News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

SSL Conversion Help

Started by mcpheex3, February 04, 2019, 12:33:44 PM

Previous topic - Next topic

drewactual

there usually are... it holds the last 300 if it's set up default...

don't sweat the small stuff, and this is small..

read the page: https://themeskills.com/disable-limit-wordpress-heartbeat-api/    and follow the instructions.  Heartbeat is bad.  :)


mcpheex3

Good Morning!
I contacted my host because I wasn't getting anywhere. This was the only error:

a918695813d48c66"] [severity "CRITICAL"] [hostname "theflourishforum.com"] [uri "/forum/proxy.php"] [unique_id "XGT0UK6IDeAACCZeT8MAAAAu"]
[Wed Feb 13 23:53:37 2019] [error] [client 172.69.69.245] ModSecurity: Access denied with code 403 (phase 2). Pattern match "=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?)://" at REQUEST_URI. [file "/usr/local/apache/conf/mod_sec/mod_sec.asl.conf"] [line "508"] [id "340165"] [rev "279"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Uniencoded possible Remote File Injection attempt in URI (AE)"] [data "/forum/proxy.php?request=http://jp29.org/cal182.jpg&hash=934799445227f8e9a918695813d48c66"] [severity "CRITICAL"] [hostname "www.theflourishforum.com"] [uri "/forum/proxy.php"] [unique_id "XGT0Ua6IDeAACBUDk8QAAABw"]
[Wed Feb 13 23:53:51 2019] [error] [client 66.249.73.219] ModSecurity: Access denied with code 403 (phase 2). Pattern match "=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?)://" at REQUEST_URI. [file "/usr/local/apache/conf/mod_sec/mod_sec.asl.conf"] [line "508"] [id "340165"] [rev "279"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Uniencoded possible Remote File Injection attempt in URI (AE)"] [data "/forum/proxy.php?request=http://4.bp.blogspot.com/-cavd_y-yilc/vghip4cm8mi/aaaaaaaabzy/kl5cqi0rgp8/s1600/bent%2bbrass%2b10%2baa.jpg&hash=51c2a4756bd5982274fb0e4e6e5f7b46"] [severity "CRITICAL"] [hostname "theflourishforum.com"] [uri "/forum/proxy.php"] [unique_id "XGT0X66IDeAAB8qoIogAAABI"]

This is what he did:
I have white listed the rule to avoid the blocks from modsecurity I would suggest you to update your plugins or themes. If the issue persists again please get back us with exact time stamp so that we can check it from our end.

This all started after updating three plugins which I had to rollback when I did a restore from a backup.

Is this related at all to the forum? Everything is working fine now except the forum won't hold my login information so I have to log in every time I go on and every time I do any admin change.

At this point I will let sleeping dogs lie!  ;D

drewactual

mod_security is a known issue with SMF, and it isn't the mod_security itself, but the way it's implemented. 

if at all possible, disable it for your page.  it can often be done in your htaccess... if you can't or if this tweaks your host- ask them to provide you with the configuration they use so it can be socialized here in a new thread... you'll draw support from folks more knowledgeable than me over it's 'better' configuration. 

if you wish to attempt shutting it off and seeing how long your host let's you get by with it (they may not care?) enter in your htaccess:

<IfModule mod_security.c>
  SecFilterEngine Off
  SecFilterScanPOST Off
</IfModule>


drewactual

and.... i've been checking your page out from time to time, and it seems solid from my vantage- though i obviously haven't logged in or anything..

mcpheex3

Thank you very much for all of your help and feedback. It has really been a lifesaver for me. Since things are working right now, I won't touch anything.  ;D  Strange  I never had the problem before but perhaps something with the switch to SSL set it off.

In any event, you are a peach!  :-*

Advertisement: