Results 1 to 5 of 5

Hybrid View

  1. #1
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: ModSecurity issues in admin

    It would be helpful if your host would actually supply the "rule details" for the mod_security rule that's being triggered.
    Yours seems to be the only site experiencing the problem consistently.

    There's nothing specifically built-in to Zen Cart that should be triggering such security rules, unless you're typing text into one of your product descriptions that contains a pattern of letters/characters that are flagging mod_security rules. If that's the case, then you'll need to work with your hosting company to find a way around the problem, such as amending which rules they "use" within your admin folder.


    Further, if your problems were caused by files like "seo.url.php" which are NOT part of Zen Cart, then you'll need to deal with those addons specifically.

    AND, if all your sites suddenly started missing certain files, then you should probably start a serious investigation about WHY files suddenly went missing.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  2. #2
    Join Date
    Jun 2005
    Location
    Cumbria, UK
    Posts
    10,267
    Plugin Contributions
    3

    Default Re: ModSecurity issues in admin

    Quote Originally Posted by DrByte View Post
    Further, if your problems were caused by files like "seo.url.php" which are NOT part of Zen Cart, then you'll need to deal with those addons specifically.
    As these so-called "SEO modules" have no useful purpose whatsoever for SEO, you should just remove it completely. Core ZC is WELL-indexed by all search engines, and in fact, many of these URL re-writers can do more SEO "damage" than good.
    20 years a Zencart User

  3. #3
    Join Date
    Oct 2006
    Location
    Alberta, Canada
    Posts
    4,571
    Plugin Contributions
    1

    Default Re: ModSecurity issues in admin

    Looks like your Hoster is using the default Rules that come with mod_sec. They will create many false positives such as what already happened. Customizing, removing and/or disabling per site will be required for many of the Rules.

  4. #4
    Join Date
    May 2006
    Posts
    34
    Plugin Contributions
    0

    Default Re: Sudden ModSecurity issues in admin

    Thank you all for your comments. My server support team have come back with the following comment on seo.url.php:

    While investigation your issue with the file "seo.url.php" I found that the file containing string "$gzip == 1 ? base64_encode". We have malware/virus scanner (LMD) on all our shared servers. LMD has inbuilt cleaner rules to attempt removal of malware injected strings , base64 and gzinflate(base64 injected malware as well as quarantine 100% infected/malware file but the file "seo.url.php" is genuine file. I have added file's path in the /usr/local/maldetect/ignore_paths list so that this file will not delete again in the future by the system scanner. I would request you to please edit this file rather than rename/reupload it if you wish to make any changes into it.

    Regarding the product.php they say
    "The issue caused due to mod_security rules restrictions which are as follows :-
    =============================
    ModSecurity: Access denied with code 406 (phase 2). Invalid UTF-8 encoding: invalid byte value in character at ARGSroducts_description[1]. [offset "153"] [file "/usr/local/apache/conf/modsec2.user.conf"] [line "23"] [id "950801"] [msg "UTF8 Encoding Abuse Attack Attempt"] [severity "WARNING"] [hostname "billando.co.uk"] [uri "/xxx/xxxx/product.php"] [unique_id "TnHZV9XlepQAAGG@jw8AAAAf"]
    =============================

    I have disabled the rules for th URI "/xxx/xxxx/product.php' , now the product can be Previewed ."

    They seem to have been able to edit with define_page_editor.php but it is still throwing out errors for me.

 

 

Similar Threads

  1. Sudden Payment issues - "(7) couldn't connect to host"
    By mysh in forum Built-in Shipping and Payment Modules
    Replies: 9
    Last Post: 6 Nov 2014, 07:02 PM
  2. Sudden IPN issues
    By rwslippey in forum General Questions
    Replies: 0
    Last Post: 23 Nov 2010, 11:22 PM
  3. Sudden Admin error
    By way10c in forum Installing on a Linux/Unix Server
    Replies: 14
    Last Post: 23 Nov 2009, 11:20 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg