UBB.Dev
ahhh, back at the ubbdev smile

so, here's a doozy.

when i try to reply to a thread with the word "form", i get an error.

its... the strangest thing i've ever encountered. i had this whole huge long post written and kept getting error messages when posting it. slowly but surely, i narrowed the problem down to the following phrase "and some form of hand, or something" and then down to the word "form"

weird.

and when i do so, i get the following error:


Forbidden
You don't have permission to access /ubbthreads/addpost.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Try looking at your error_log for the error, it shoudl provide more info (and if its a mod_security error or not; mod_security is an apache module which refuses to let some scripts load when specific strings are used in a data stream).
hmm... well, the 404 error for the 403 error is:

[Wed Jan 10 21:49:16 2007] [error] [client] File does not exist: /home/robkam2/public_html/403.shtml


but i don't see anything in there referring to an "addpost" error
ok, a few errors that i see several times over and over (but do not know if they're related)


[10-Jan-2007 11:08:11] PHP Warning: mysql_connect() [function.mysql-connect]: User robkam2_drkknght has already more than 'max_user_connections' active connections in /home/robkam2/public_html/ubbthreads/mysql.inc.php on line 36

[10-Jan-2007 11:08:18] PHP Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/robkam2/public_html/ubbthreads/mysql.inc.php on line 108

[10-Jan-2007 11:30:14] PHP Warning: mysql_connect() [function.mysql-connect]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /home/robkam2/public_html/ubbthreads/mysql.inc.php on line 36
Originally Posted by drkknght
[Wed Jan 10 21:49:16 2007] [error] [client] File does not exist: /home/robkam2/public_html/403.shtml
eh that just means that your custom error file doesn't exist; which is a seperate issue in its own.

Try searching for 509 or 404 errors that occour about the time that you recieve said error.

As for the MySQL errors, those are saying that your site is reaching the max MySQL connections; you should make sure that you arent using persistant connections (as theyre dirty and dont like to close themselves out too much). If you're still finding you're over on these you should contact your host about it (basically when it fills no one can reach your forum until some connections die out)
hmm... i do have persistant connections turned off.

i'm not really seeing any errors noted in the log (server or ubbthreads provided) when the issue pops up.

"term" is another word i've since discovered that is not allowed, bringing up the error (and no, "term" and "form" are not censored -- nothing is)
It's not the sensor, it's Apache (the webserver) you, as a user, have no control over any "words" that are in the configuration; only the host does, at a root level...

If you where on a VPS or Dedicated server, then you'd have access over any flagged keywords.
heya gizmo

how very strange! is that, at all, normal?

is there any reason you can think of why those particular words were flagged?
That'd be a question for the web hosts, I've never heard of something like that before smile
definitely sounds like some sort of mod_security settings. term could be blocked because those are various terminal clients on linux, but that seems extremely anal. form, who knows...maybe because of html forms.

This is becoming very commonplace now. We've had a handful of these problems on ubbcentral and I've worked on at least 5 over the past 2 weeks via ticket. mod_security is pretty evil when it comes to discussion boards since the text within posts can contain just about anything that a host might consider "bad".
mod_security is a security module for apache, it has lists of known exploits and has thousands of rules in place to secure the server; most of these rules are highly anal retentive and don't do any good imo.

Most host don't comment out the demo fields, which also arrise with some issues.

The only way to get arround the issue is to have your host comment out the offending strings in their configuration; but this is their choice if they even want to bother doing such.

I am wondering if theres a way to detect if mod_security is running on a server as a check to such issues...
hmm... after getting into trouble for this issue, my account was moved to a different server -- i guess its like the principal's office, where all the problem sites go.

based on that, and what you guys have said, i'm supposing that this new server is the culprit.
So they spanked you huh? lol.

The new server likely is locked down more than the old one, i'd make sense that they'd do something like that wink
© UBB.Developers