error message - reference?

Started by brynn, June 22, 2018, 08:59:47 PM

Previous topic - Next topic

brynn

At the moment, they think it is a file permission issue.  The permission is 0644.

When I look at the root directory, most of the files seem to have 0644. All the files seem to have 0644.  All the folders have 0755.

Is that proper permissions?

Arantor

Those permissions are absolutely fine.

The error message quite clearly talks about a UID, which is not related to file permissions, but to who owns the file, and who the file can be executed as.

Aleksi "Lex" Kilpinen

Your host does not seem to know what they are doing to be honest.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

brynn

Yes, I totally agree with you about my host.  I'm not very happy with them at all.  I'll probably look into moving to a new host, as soon as I can catch up on my to-do list.

After they found out that the permission was fine, then they also concluded the problem was with ownership.  So they fixed that.  And I've already run the repair tool.

There was only one folder that was missing the www, which was the custom avatar folder (where members upload their own av).  I don't know if that will fix the problem which brought me here.  Going back to the first few messages, we can pick it back up there.

I guess when you all were looking at the login page, it was not always showing the correct url?  I can't reproduce that, myself.   But does it look like the repair tool fixed that? 

Or are you saying the error message means that the referring url is sometimes with and sometimes without www?  I thought "referring url" meant the referrer header (which many people have blocked or disguised).

Hhmm...I've tried searching one of the IP addresses which is frequently causing this error, but they don't seem to be a member.  I guess they could have reg'd with a different address though.  Hhmm....I've searched 5 IP addresses which are producing this error, and none of them seem to be reg'd with those IPs.  Could this somehow be non-members trying to log in?

Now I've searched 9 or 10 IP addresses.  So far, none of the addresses which are causing this error are found in a member search.  That seems like a clue, to me.  Although I'm not sure exactly what it means....


GigaWatt

The only problem I'm seeing (mind you, this is not a big problem) is the unlocked keypad in front of https when loading the page. Some elements from your site are loading through http instead of https (most likely some images). It's probably a link or an image loading from the Home page, since everything is loading correctly on the Forum page (locked keypad). Check the hyperlinks and/or image URLs loading on the Home page ;).

In any case, the forum loads either way, with or without www in front, if that is what you were asking.

Quote from: brynn on July 03, 2018, 11:05:05 AM
Could this somehow be non-members trying to log in?

It could be bots trying to register or log in.

Quote from: brynn on July 03, 2018, 11:05:05 AM
Now I've searched 9 or 10 IP addresses.  So far, none of the addresses which are causing this error are found in a member search.  That seems like a clue, to me.  Although I'm not sure exactly what it means....

Are all of the addresses in a different range?

BTW, I really like the favicon design ;).
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Shambles

Quote from: GigaWatt... Some elements from your site are loading through http instead of https (most likely some images). It's probably a link or an image loading from the Home page ...

You can click the padlock and interrogate the media to see what's insecure.

Almost all the insecure items on the home page are loading from http://forum.inkscapecommunity.com/tp-files/tp-articles

GigaWatt

Hmmm... never thought of doing that, the page info section. Thanks for the tip though ;).

And you're right, most of the not secure items come from http://forum.inkscapecommunity.com/tp-files/tp-articles







"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

brynn

Sorry for the delay (again)  (arrgh!)

Thanks for the info re the padlock.  I realize that some pages have mixed contents.  That's actually what I was working on, when I noticed these errors.  The errors sounded to me like maybe people are having trouble logging in, although not knowing for sure is why I posted.  And also hopefully you can help me learn how to fix them.

Just to kickstart this topic again, this is the error message I'm getting:

https://www.inkscapecuttingdesign.com/smf/index.php?action=login2
Unable to verify referring url. Please go back and try again.

The concensus on advice was to run the repair_settings and make sure everything is consistent (all with www or all without).  So I did that, and I only found one file missing the www, which was the custom avatar file.  That does not sound like it could have been causing this problem, but I guess I don't really know.

In any case, now everything has h..ps://www.inkscapecuttingdesign.com/ for the beginning of the url.  But I'm still getting  fairly a lot of these errors.

As noted a few messages above, from what I can tell, it looks like these are not members trying to log in.  But on the other hand, an error is an error, and I have not seen them before.  It would be nice to fix, if possible.

What referring url is it talking about?  I thought it meant they had the referrer header blocked.  But I guess you all were thinking they it was something to do with whether the www was in the address?

Thanks
(And sorry again for the delay.)


GigaWatt

And the problem with the padlock on forum.inkscapecommunity.com are the links in the TinyPortal articles. Notice these links in the screenshots I posted.

http://forum.inkscapecommunity.com/tp-files/tp-articles/images/denimbg3.png
http://forum.inkscapecommunity.com/tp-files/tp-articles/images/lbdr9.png
http://forum.inkscapecommunity.com/tp-files/tp-articles/images/InksTuts.png
http://forum.inkscapecommunity.com/tp-files/tp-articles/images/favicon.png
http://forum.inkscapecommunity.com/tp-files/tp-articles/images/v45.png
http://forum.inkscapecommunity.com/tp-files/tp-articles/images/v46.png
http://forum.inkscapecommunity.com/tp-files/tp-articles/images/v47.png
http://forum.inkscapecommunity.com/tp-files/tp-articles/images/v48.png
http://forum.inkscapecommunity.com/tp-files/tp-articles/images/v91.png
http://forum.inkscapecommunity.com/tp-files/tp-articles/images/v92.png
http://forum.inkscapecommunity.com/tp-files/tp-articles/images/vdk.png
http://forum.inkscapecommunity.com/tp-files/tp-articles/images/denimbg2.png
http://forum.inkscapecommunity.com/tp-files/tp-articles/images/favicon.png


All of them have to be changed to start with https to make the padlock secure (locked).

Oh, and about the 2.0.14+ login fix, you have to implement it on all your themes (I see you have a theme changer on inkscapecuttingdesign.com).
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Kindred

Quote from: GigaWatt on July 10, 2018, 08:17:12 AM
Oh, and about the 2.0.14+ login fix, you have to implement it on all your themes (I see you have a theme changer on inkscapecuttingdesign.com).

or use the mod linked from that FAQ article
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

brynn

Quote from: Illori on July 10, 2018, 06:33:47 AM
https://wiki.simplemachines.org/smf/Login_error_2.0.14

Thanks Illori!  Is that maybe just for researching the problem?  It doesn't seem to be the same problem I'm having.  There is no timeout in the error message.  And regarding the themes, I doubt if this is happening in themes, since it seems to be non-members, and non-members don't have access to change themes....ummm, well actually I might be wrong about that.  Is there a way to find out, from the error message (or from something else) if someone was using a non default theme when the error happened?

Quote from: GigaWatt on July 10, 2018, 08:17:12 AM
And the problem with the padlock on forum.inkscapecommunity.com....

YES, I'm aware of those.  I'm working on it.

Quote from: Kindred on July 10, 2018, 08:57:10 AM
Quote from: GigaWatt on July 10, 2018, 08:17:12 AM
Oh, and about the 2.0.14+ login fix, you have to implement it on all your themes (I see you have a theme changer on inkscapecuttingdesign.com).

or use the mod linked from that FAQ article

InkscapeCutting Design will probably be set to read-only shortly.  (It's next to dead.)  So I probably won't fix that.  However the error also happens in Inkscape Community, although with Much less frequency.  So I thought using InkscapeCuttingDesign for troubleshooting might be easier to find/fix the problem, since it happens so much more there.  I will fix it in Inkscape Community.

But about the error message I reported.  Are you saying this is the same thing?  Just going by the description, they don't sound like the same thing to me.  Plus, it's a really long time since I installed 2.0.14, but the problem just started a couple of months ago.

Kindred

actually, the problem with referring URL usually happens (these days) when you have your https redirect misconfigured.


because http://somesite is different from http://www.somesite is different from https://somesite is different from http://www.somesite
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

brynn

Hhm, ok.

I was just comparing what's in my htaccess file, to the redirect rules you showed earlier in this topic.  They are significantly different.  It's a little more similar to what is suggested in the tutorial for converting to https here:  https://www.simplemachines.org/community/index.php?topic=555034.0  But still different.

Here's what's in my htaccess file, which my host wrote (which I trust about as far as I can spit).  (Yeah, we're still trying to sort out the server migration which they essentially forced me into, which happened 2 or 3 months ago.)

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

I've been thinking I'll try to learn how to write whatever kind of code that is, so that I can write exactly what I want.  But little things keep coming up, like this error message.  Where can I learn how to write those rules?

Kindred

and what is the url of your forum, as defined in the server settings?

In addition to https, you need to either force www or force the removal of www -- whichever you have set as the actual forum url
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

lurkalot

Quote from: brynn on July 10, 2018, 06:29:47 AM

Just to kickstart this topic again, this is the error message I'm getting:

https://www.inkscapecuttingdesign.com/smf/index.php?action=login2
Unable to verify referring url. Please go back and try again.


Brynn, You have a Simpleportal login block running on the left side of your page. That version of Simpleportal 2.3.6 has the login bug, they fixed it in version 2.3.7

So perhaps update to 2.3.7 or just turn off that block and see if the login error goes away.

brynn

Kindred, I thought it was h..ps://www.inkscapecuttingdesign.com.  But I'm not sure exactly where to look to find out.  Every place I've looked so far, it does not have www.  But I've always used www on the website.

lurkalot, I will try that asap (probably tomorrow).  But I do have the same error happening on the other forum, which is running TP.  But TP is also out of date, so if it has the same kind of option, that could explain it.

Oohh!  Yeah, definitely tomorrow, haha.  You said "...login block running...." which I thought meant there was some kind of blocking of logins happening.  But you mean a portal block where people can login, right?  Maybe I'm a little too tired right now!

But I'll still do the upgrades tomorrow  :)

brynn

Ok wait, before I launch into these upgrades, I wanted to be really clear about this.

lurkalot, when you're talking about login bugs that are fixed with the upgrades, which login bug are you talking about?  Do you mean the one which Illori mentioned?  Or are you talking about the error messages I've mentioned?

I'm still having a hard time understanding how these could be the same thing.

Are you saying (or at least speculating) that the errors are coming from people clicking on the portal block to log in? (non members, maybe would-be spammers)

And that disabling the block might be a good test for that?

Aleksi "Lex" Kilpinen

If the errors stop by disabling thw block, then it is clearly that. The login form for SMF was changed, and the Portal had to change too, in order to function properly.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Arantor

Good thing that Login Fix mod works on SP as well then ;)

Advertisement: