Male
  • CoreISP.net
    • liroyvh on LinkedIn
    • @liroyvh on Twitter
    • CoreISP Corporation :: WebHosting, Dedicated Servers, and more!
Re: Having problems with mod_security?
« Reply #56 on: February 12, 2007, 06:52:48 AM »
Hi crud3w4re,

First of all,
Beware of hostgator, they are a massive overseller,
if may happen that you get in trouble if your community ever grows big.

If you want to check if mod security is enabled,
put this in a php file (for example, phpinfo.php) and upload it to your site with them:

<?php
phpinfo();
?>

Just open the file from your browser and you will see all the functions enabled,
just do a search with your browser on that page for "mod_security" and if it gives you results, then yes, they have it enabled.


Yours,
- Liroy
 
- CoreISP.net Corporation -
  WebHosting, Colocation, Domain Registration & Network Services
- DedicatedBox.us Servers -
  Low priced Servers in a high-quality Network, the place for all your (advanced) server needs.
  We specialize in hosting big boards. Contact us!

((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Offline crud3w4re

  • Semi-Newbie
  • *
  • Posts: 80
Re: Having problems with mod_security?
« Reply #57 on: February 13, 2007, 07:11:19 AM »
So .. Are you saying that if my site gets big, they'll kill the site?
www.anoniche.com
Join my site ...please :)

Offline CoreISP

  • Server Admin
  • Server Team
  • SMF Super Hero
  • *
  • Posts: 17,355
  • Gender: Male
  • CoreISP.net
    • liroyvh on LinkedIn
    • @liroyvh on Twitter
    • CoreISP Corporation :: WebHosting, Dedicated Servers, and more!
Re: Having problems with mod_security?
« Reply #58 on: February 13, 2007, 07:22:39 AM »
I'm not saying they will do it,
i'm just saying chances that that happends are quite large :)
They offer impossible things...
- CoreISP.net Corporation -
  WebHosting, Colocation, Domain Registration & Network Services
- DedicatedBox.us Servers -
  Low priced Servers in a high-quality Network, the place for all your (advanced) server needs.
  We specialize in hosting big boards. Contact us!

((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Offline MOH: Rising Sun Master

  • Semi-Newbie
  • *
  • Posts: 53
  • Gender: Male
  • I'm cool.
Re: Having problems with mod_security?
« Reply #59 on: February 13, 2007, 12:16:26 PM »
NOTE TO KXUK HOSTING USERS:

     If you are having a problem with mod_security, email me at Wildfire@kxuk.net and I shall fix you up o.O