Previous Thread
Next Thread
Print Thread
Hop To
#256231 01/07/2015 5:03 AM
Joined: Jul 2005
Posts: 137
Member
Member
Joined: Jul 2005
Posts: 137
Hi all and a Happy New Year etc...

It's been a while since i last posted here a things had been running fairly smoothly....

Today i was made aware of an issue when trying to register on my forum (www.hcmaces.com) as a new user.
A user completes all the necessary information, and when they click on submit you get back a white page with the following...

"Forbidden
You don't have permission to access /forums/ubbthreads7/ubbthreads.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request."

I've checked logs and there is nothing in them. I've checked the users and the user does not get created, so the error is bombing before the information is committed to the database.

Now, as said, it has been running happily for a number of years, so obviously something has changed.
The only change that has been made, back in October, was that my hosting provider moved all the servers from their Data Center into a "cloud". A quick check in the users table shows that the last new user to register with my forum was around October time - so too much of a coincidence.

I'd appreciate any clues or pointers as to where i should start looking to track down what the issue could be.

Regards,

Barry

Joined: Jul 2006
Posts: 4,057
Joined: Jul 2006
Posts: 4,057
Corrupt language file !
Use an old back up file.

Control panel, search for what you would expect to see on the white page. Difficult i know but its a clue to which file has gone corrupt on you.

Corrupt file
it could be as simple as a "," missing off the end of a line.


Quick fix.
Back up all your language files.
Restore with Ubb default files and see what happens.

Hope that helps.


BOOM !! Version v7.6.1.1
People who inspire me Isaac ME Gizmo
Joined: Jul 2005
Posts: 137
Member
Member
Joined: Jul 2005
Posts: 137
Hi Mark
Many thanks for the reply - its a good-pointer to start looking.
I'll let you know.

Joined: Dec 2003
Posts: 6,629
Likes: 85
Joined: Dec 2003
Posts: 6,629
Likes: 85
Another item to check is in the ubb control panel.
Disable HTTP Referer Check? should be enabled
It has been suggested for the last several versions.
Or possibly you have some redirect in the htaccess file.

Last edited by Ruben; 01/12/2015 3:13 PM.

Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Joined: Jul 2005
Posts: 137
Member
Member
Joined: Jul 2005
Posts: 137
Hi
The "disable refer check" was checked and has been since day one (if i recall correctly).

I'll check my htaccess file though, so thanks for the suggestion.

Joined: Jul 2005
Posts: 137
Member
Member
Joined: Jul 2005
Posts: 137
Hmmm

My htaccess file has been renamed to htaccess_causes_conflict - datestamp corresponds to the date of the cloud migration.

contents of this file look like this...
RewriteEngine on
RewriteCond %{HTTP_HOST} ^forums.hcmaces.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.forums.hcmaces.com$
RewriteRule ^.*$ "http\:\/\/www\.hcmaces\.com\/forums\/ubbthreads7" [R=301,L]

I guess this could be a red herring as it dates back to when i originally hung the forums from a sub-domain (which has not been the case for a long time).

Joined: Jul 2005
Posts: 137
Member
Member
Joined: Jul 2005
Posts: 137
Right...
I've backed-up the entire contents of the languages directory and replaced with stock files from a fresh download of 7.5.6 software.

Still get the same issue.

Renamed the .htaccess_causes_conflict back to .htaccess
Still get same issue.

I'm now wondering what other files i can replace from the stock install without trashing all of my forum settings...?

Joined: Jun 2006
Posts: 16,367
Likes: 126
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,367
Likes: 126
Originally Posted by Crasher
I'm now wondering what other files i can replace from the stock install without trashing all of my forum settings...?
Anything but the includes, styles, and /cache_builders/custom folders.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Joined: Jul 2005
Posts: 137
Member
Member
Joined: Jul 2005
Posts: 137
Instead of that, i decided to tackle it from the other side.
Using the file and directory comparison facility within TextWrangler i ran a compare of my install vs the stock. The only differences were those relating to the specific settings of my board...

I ran through the install steps and checked (and verified) all of the directory and file permissions and they too all checked out.

I'm now thinking that it must be something in the filesystem set-up that is different after the "move". The problem i have is i dont have a full filesystem backup of the site prior to it being relocated (by my hosting company) into their cloud server. And that leads me back to the .htaccess file that perhaps should be present under the ubbthreads7 folder?

When you go to my site (hcmaces.com) it puts you at http://www.hcmaces.com/forums/ubbthreads7/ubbthreads.php - everything hangs under the ubbthreads7 directory. Oddly that is also the URL that is left in the browser window when you get the "forbidden" error???

[Edit]
Looking at my master settings, both my Full URL to Main Directory and my Relative URL to main directory are the same. Is that right?
Full URL is http://www.hcmaces.com/forums/ubbthreads7
Relative URL is http://www.hcmaces.com/forums/ubbthreads7

For a test, i amended the related URL to ve /forums/ubbthreads7 however this resulted in a catastrophic fail! Thank heavens i'd taken a backup of the config.inc.php and was able to restore it!!

Does anybody have any straws i can clutch smile

Last edited by Crasher; 01/15/2015 2:42 PM.
Joined: Jun 2006
Posts: 16,367
Likes: 126
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,367
Likes: 126
I was talking with Isaac (id242) via Google Talk earlier, and we came to the consensus that you could try making a separate UBB install in your webspace, and then if all is working well, compare the two configuration files and adjust values as needed.

You'd want to have a separate database setup for the second install, and you'll want to use a different cookie prefix for the secondary install however.

FWIW, my paths/urls on Scouters World are:
Code
  'FULL_URL' => 'http://www.scoutersworld.com/forum',
  'BASE_URL' => '/forum',
  'FULL_PATH' => '/home/scout/public_html/forum',
  'SESSION_PATH' => '/home/scout/public_html/forum/sessions',
  'REFERERS' => 'http://www.scoutersworld.com',


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Joined: Jul 2005
Posts: 137
Member
Member
Joined: Jul 2005
Posts: 137
Thanks Gizmo

I think that is going to be the best option.
Either that or migrate off UBB onto something else onoes

Joined: Jul 2005
Posts: 137
Member
Member
Joined: Jul 2005
Posts: 137
Oh if only things were easy...

My new install is falling at the create tables stage with the following
Code
UBB Message We encountered a problem. The reason reported was
Script: 
Line#: 
SQL Error: Access denied for user 'username'@'eleven.ariocloud.com' (using password: YES)
SQL Error #: 1045
Query: Unable to connect to the database!
username obfuscated for security reasons.

Now what is odd is that the "eleven-ariocloud.com" is not the server name i entered when keying in the database info stage. I'm guessing that it is picking this up from an environment variable? I say that because that is the server the website is sitting on, but the mySQL server sits on a different server.

I've checked the config.inc.php file thusfar created and that does have the correct server name in the 'DATABASE_SERVER' field.

Really wished i'd not embarked on this... facepalm

Joined: Jun 2006
Posts: 16,367
Likes: 126
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,367
Likes: 126
My guess is that they have it configured for whatever value you entered to redirect to the value that's being reported (which isn't uncommon if the database is located off server). Unfortunately, you'd probably have to ask them as to why this is occurring.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Joined: Jul 2005
Posts: 137
Member
Member
Joined: Jul 2005
Posts: 137
I'd believe that to be true if it wasn't for the fact that my existing install happily talks to the mySQL server. That's why i wondered if it was duff environmental variable settings somewhere that the install scripts were picking up instead of using the connection information. It certainly passed the connection test part of the install process - this failure is at the point of completing the set-up of the admin account and table creation steps.

I guess i could do a local install onto a laptop (to see the config) or i wonder if i can perform the install without running the install.php? i.e. hack it about piecemeal fashion to force it to use the proper connections.

Joined: Jun 2006
Posts: 16,367
Likes: 126
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,367
Likes: 126
A local install isn't going to report any server variables, it'd all be of the local install... Whereas a new install on the existing server should report all variables needed for your existing install via the new config.inc.php.

You'd think your host's documentation (generally on a FAQ or Support system on their main site) would have information on proper paths for scripts as well on the new cloud platform.

Honestly, it worked before the move, they should be working with you to ensure it works with their new configurations...

Last edited by Gizmo; 01/16/2015 1:22 PM.

I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Joined: Jul 2006
Posts: 4,057
Joined: Jul 2006
Posts: 4,057
Ask them what version of mysql they have you on and the php version just for reference if anything.

The test settings in the control panel ive not always found them reliable.
Ive had fails on directory tests but still works fine (log file directory in my case).

I just had a go at registering and this is what i get without entering any details and just hitting submit after the i agree page.

Originally Posted by yoursite
Forbidden

You don't have permission to access /forums/ubbthreads7/ubbthreads.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.


BOOM !! Version v7.6.1.1
People who inspire me Isaac ME Gizmo
Joined: Jul 2006
Posts: 4,057
Joined: Jul 2006
Posts: 4,057
So your forum is feeding information back from the database or you would have no topics to show.

Can you as admin create a post?
I'm trying to work out if the registration is the only fail or a new post or topic is also a error page.
Then i would be thinking it could be adding info to the database could be the issue.
It could be a mysql permissions problem ?

I wonder if upgrading to 7.5.8 is the way forward ?


BOOM !! Version v7.6.1.1
People who inspire me Isaac ME Gizmo
Joined: Jul 2005
Posts: 137
Member
Member
Joined: Jul 2005
Posts: 137
Hi Mark
Apologies for the delay in reply - a weekend of "family stuff" !

As Admin i can create new posts and update posts as normal.

I'm on PHP 5.3.29
mySQL 5.5.36

From my account control panel i can change the PHP version and also control which optional modules can be included in the build. I think i'm stuck with the mySQL version though.

7.5.8 is not available to me as my ubb license ran out a couple of months before 7.5.8 was released, so it is not available from the user downloads area.

Regards
Barry

Joined: Jul 2005
Posts: 137
Member
Member
Joined: Jul 2005
Posts: 137
Because i am a glutton for punishment i have ploughed on trying to get to the bottom of why my fresh stock install was failing (see earlier post) and have spotted an odd logged error in my root directory.
Code
[20-Jan-2015 19:50:03 UTC] PHP Notice:  Undefined variable: hr in /home/hcmaces/public_html/forum/includes/config.inc.php on line 7

Looking through my config.inc.php (that has been generated by the install script) i found that the only occurrence of the string "hr" is as part of a random generated password. The "hr" is preceded by a $. So i'm assuming that php is trying to interpret the last 3 characters of my DB password "$hr" as a variable reference...

A quick change of the db password to remove the $ later, and voila the install script runs to completion...

So i shall now continue with my investigations into my original issue...

Joined: Jul 2005
Posts: 137
Member
Member
Joined: Jul 2005
Posts: 137
Nuts!

I get the same issue on the new install too.
Code
Forbidden

You don't have permission to access /forum/ubbthreads.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

I guess at least i now have a "test" install to probe deeper into the causes.

Joined: Jul 2005
Posts: 137
Member
Member
Joined: Jul 2005
Posts: 137
Assuming anyone is still following this thread...
In a random act of desperation i resorted to google for the error messages i was getting.
And i found this (amongst all the usual guff) that may be a clue...

Possible Mod_security block

I'm not sure i have the ability to modify this from my cpanel access on my server so i was going to raise a support ticket with my hosting company to see what they think.

Anyone think it might have mileage in it?

Joined: Jul 2005
Posts: 137
Member
Member
Joined: Jul 2005
Posts: 137
Okay
My hosting provider has located the following in their logs.
Quote
[Fri Jan 23 06:26:48 2015] [error] [client 61.19.190.19] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:t(?:able_name\\\\b|extpos[^a-zA-Z0-9_]{1,}\\\\()|(?:a(?:ll_objects|tt(?:rel|typ)id)|column_(?:id|name)|mb_users|object_(?:id|(?:nam|typ)e)|pg_(?:attribute|class)|rownum|s(?:ubstr(?:ing){0,1}|ys(?:c(?:at|o(?:lumn|nstraint)s)|dba|ibm|(?:filegroup|o ..." at ARGS_NAMES:USER_PASSWORD. [file "/var/cpanel/cwaf/rules/cwaf_02.conf"] [line "289"] [id "211540"] [msg "COMODO WAF: Blind SQL Injection Attack"] [data "Matched Data: USER_PASSWORD found within ARGS_NAMES:USER_PASSWORD: USER_PASSWORD"] [severity "CRITICAL"] [hostname "www.hcmaces.com"] [uri "/forums/ubbthreads7/ubbthreads.php"] [unique_id "VMHpqLISdT0ABajgBVEAAAAA"]

So this looks like their setup of Mod Security is treating the new user registration POST as a SQL Injection attack.

I'm on a shared (cloud) host, so any changes to mod security would not just affect my server so there could be some reluctance on their part to modify the settings.

I guess there is no way to modify the POST call in the new user registration module to either send the data as an encrypted stream, or to configure ubbthreads to run under https?

Last edited by Gizmo; 01/28/2015 11:39 AM. Reason: Code/Quote
Joined: Apr 2004
Posts: 1,973
Likes: 154
UBB.threads Developer
UBB.threads Developer
Joined: Apr 2004
Posts: 1,973
Likes: 154
A bit of googling says that sometimes this error is fixed by increasing SecPcreMatchLimit and SecPcreMatchLimitRecursion in mod_security configuration. This can probably be adjusted either in your php.ini or through your .htaccess file, but i have no background in dealing with your specific errors.


current developer of UBB.threads php forum software
current release: UBB.threads 8.0.0 // wip: UBB.threads 8.0.1
isaac @ id242.com // my forum @ CelicaHobby.com
Joined: Jul 2005
Posts: 137
Member
Member
Joined: Jul 2005
Posts: 137
Fortunately the support guys for my hosting provider have (in their words)
Quote
removed the offending rule
.

I've just tested it out and can now register as a new user... smile

Joined: Apr 2004
Posts: 1,973
Likes: 154
UBB.threads Developer
UBB.threads Developer
Joined: Apr 2004
Posts: 1,973
Likes: 154
I guess your host doesnt dont want to share how they fixed it, with other people who might be having the same problem. They just want you to know that it has been fixed.

From October through January is a long time to be sitting on that show-stopping issue. But then again, you're probably the first of their clients to report the problem. Good job for keeping up with it and working with them to get it resolved.


current developer of UBB.threads php forum software
current release: UBB.threads 8.0.0 // wip: UBB.threads 8.0.1
isaac @ id242.com // my forum @ CelicaHobby.com
Joined: Jun 2006
Posts: 16,367
Likes: 126
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,367
Likes: 126
Honestly, they probably saw it's a legit program and figure other clients can be hit by it and just commented out that specific rule as to not hinder other possible users who use the same script.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Joined: Jul 2005
Posts: 137
Member
Member
Joined: Jul 2005
Posts: 137
It took some effort, but i would like to thank you all for chipping in.
At least during the course of tracking this issue down i got to learn a bit more about the inner workings of ubb and how it all hangs together.

Within 2 hours of re-enabling user registrations i had 2 spammers register - this reminded me that during the course of the investigation i reverted to stock code and thus lost the "stop forum spam" mods.

Joined: Jun 2006
Posts: 16,367
Likes: 126
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,367
Likes: 126
Well, the Stop Forum Modification (with Login Detection) is available at UBBDev and an implementation is in the stock 7.5.8 release (and newer versions) without Login Detection (though there is also a listing at UBBDev to add Login Detection to 7.5.8+.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Joined: Jul 2005
Posts: 137
Member
Member
Joined: Jul 2005
Posts: 137
Cheers
well that's my weekend hacking activities sorted then smile

Many thanks again.


Link Copied to Clipboard
ShoutChat
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
Profile avatar storage settings
by SenecaFlyer - 12/05/2024 1:24 PM
Not allowing attachment over 2m
by ehill - 12/03/2024 3:16 PM
New Admin Here
by SenecaFlyer - 12/02/2024 4:14 PM
Who's Online Now
2 members (Ruben, SenecaFlyer), 929 guests, and 67 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Los Angeles
Los Angeles
by isaac, August 6
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 8.0.1
(Snapshot build 20240918)