PDA

View Full Version : 403 errors, is anyone still getting them?



wingnutLP
-23rd February 2009, 08:21
Hi,

I can't replicate the 403 errors people were reporting at the end of last week. I could on Fridaay but I can't any longer. The hosts have apparently registered, clicked around and posted a few times without problem and so they can't do much more without being able to replicate the problem.

Are people still having issues?

If so could you please post what you were trying to do (edit, post etc...), where (a link to the thread) and what time?

Many thanks.

Foilling Around
-23rd February 2009, 18:23
I had a problem at the time this thread was created. The text I wanted to put in would not take, but the short text string which is there worked.

http://www.fencingforum.com/forum/showthread.php?t=12031

munkey
-24th February 2009, 23:38
Trying to post in the thread about teams for the Junior worlds I got a 403 message until I removed the words 'selectEd' and 'selEcting'. The revised version is post no. 11 in that thread with the words 'chosen' and 'picking' replacing the originals.

Munkey

PM1
-25th February 2009, 22:30
just had the almost same problem in the very same thread....

Red
-26th February 2009, 10:42
Same problem, same thread.

hokers
-26th February 2009, 10:48
Got it.

http://209.85.229.132/search?q=cache:7iiC3_277xgJ:tutorials.zen-cart.com/index.php%3Farticle%3D390+%22403+errors%22+sql+com mands&hl=en&ct=clnk&cd=2&gl=uk&client=firefox-a

Bet you it's this.

Won't fail for you using your Mod/Admin account wingnut probably, try with a standard user account.

This for some suggested solutions?
http://www.simplemachines.org/community/index.php?topic=34270.100

rory
-26th February 2009, 12:35
Good find.
It'll be mod_security checking POSTs for possible injection attacks - like placing SQL statements in form submissions.

SQL statements often contain the word 'SELECT' - and one of the problems we've had was the inability to use the word 'selection'.

Gav
-26th February 2009, 12:38
Makes perfect sense.

The only real response I can give is "ha ha ha ha ha ha ha"

Foilling Around
-26th February 2009, 17:55
See post 44 and 45

http://www.fencingforum.com/forum/showthread.php?p=212571&posted=1#post212571

Boo Boo
-26th February 2009, 18:01
Makes perfect sense.

The only real response I can give is "ha ha ha ha ha ha ha"

Yes, but at least - if that IS the case - then I am not going COMPLETELY mad... (ok maybeI am, but being able to not post the "s" word is not part of my imagination...) :whistle:

Boo

Keith.A.Smith
-26th February 2009, 18:41
Dear all,

I cannot post.

Keith

pinkelephant
-26th February 2009, 18:46
Dear all,

I cannot post.

Keith

But you just have! Don't try to use the word "tceles" backwards or any of its derivatives unless you replace an e or two with an asterisk.

ChubbyHubby
-26th February 2009, 18:48
Hi,

I can't replicate the 403 errors people were reporting at the end of last week. I could on Fridaay but I can't any longer. The hosts have apparently registered, clicked around and posted a few times without problem and so they can't do much more without being able to replicate the problem.

Are people still having issues?

If so could you please post what you were trying to do (edit, post etc...), where (a link to the thread) and what time?

Many thanks.


It's probably not the forum software, ask them to check their firewall or content filters for SQL injection attack filters.

It appears that it is database query related words that triggers it. s*lect, upd*te, d*lete etc.

wingnutLP
-27th February 2009, 08:26
This would explain:

1 The problems we had some time ago with a small Trojan script being injected into the PHP on teh index page.

2 Why people are having problems now that the host has updated its "security" and

3 why I plan to send them an invoice for all of the ime I have wasted on this!

Well spotted, I will see what I can do to get this sorted.

Alex

wingnutLP
-27th February 2009, 08:45
select

update

delete

wingnutLP
-27th February 2009, 08:49
Could someone please post a link to a thread where they cant post and the exact text (with a star in the offending word) that they can't post? Could other forum members then verify that they are experiencing the same problem.

I am still unable to replicate it and if I can't then they can't and if they can't then they don't do anything!

rpryer
-27th February 2009, 09:23
s*lect

Edit: on this thread, I can't post the word above without replacing 'e' with '*'

rpryer
-27th February 2009, 09:27
select

Edit: it appears that I can using the advanced reply, not using the quick reply.

cesh_fencing
-27th February 2009, 09:43
Still the problem -http://fencingforum.com/forum/showthread.php?t=12058

No-L
-27th February 2009, 10:55
select

select

Edit: it appears that I can using the advanced reply, not using the quick reply.

The same problem here.

ChubbyHubby
-27th February 2009, 11:52
difference seems to be with Advanced reply it POSTs the data - if they've fixed that then that might work. Quick Search I think goes through javascript http AJAX type of thing? ie. it doesn't reload the page.

Either way it seems to do with filters on their firewall.

hokers
-27th February 2009, 12:01
I still say it's mod_security on Apache.

Ask the ISP to turn it off and it's all good.

wingnutLP
-4th March 2009, 08:58
The host are claiming that:

They have tried extensively and failed to recreate the problem.
They didn't change the mod-security when they made their security updates.

I can't get 403 errors now even though I saw a few before.

Is anyone else still getting them? If not I think it is safe to assume that the host fixed it and isn't coming clean to me.

Alex

hokers
-4th March 2009, 09:58
This is a test message containing things like SELECT FROM INSERT DROP TABLE etc.

hokers
-4th March 2009, 09:59
This is a test using the quick reply box with some more keywords like DELETE INSERT SELECT select, selection, drop, get, selected

OK I have also been able to post some of the longer posts that ended up being attachments now, so something has clearly changed.

Boo Boo
-4th March 2009, 11:34
From memory they were a little "on and off" last time... I had problems making posts with the "s" word in to certain threads, but not to others... and some other people seemed to have no problems posting the "s" word at all (making me look even more certifiable than usual :cool: ).

Maybe it was temporary (and some sort of routine update run by the host, since, has resolved it) or maybe it is just a very strange combination of words/circumstances that have to come together for it to happen (not just the "s" word itself... maybe something else going on with the host).

See how it goes?

Thank you very much for trying to solve this- must be incredibly frustrating :(

Boo


The host are claiming that:

They have tried extensively and failed to recreate the problem.
They didn't change the mod-security when they made their security updates.

I can't get 403 errors now even though I saw a few before.

Is anyone else still getting them? If not I think it is safe to assume that the host fixed it and isn't coming clean to me.

Alex

Gav
-4th March 2009, 16:25
Instead of using the dreaded S Word we could use one of these (http://thesaurus.reference.com/browse/selection) handy alternatives.

Boo Boo
-4th March 2009, 16:47
Instead of using the dreaded S Word we could use one of these (http://thesaurus.reference.com/browse/selection) handy alternatives.

Ah, but the "S Word" is so much fun... it is like the "F Word", but much more contraversial... ;)

Boo