context_title
context_text
|
Topic Summary - Displaying 15 post(s). Click here to show all |
Posted by: Monni
Posted on: Sep 5th, 2014 at 7:48pm
|
|
I'm pretty sure it was a false positive... I've known most of the users on the forum for several years and that IP didn't belong to a new user.
|
Posted by: Dandello
Posted on: Sep 5th, 2014 at 7:25pm
|
It may be annoying but you know that mod_security bashed a spammer for you.  Unless, of course, the member was trying to let people know about spam they'd gotten... : 
|
Posted by: Monni
Posted on: Sep 5th, 2014 at 6:57pm
|
Finally managed to get errorlog output... Definitely bad interaction with ModSecurity. Quote: [Fri Sep 05 20:49:56 2014] [error] [client 188.238.53.26] ModSecurity: Access denied with code 403 (phase 2). Match of "rx (poker flat|casino royale)" against "MATCHED_VAR" required. [file "/usr/local/apache/conf/modsec_rules/30_asl_antispam.conf"] [line "193"] [id "300032"] [rev "10"] [msg "Atomicorp.com WAF AntiSpam Rules: Gambling or Poker Content (Disable this rule if you wish to allow that content)"] [data "poker"] [severity "CRITICAL"] [hostname " www.radiohistoria.fi"] [uri "/cgi-bin/yabb2/YaBB.pl"] [unique_id "VAn3w9BOKbgAAD@Ge@UAAAAQ"] |
Posted by: Dandello
Posted on: Sep 2nd, 2014 at 11:04pm
|
|
Definitely a glitch in the space-time continuum, then.
|
Posted by: Monni
Posted on: Sep 2nd, 2014 at 11:01pm
|
Dandello wrote on Sep 2 nd, 2014 at 10:59pm: Maybe the next time it happens, someone will let you know what they were doing when it happened. (Or didn't happen.) I know what the user was doing at the time the error happened, but I can't reproduce it...
|
Posted by: Dandello
Posted on: Sep 2nd, 2014 at 10:59pm
|
|
Maybe the next time it happens, someone will let you know what they were doing when it happened. (Or didn't happen.)
|
Posted by: Monni
Posted on: Sep 2nd, 2014 at 10:55pm
|
Dandello wrote on Sep 2 nd, 2014 at 10:50pm: The real weirdness is that it appears to be reporting a 404 in the access log, but the same error isn't in the server error logs. I think something in Apache configuration is suppressing error log output. I can't check the Apache configs, because it's on a shared host where I don't have root access.
|
Posted by: Dandello
Posted on: Sep 2nd, 2014 at 10:50pm
|
|
The real weirdness is that it appears to be reporting a 404 in the access log, but the same error isn't in the server error logs.
|
Posted by: Monni
Posted on: Sep 2nd, 2014 at 10:42pm
|
|
I only enabled debugging, because it was not adding anything useful to error logs. Something tells me it's bad interaction with Apache's mod_security or one in a million case of space-time anomality.
|
Posted by: Dandello
Posted on: Sep 2nd, 2014 at 10:36pm
|
 Um - I just ran a test on my test bed - What I saw was debugging set to 'everybody sees' so guests ARE not allowed to post. (But they really shouldn't be allowed to see the debugging info, either.) I normally don't have debugging set so everybody sees it so I forgot about that little weirdness. So we can forget the 403 on guests. Now off to check what members see under the same settings.
|
Posted by: Monni
Posted on: Sep 2nd, 2014 at 10:27pm
|
Dandello wrote on Sep 2 nd, 2014 at 10:20pm: I saw the reference to Security.pm when trying to access StartNewTopic as a guest when I should have gotten a single 'you are not allowed' line. So I'm guessing that something above line 129 is failing over something very weird. If it didn't make it into the YaBB error log, maybe it made it into the Apache error log. Apache error log was empty...
|
Posted by: Dandello
Posted on: Sep 2nd, 2014 at 10:20pm
|
|
I saw the reference to Security.pm when trying to access StartNewTopic as a guest when I should have gotten a single 'you are not allowed' line. So I'm guessing that something above line 129 is failing over something very weird. If it didn't make it into the YaBB error log, maybe it made it into the Apache error log.
|
Posted by: Monni
Posted on: Sep 2nd, 2014 at 10:02pm
|
What really puzzles me is that it is returning a HTTP error 403 to the user, but the logs say error code is 404... As far as I understand the YaBB returned error codes, 403 means the user isn't logged in (because guests can't post threads), but 404 means I/O error (cannot_open). Edited: Line 129 of Security.pm is if ( $access ne 'granted' ) { fatal_error('no_access'); }
|
Posted by: Dandello
Posted on: Sep 2nd, 2014 at 9:49pm
|
This isn't reproduceable on a newly installed forum - however, following the full link to the site (where I should get a 'not allowed' error, I see an error call to Sources/Security.pm line 129 referring (I think) to not finding a subroutine. It also mentions '(eval)'. The only time eval gets called in Security.pm is in regards to Variables::Movedthreads Line 129 relates to the sub AccessCheck Going to do more sleuthing. Edited: On a newly installed empty forum with default settings, Guests get the 'You are not allowed to access this section.' warning when trying to get to StartNewTopic.
So, on the forum with this odd error - what are the guest posting settings?
|
Posted by: Monni
Posted on: Sep 2nd, 2014 at 8:06pm
|
|
|
HTML 5
