Your attachment has failed security checks and cannot be uploaded

Started by 28ten, January 23, 2011, 03:16:31 PM

Previous topic - Next topic
Print
Go Down Pages1 2 All
User actions

28ten

January 23, 2011, 03:16:31 PM
In the last week I changed servers and upgraded to RC4, now when users try to upload larger images (500kb+) I get the error message  'Your attachment has failed security checks and cannot be uploaded. Please consult the forum administrator.' does anybody have any idea what might be causing the problem?

Thank you

busterone

#1
January 23, 2011, 03:28:55 PM
Look in Admin- Forum - Attachments and Avatars- attachment settings

28ten

#2
January 23, 2011, 03:38:03 PM
As a test I have increased the maximum attachment size to 3000 kb and I still get the message, and none of the settings have changed since RC3
the only other mention I could find was this thread http://www.simplemachines.org/community/index.php?topic=414348.0  which leads me to think its a memory issue?

busterone

#3
January 23, 2011, 03:43:43 PM
Most likely you are right.  Try the suggestions from that topic, or contact your host.

28ten

#4
January 23, 2011, 05:14:52 PM
I cant change the php.ini (in on share hosting) it is set to 128M, should I be setting the subs_graphics.php to this value?

busterone

#5
January 23, 2011, 05:49:57 PM
It would be best to ask your host about the limit.

tesser

#6
January 23, 2011, 07:42:13 PM
The issue is security checks not file size

goto

ADMIN > Attachments and Avatars > Attachments settings  and untick  the below


The extensive security checks can result in a large number of rejected attachments.
HelpPerform extensive security checks on uploaded image attachments

28ten

#7
January 24, 2011, 04:21:34 AM
Quote from: tesser on January 23, 2011, 07:42:13 PM
The issue is security checks not file size

goto

ADMIN > Attachments and Avatars > Attachments settings  and untick  the below


The extensive security checks can result in a large number of rejected attachments.
HelpPerform extensive security checks on uploaded image attachments

Thanks, I tried it before and I have it unticked but still getting the same message. I have taken all limits off, these are my settings

Arantor

#8
January 24, 2011, 04:22:36 AM
I think you'll find there are certain minimal checks which are carried out regardless.

28ten

#9
January 24, 2011, 04:35:19 AM
This is my hosts php.ini, im on shared hosting so I cant change anything, but it might help with a diagnosis
I have hit a wall with this as I am over my knowledge limit  :)

Arantor

#10
January 24, 2011, 04:36:01 AM
Quote from: Arantor on January 24, 2011, 04:22:36 AM
I think you'll find there are certain minimal checks which are carried out regardless.

As in, no amount of configuration change in php.ini will do anything. SMF carries out certain checks regardless as far as I know.

28ten

#11
January 24, 2011, 05:10:20 AM
I seem to have hit a wall with this, im not quite sure what to try next?

Arantor

#12
January 24, 2011, 05:29:44 AM
Well, there's not really a lot you CAN do, that's my point!

For some reason there's an issue with the file you're trying to upload containing things that the system deems unsafe. And short of removing the checks entirely I don't think you CAN do anything...

28ten

#13
January 24, 2011, 06:10:05 AM
It is happening with lots of files, forum members are getting the same message. it is not such a problem for me as I can resize images, but some members cant despite writing tutorials etc
It only been an issure since upgrading to RC4, I never had a problem before

Arantor

#14
January 24, 2011, 06:29:03 AM
Yes, because as of RC4 they added more checks by default...

28ten

#15
January 24, 2011, 06:32:21 AM
Quote from: Arantor on January 24, 2011, 06:29:03 AM
Yes, because as of RC4 they added more checks by default...

yeah, so I see  :laugh: :laugh:  :laugh:

archiebald

#16
January 24, 2011, 06:38:09 AM
Quote from: Arantor on January 24, 2011, 06:29:03 AM
Yes, because as of RC4 they added more checks by default...
I have read about these security checks but haven't found exactly what is being checked - can anyone explain?  It would help to understand why a certain file is failing them.

28ten

#17
January 24, 2011, 06:45:59 AM
Quote from: archiebald on January 24, 2011, 06:38:09 AM
Quote from: Arantor on January 24, 2011, 06:29:03 AM
Yes, because as of RC4 they added more checks by default...
I have read about these security checks but haven't found exactly what is being checked - can anyone explain?  It would help to understand why a certain file is failing them.
as far as I can see it is related to individual file size, as I just did a test post with 8 attachments totaling about 250kb and it was fine.

Arantor

#18
January 24, 2011, 06:47:31 AM
Things like Javascript embedded in the image itself that certain browsers will attempt to execute even though it's an image, and other similar vulnerabilities.

The security checking is not related to file size (you would actually get different things happening if it was overly large files)

archiebald

#19
January 24, 2011, 08:04:35 AM
Quote from: 28ten on January 24, 2011, 06:45:59 AM
Quote from: archiebald on January 24, 2011, 06:38:09 AM
Quote from: Arantor on January 24, 2011, 06:29:03 AM
Yes, because as of RC4 they added more checks by default...
I have read about these security checks but haven't found exactly what is being checked - can anyone explain?  It would help to understand why a certain file is failing them.
as far as I can see it is related to individual file size, as I just did a test post with 8 attachments totaling about 250kb and it was fine.
For my board with dedicated hosting, I have php.ini set to 200MB of uploads per message in up to 30 files.  This is running on vers 1.1.12 right now so I really hope it is never filesize
Print
Go Up Pages1 2 All
User actions
Advertisement: