Issue with GoDaddy Mod Sec

[haptcom]

Hi,

New to the forums, but noticed many are having the same issue!

I called godaddy and was given the famous runaround that they can disable it due to it being on a shared linux server.

BUT, I was able to find out what was causing it!!!!!

SMF is sending a shell exec and mod sec is blocking it!

Hope this info is helpful,

Kind Regards
Justin

Pennsylvania, US

[Sir Osis of Liver]

Thanks for the info.  I've passed in on to the devs.

[Kindred]

well, that makes things both better and worse.

better because we now know what they are doing...
worse because our use of shell_exec is completely compliant and permissible within the structure of a php script.  So, what it actually means is that GoDaddy has poorly configured their mod_security (which we suspected to begin with)

[ARG01]

...So, what it actually means is that GoDaddy has poorly configured their mod_security (which we suspected to begin with)

This was my initial thought.

[Arantor]

You guys know that mod_security is nothing whatsoever to do with shell_exec, right?

mod_security is a set of rules that are applied to an incoming request. Anything that mod_security gets het up about is because of the request - and absolutely nothing to do with what happens once it gets to PHP (because mod_security has done its job by then), so once it hits PHP, shell_exec or nslookup or whatever else is going to be done to get hostname lookups, it's nothing to do with mod_security.

The odds are they're tweaking other configuration when 'disabling mod_security'.

[haptcom]

I was told that server blocks all shell exec commands and thats why the add new category does not work

Is there a way to get rid of shell exec completely

(that is what they can gather from the logs.)

[Arantor]

Nope.

shell_exec is run in a totally separate part of SMF and potentially runs on every page request to get the host name.

The add category is a mod_security issue, and shell_exec being removed will change nothing (as we have shown, time and time again)

[Kindred]

ah - thanks Arantor...   I didn't actually know that.
(That's why I rely on experts to tell me things, when I don't know - so next time I do!)

Anyway...    guess we're back to the drawing board in terms of figuring out WTF GoDaddy has (mis)configured.  I really wish that they would just talk to us...

[Sir Osis of Liver]

Has this problem been reported with any other host?

[Illori]

Has this problem been reported with any other host?

many hosts that have mod_security miss configured have this issue. some do have issues with shell_exec but those generally seem to be fewer.

[Arantor]

Has this problem been reported with any other host?

This particular issue specifically with mod_security seems to be localised to GoDaddy. Of course, mod_security issues are common to various hosts.

[HDB]

I am trying to learn something from this as I use GoDaddy as my hosting provider on a shared Linux server. 

So far from this discussion I get it that "mod_security" is preventing "add new category" from working. When would this be an issue? Do I need to worry? Do you guys have some links that I can read on the side to get a better understanding?

Thanks in advance.

[Kindred]

Well, it would be an issue when you try to add a new category.....

[HDB]

Well, it would be an issue when you try to add a new category.....

Are you referring to a new board index category. Like a sub forum or child board?

[Kindred]

no....   when you try to add a new category.  exactly what I said. not board, not child board. category.