Announcement

Collapse
No announcement yet.

Creating new topic/posts error

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Bug / Issue] Creating new topic/posts error

    Hello. I recently installed vBulletin in my dedicated server (two times, first 5.3.2 and now 5.3.3). The install goes fine, the same with site builder, user creation and theme import... but I have a critical error.

    When I try to create a new thread, entering in the creation window freeze the screen for about a minute. The same happen if I enter in a thread to respond, but in that case only freeze for a couple of seconds.

    I enable the debug mode, and see A LOT of AJAX requests and errors:


    This error is repeated 140 times:
    Code:
    /ajax/apidetach/cron/run (success, 83126ms, 0ms)
    /ajax/api/phrase/getPhrases (error, 475ms, 1ms) Error: Internal Server Error
    ...
    /ajax/api/phrase/getPhrases (error, 428ms, 0ms) Error: Internal Server Error
    /chat/loadheaderdata (success, 243ms, 1ms)
    So I searched the server error log file (I'm using the latest LSWS version, but the same happen if I switch to apache), and found this (obviously repeated 140 times):
    Code:
    [Sat Oct 28 20:50:48 2017] [error] [client MY-IP] ModSecurity: Access denied with code 500, [Rule: 'ARGS' '(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\(.*from)'] [id "300016"] [msg "Generic SQL injection protection"]
    2017-10-28 20:50:48.431 [NOTICE] [MY-IP] Content len: 8486, Request line: 'POST /ajax/api/phrase/getPhrases HTTP/1.1'
    2017-10-28 20:50:48.431 [INFO] [MY-IP] Cookie len: 286, bblastvisit=********; PHPSESSID=********; bblastactivity=********; bbpassword=******; bbuserid=1; bbsitebuilder_active=1; bbcpsession=********; bbsessionhash=********
    2017-10-28 20:50:48.431 [NOTICE] [MY-IP] Redirect: #1, URL: /index.php
    2017-10-28 20:50:48.431 [INFO] [MY-IP] File not found [/home/myforumpath/500.shtml]
    2017-10-28 20:50:48.805 [NOTICE] [MY-IP] mod_security rule [Id '300016'] triggered!
    If you have any idea about how to fix this, I'll be very greatful. I know this is not a vBulletin error but a server error, now I'm going to contact my hosting provider. But maybe some of you face this problem yet and have some solution.

    Theoretically if I shut down the mod security rule this should work, but I guess that rule was not created exclusively to bother me but for security reasons, so I'm going to research if there are others option before disabling it.

    Thank you.

  • #2
    The logs show a mod_security error.

    You need to speak to your hosts and find out which rule is blocking it, and have them disable or amend that rule.

    It is just an over aggressive rule and it does not indicate that anything within vBulletin is unsafe.
    MARK.B | vBULLETIN SUPPORT

    TalkNewsUK - My vBulletin 5.5.4 Demo
    AdminAmmo - My Cloud Demo

    Comment


    • #3
      Originally posted by Mark.B View Post
      The logs show a mod_security error.

      You need to speak to your hosts and find out which rule is blocking it, and have them disable or amend that rule.

      It is just an over aggressive rule and it does not indicate that anything within vBulletin is unsafe.
      Thanks. I fixed it doing exactly that and now everything works fine.

      If someday someone has the same problem (and have a self-managed dedicated server without support), you can disable a specific rule for a specific domain with this free tool: https://www.configserver.com/cp/cmc.html (WHM and Apache required).

      It's all for me, you can close this thread.

      Regards!

      Comment

      Related Topics

      Collapse

      Working...
      X