Previous Thread
Next Thread
Print Thread
Hop To
Blue host and Mod_security issues #262957 07/21/2019 5:27 PM
Joined: Dec 2003
Posts: 5,940
Ruben Offline OP
OP Offline
Joined: Dec 2003
Posts: 5,940
Here is my experience with a brand new bluehost shared pro plan.
I installed ubb 7.7.2.
A net new install.
I used the default permissions
folders 755
files 644
Since I already knew they don't support 777

All went well til I edited a option in the control panel and clicked on submit.
I think it was cookies.
It bumped me off and displayed a error.
I could not log back in.
Quote
Not Acceptable!

An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.

So I used the cpanel no errors were present.
I called bluehost. about mod_ security.
After listening to a 5 minute ordeal about how important it was they finally offered to disable it.
I said do it.
Then they stated it can take up to 24 hours for a push.

Then I asked about specific errors.
This was what they said . In general terms.
Quote
You have four error log entries.
1.. html access
2. javascript.text
3. image.gif
4. image.png


They could not provide any specifics because I was not going to wait for second level support.
So now I am waiting for 24 hours for the push.

I did run the test script and found a few deficiencies prior.
But no failures.
For file size and variables but I do have access to fix them. in the php editor.

BTW,
They pre install wordpress and it is a royal pain to get rid of.
Besides it is a hosted version though free for 1 year..
You need to enable it for your site before you can goto to settings and delete it.
Unless you want to manually delete the database then the files and edit the .htaccess file.
Which I tried and it barked back.

Then you are charged by wordpress.com after 1 year and 1 month or it expires according to the ..htaccess file.
The hell is I did not request a wordpress site that they offer.

Last edited by Ruben; 07/21/2019 5:51 PM. Reason: added comment

Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Express Hosting
Re: Blue host and Mod_security issues [Re: Ruben] #262958 07/21/2019 7:08 PM
Joined: Apr 2004
Posts: 1,499
isaac Online Splat
UBB.threads Developer
Online Splat
UBB.threads Developer
Joined: Apr 2004
Posts: 1,499
which plan did you purchase from Bluehost?

it sounds like you wanted this one:
https://www.bluehost.com/hosting/shared

but instead you ended up ordering this one:
https://www.bluehost.com/wordpress/wordpress-hosting

I'm with Bluehost and never had to deal with file permissions on any of the many client accounts with various hosting options I've had with them. Though, I always steer clear of their "WordPress Hosting" package because i usually need something beyond just WordPress. I install WordPress myself, if I need it. I have no need for them the manage it for me. And I have no need for a dedicated WordPress only package, which sounds like something you might have.

see attached screenshots to compare traditional "Shared Web Hosting" vs "Shared WordPress Hosting."

Attached Files download_20190721_155644.jpgdownload_20190721_155648.jpg

isaac @ id242.com // my forum @ CelicaHobby.com
a current developer of UBB.threads php forum software // 7.7.3 released!
Re: Blue host and Mod_security issues [Re: Ruben] #262959 07/21/2019 7:14 PM
Joined: Dec 2003
Posts: 5,940
Ruben Offline OP
OP Offline
Joined: Dec 2003
Posts: 5,940
I double checked the purchase it is the pro plan no mention of Wordpress Wordpress


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Re: Blue host and Mod_security issues [Re: Ruben] #262960 07/21/2019 7:29 PM
Joined: Apr 2004
Posts: 1,499
isaac Online Splat
UBB.threads Developer
Online Splat
UBB.threads Developer
Joined: Apr 2004
Posts: 1,499
I dont know what to say.

One of my main test/dev sites is on a Bluehost Pro shared hosting account. I also have WordPress installed on that same hosting account.

WordPress (self managed)
https://id242.com

UBB.threads 7.7 3 WIP
https://id242.com/forums

Using a Bluehost SSL certificate.


isaac @ id242.com // my forum @ CelicaHobby.com
a current developer of UBB.threads php forum software // 7.7.3 released!
Re: Blue host and Mod_security issues [Re: Ruben] #262961 07/21/2019 9:12 PM
Joined: Apr 2004
Posts: 1,499
isaac Online Splat
UBB.threads Developer
Online Splat
UBB.threads Developer
Joined: Apr 2004
Posts: 1,499
Originally Posted by Ruben
I used the default permissions
folders 755
files 644
Since I already knew they don't support 777


I can confirm. On Bluehost, setting file attributes to 666 or 777 on php files will give an error. They wont execute.

---

From im / pm with gizmo -

Originally Posted by Gizmo
Bluehost's rules are hitting something on the page Ruben is requesting

their hints say what the log contained that matched i guess

cookie setting is an odd thing to match

iirc they're regular text strings it matches

so if there was a post containing "html access", it'd throw a mod security error

or if say a page in the control panel included that string



isaac @ id242.com // my forum @ CelicaHobby.com
a current developer of UBB.threads php forum software // 7.7.3 released!
Re: Blue host and Mod_security issues [Re: Ruben] #262962 07/22/2019 9:07 AM
Joined: Dec 2003
Posts: 5,940
Ruben Offline OP
OP Offline
Joined: Dec 2003
Posts: 5,940
Still waiting for my 24 hours to be up mod-security is still enabled.

I also started over with a fresh install.
I was logged in browsing the control panel with out editing anything.
But as soon as I logged out and attempted to login again mod-security error pops up.
I can view forums calendar help active topics as a guest.
But of course there is nothing to look at other than the one default category.


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Re: Blue host and Mod_security issues [Re: Ruben] #262963 07/22/2019 4:06 PM
Joined: Dec 2003
Posts: 5,940
Ruben Offline OP
OP Offline
Joined: Dec 2003
Posts: 5,940
Well it is well past 24 hours mod_security is still on.
I called.
This rep stated that what I was told was in error.
That they will not disable mod_security.
They said they only support wordpress and custom apps I need to get in contact with the developer.
Then I asked about wordpress and my .htaccess file since it has expires for cache etc and I was told all bluehost sites are now wordpress sites.
I tried again to edit my .htaccess file with no luck.
here is my htaccess file.
Quote

# BEGIN WordPress
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType text/html "access plus 5 minutes"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 6 hours"
</IfModule>
<ifModule mod_headers.c>
Header set X-Endurance-Cache-Level "2"
</ifModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php70” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php70 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

could any of this cause a issue. with mod_security.
I have had no luck editing it.
I have to do something.

The site is at acusersforum.com/ub/


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Re: Blue host and Mod_security issues [Re: Ruben] #262964 07/22/2019 4:11 PM
Joined: Dec 2003
Posts: 5,940
Ruben Offline OP
OP Offline
Joined: Dec 2003
Posts: 5,940
Update
I can't use the login url
But guess what I registered a new users and that works.
Of course it is not a admin.
But as soon as I logout that user and log back in the mod_security error is back.

I just tried ubb7.7.1 same mod_security issue.
The only differece is 7.7.1 during install tries to use https: for paths and 7.7.2 does not.

Last edited by Ruben; 07/22/2019 5:08 PM.

Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Re: Blue host and Mod_security issues [Re: Ruben] #262965 07/23/2019 1:37 AM
Joined: Jul 2006
Posts: 99
Philipp Offline
Journeyman
Offline
Journeyman
Joined: Jul 2006
Posts: 99
You could try to disable mod_security with .htaccess. Add the following to your .htaccess file:
Quote
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

Re: Blue host and Mod_security issues [Re: Philipp] #262966 07/23/2019 6:00 AM
Joined: Dec 2003
Posts: 5,940
Ruben Offline OP
OP Offline
Joined: Dec 2003
Posts: 5,940
Already tried that. It makes no difference.


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Re: Blue host and Mod_security issues [Re: Ruben] #262967 07/23/2019 6:14 AM
Joined: Apr 2004
Posts: 1,499
isaac Online Splat
UBB.threads Developer
Online Splat
UBB.threads Developer
Joined: Apr 2004
Posts: 1,499
ruben, i sent you a pm laugh


isaac @ id242.com // my forum @ CelicaHobby.com
a current developer of UBB.threads php forum software // 7.7.3 released!
Re: Blue host and Mod_security issues [Re: Ruben] #262968 07/23/2019 6:43 AM
Joined: Apr 2004
Posts: 1,499
isaac Online Splat
UBB.threads Developer
Online Splat
UBB.threads Developer
Joined: Apr 2004
Posts: 1,499
It looks like Bluehost may have mod_security pattern match the URL to look for "http" and "https" in the URL's query string.

UBB.threads currently uses urlencode(get_current_url()) and appends it to the LOGIN link, so that a user will be taken back to the previous page (Originating Current URL) when they successfully log in.

This is an example of what Bluehost may be pattern matching for:
Code
Pattern match "(?:;|/|\\\\|
)(?:\\\\b(?:cat|ls|perl|uname|pwd|cp|kill|tclsh8?|cpp|f(?:etch|tp)|http|https|python|chown|rm|kill|ping|rsync|r
diff-backup|scp|wget|curl|links|g\\\\+\\\\+|ch(?:grp|own)|passwd|r?(?:b|d)ash|t?c?sh|telnet|clang|nc)
\\\\b
|\\\\bsleep\\\\b [0-9])"


Request that they remove "http" and "https" from your mod_security patern match. Meanwhile, I'll look at passing the OCU data through to the login page in a different manor for an upcoming version of UBB.threads.


isaac @ id242.com // my forum @ CelicaHobby.com
a current developer of UBB.threads php forum software // 7.7.3 released!
Re: Blue host and Mod_security issues [Re: Ruben] #262969 07/23/2019 7:33 AM
Joined: Jul 2006
Posts: 99
Philipp Offline
Journeyman
Offline
Journeyman
Joined: Jul 2006
Posts: 99
Originally Posted by Ruben
Already tried that. It makes no difference.

Do you have access to the error log file? The exact mod_security error should show up there.

Re: Blue host and Mod_security issues [Re: Ruben] #262970 07/23/2019 8:32 AM
Joined: Dec 2003
Posts: 5,940
Ruben Offline OP
OP Offline
Joined: Dec 2003
Posts: 5,940
Isaac,
You are spot on with the problem.
When I select login I get for a url
http://acusersforum.com/ub/ubbthreads.php?ubb=login&ocu=http%3A%2F%2Facusersforum.com%2Fub%2Fubbthreads.php%3Fubb%3Dcfrm

I get the mod_security error.

But while that url is in the browser I just edit it and remove http
acusersforum.com/ub/ubbthreads.php?ubb=login&ocu=%3A%2F%2Facusersforum.com%2Fub%2Fubbthreads.php%3Fubb%3Dcfrm
It works.

Also this URL works
acusersforum.com/ub/ubbthreads.php?ubb=login
Could this be a temporary fix till the next version?

Not sure at this point in time where to edit and just hardcode the login link to that right now


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Re: Blue host and Mod_security issues [Re: Ruben] #262971 07/23/2019 8:33 AM
Joined: Apr 2004
Posts: 1,499
isaac Online Splat
UBB.threads Developer
Online Splat
UBB.threads Developer
Joined: Apr 2004
Posts: 1,499
I'm working on a solution for you right now, and will post it today.


isaac @ id242.com // my forum @ CelicaHobby.com
a current developer of UBB.threads php forum software // 7.7.3 released!
Re: Blue host and Mod_security issues [Re: Ruben] #262972 07/23/2019 8:43 AM
Joined: Apr 2004
Posts: 1,499
isaac Online Splat
UBB.threads Developer
Online Splat
UBB.threads Developer
Joined: Apr 2004
Posts: 1,499
I really dont like this solution, but it should work for you as a dirty patch.

in /libs/ubbthreads.inc.php

FIND:
Code
return "$http://{$_SERVER['HTTP_HOST']}{$url}";


REPLACE WITH:
Code
return "//{$_SERVER['HTTP_HOST']}{$url}";


Protocol-relative links (PRL), also known as protocol-relative URLs (PRURL), are URLs that have no protocol specified. For example, //example.com will use the protocol of the current page, either HTTP or HTTPS

Last edited by isaac; 07/23/2019 9:06 AM. Reason: added scheme def

isaac @ id242.com // my forum @ CelicaHobby.com
a current developer of UBB.threads php forum software // 7.7.3 released!
Re: Blue host and Mod_security issues [Re: Ruben] #262973 07/23/2019 9:04 AM
Joined: Dec 2003
Posts: 5,940
Ruben Offline OP
OP Offline
Joined: Dec 2003
Posts: 5,940
I will give it a try after my third call to bluehost.
Thank You.


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Re: Blue host and Mod_security issues [Re: Ruben] #262976 07/25/2019 5:59 PM
Joined: Dec 2003
Posts: 5,940
Ruben Offline OP
OP Offline
Joined: Dec 2003
Posts: 5,940
Maybe if I complained more I might have had more success.
But I got tired of calling back.
Bottom line what I have been told by Bluehost.
Talking all net new shared account plans only.

All new shared hosting accounts are wordpress accounts.
It comes with wordpress preinstalled at the root.
Bluehost only supports wordpress and addons that are what are in the cp, But most all are wordpress plugins.
They call it the market place. section.

There is no way to view any mod_security errors on your own.
Customer service can only see high level errors and you need to get 2nd level support to get details..
Current policy is they will not disable Mod_security nor edit any rules anymore.
Even though I was told on the first call they would..
they later stated that person was in error.

Editing htaccess to disable mod_security is ineffective.

In addition I found that zlib comes disabled and input_variables plus post file sizes are inadequate.
But they can be changed on your own in the php ini editor in the control panel.

For now the dirty patch Isaac provided above works.
Thank you


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Re: Blue host and Mod_security issues [Re: Ruben] #263051 08/12/2019 6:48 PM
Joined: Jun 2006
Posts: 626
Daryl Fawcett Offline
Addict
Offline
Addict
Joined: Jun 2006
Posts: 626
I am using 7.7.1 in a shared account plan with Bluehost and everything is running just fine, however, I have been with them for several years.

If I go to 7.7.3 will I then run into the same type of problem as Ruben is having???

Re: Blue host and Mod_security issues [Re: Daryl Fawcett] #263052 08/12/2019 6:54 PM
Joined: Apr 2004
Posts: 1,499
isaac Online Splat
UBB.threads Developer
Online Splat
UBB.threads Developer
Joined: Apr 2004
Posts: 1,499
Originally Posted by Daryl Fawcett
If I go to 7.7.3 will I then run into the same type of problem as Ruben is having???


as stated in my first and second replies to this topic, no. No, you will not have any of these such problems at all.

edit:
in addition, there has been a workaround implemented since UBB.threads 7.7.3 to avoid this specific mod_security setting.

Last edited by isaac; 08/12/2019 6:56 PM.

isaac @ id242.com // my forum @ CelicaHobby.com
a current developer of UBB.threads php forum software // 7.7.3 released!

Forum Search

ShoutChat Box
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
Strange Merge Issue
by Baldeagle - 08/16/2019 3:37 PM
Formatting Links
by Ty Griffin - 08/13/2019 4:39 PM
Changing from iso-8859-1 to UTF-8?
by Daryl Fawcett - 08/13/2019 9:58 AM
Threaded Mode
by ToddUGA - 08/10/2019 9:18 PM
Who's Online Now
1 registered members (isaac), 38 guests, and 227 spiders.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Photos
Stones
Amusing Terain Scenics
Sky places
Work spaces
Powered by UBB.threads™ PHP Forum Software 7.7.3