I worked on a site about a week ago, then took a break for 5 days, when I came back to it, logged into CMSMS and attempted to make a small change to the main page template.
I hit
and seemed to be immediately blocked my hosting provider.apply
I had not made any other changes to ANYTHING & they assure me that they have not made any changes either.
ie:- I was just pressing the
button on the template that was working previously.apply / submit
They have now white-listed my IP, but this keeps happening. This is the error messages that they sent me... I am way out of my depth here, could anyone suggest ( from the info provided ) why this is happening ?
One other thing I tried, which enabled me to do a successful submit / apply, wa to paste in the default page template set-up. This was accepted.
Code: Select all
Your IP address xx.xxx.xxx.xxx had been blocked by the server firewall due to a detected "URL Encoding Abuse Attack Attempt". I have now unblocked this IP address.
---
[Thu Jun 02 16:14:23 2016] [error] [client xx.xxx.xxx.xxx] ModSecurity: Access denied with code 406 (phase 2). Pattern match "\\\\%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:m1_contents. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "68"] [id "950107"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [hostname "mysite.co.uk"] [uri "/dev/admin/moduleinterface.php"] [unique_id "V1BNT06BrzMABU85EA8AAAAj"]
[Thu Jun 02 16:14:57 2016] [error] [client xx.xxx.xxx.xxx] ModSecurity: Access denied with code 406 (phase 2). Pattern match "\\\\%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:m1_contents. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "68"] [id "950107"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [hostname "mysite.co.uk"] [uri "/dev/admin/moduleinterface.php"] [unique_id "V1BNcU6BrzMABVazTHEAAAA8"]
[Thu Jun 02 16:16:01 2016] [error] [client xx.xxx.xxx.xxx] ModSecurity: Access denied with code 406 (phase 2). Pattern match "\\\\%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:m1_contents. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "68"] [id "950107"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [hostname "mysite.co.uk"] [uri "/dev/admin/moduleinterface.php"] [unique_id "V1BNsU6BrzMABVX7QFEAAAAm"]Code: Select all
----------------------------------------------
Cms Version: 2.1.3
Installed Modules:
AdminSearch: 1.0.1
CGBlog: 1.13.6
CGContentUtils: 2.1
CGExtensions: 1.53.6
CGHeadMaster: 1.0.9.2
CGSimpleSmarty: 2.1
CGSnapshot: 1.1
CMSContentManager: 1.1
CMSMailer: 6.2.14
DesignManager: 1.1.1
FileManager: 1.5.2
FormBuilder: 0.8.1.4
Gallery: 2.1.5
JQueryTools: 1.3.9
MicroTiny: 2.0.3
ModuleManager: 2.0.2
Navigator: 1.0.3
News: 2.50.5
Search: 1.50.2
SimpleSiteInfo: 3.1
Config Information:
php_memory_limit:
max_upload_size: 2000000
url_rewriting: mod_rewrite
page_extension: /
query_var: page
auto_alias_content: true
locale:
set_names: true
timezone: Europe/London
permissive_smarty: false
Php Information:
phpversion: 5.6.18
md5_function: On (True)
json_function: On (True)
gd_version: 2
tempnam_function: On (True)
magic_quotes_runtime: Off (False)
E_ALL: 32767
E_STRICT: 2048
E_DEPRECATED: 8192
test_file_timedifference: No time difference found
test_db_timedifference: No time difference found
create_dir_and_file: 1
memory_limit: 128M
max_execution_time: 30
register_globals: Off (False)
output_buffering: 4096
disable_functions: symlink, dl, system, passthru, exec, shell_exec, escapeshellarg, escapeshellcmd, popen, posix_uname
open_basedir:
test_remote_url: Success
file_uploads: On (True)
post_max_size: 8M
upload_max_filesize: 2M
session_save_path: /tmp (0700)
session_use_cookies: On (True)
xml_function: On (True)
xmlreader_class: On (True)
check_ini_set: On (True)
curl: On
Performance Information:
allow_browser_cache: Off (False)
browser_cache_expiry: 60
php_opcache: On (True)
smarty_cache: Off (False)
smarty_compilecheck: Off (False)
smarty_cache_udt: Off (False)
auto_clear_cache_age: On (True)
Server Information:
Server Software: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips DAV/2 mod_bwlimited/1.4
Server Api: cgi-fcgi
Server Os: Linux 2.6.32-604.30.3.lve1.3.63.el6.x86_64 On x86_64
Server Db Type: MySQL (mysqli)
Server Db Version: 5.5.48
Server Db Grants: Found a "GRANT ALL" statement that appears to be suitable
My complete template :-
Code: Select all
{strip}{process_pagedata}
{content assign='content'}{$content=$content scope=global}
{$theme_path = "{uploads_url}/cp/"}
{cms_selflink dir='previous' assign='prev_page'}
{cms_selflink dir='next' assign='next_page'}
{share_data scope=global vars='theme_path,prev_page,next_page' }
{/strip}
<!DOCTYPE html>
<__html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />
{cghm_set key='description' val="{$content|strip_tags|truncate:155:"...":false}" }
{if $page_alias == "home"}
{cghm_config_set key='title' val="{sitename} - {global_content name='strap'}" }
{else}
{if isset($workpage)}
{cghm_config_set key='title' val="{title} ({$year}) - {foreach from=$mediatypes item='specifications' name="media"}{$specifications}{if $smarty.foreach.media.last} {else}, {/if}{/foreach} | {sitename}" }
{/if}
{/if}
{cghm_render}
{metadata}
<link rel='stylesheet' href='https://fonts.googleapis.com/css?family=Roboto+Slab:400,700,300' type='text/css'>
<link rel='stylesheet' href='http://fonts.googleapis.com/css?family=Karla:400,400italic,700,700italic' type='text/css'>
<link rel="stylesheet" href='https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css' type='text/css'>
<link rel="stylesheet" href='https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css' type='text/css'>
{cgjs_require jsurl='https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js'}
{cgjs_require jsurl='//maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js'}
{cgjs_require jsfile='uploads/cp/js/owl.carousel.min.js'}
{cgjs_require jsfile='uploads/cp/js/jquery.themepunch.tools.min.js'}
{cgjs_require jsfile='uploads/cp/js/plugins.js'}
{cgjs_require jsfile='uploads/cp/js/scripts.js'}
{cgjs_render}
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<__script__ src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></__script>
<__script__ src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></__script>
<![endif]-->
{cms_stylesheet}
{cms_selflink dir='start' rellink=1}
{cms_selflink dir='prev' rellink=1}
{cms_selflink dir='next' rellink=1}
</head>
{$roottitle=cgsimple::get_root_alias()}
{$parenttitle=cgsimple::get_parent_alias()}
{$kids=cgsimple::has_children()}
{if ($roottitle == 'work' && $roottitle != $parenttitle && !$kids)}
{assign var="workpage" value=1 scope=global}
{/if}
{content_module module='CGContentUtils' block='Gallery' assign="galleryname" tab='Gallery'}
{$year = "{content_module module='CGContentUtils' block='Year' tab='Year'}" scope=global}
{content_module module='CGContentUtils' block='Media-Types' assign='mediatype' tab='Media Types'}
{content block="mediaTypeExtraOne" label="Enter a bespoke media type" block_type="text" oneline=true assign="mediaextraone" tab='Media Types'}
{content block="mediaTypeExtraTwo" label="Enter a bespoke media type" block_type="text" oneline=true assign="mediaextratwo" tab='Media Types'}
{content block="mediaTypeExtraThree" label="Enter a bespoke media type" block_type="text" oneline=true assign="mediaextrathree" tab='Media Types'}
{content block="measurementnameOne" label="Enter measurement description for figure 1" block_type="text" oneline=true assign="measurementnameone" tab="Fig 1 - Measurements"}
{content block="measurementsheight" label="Enter height" block_type="text" oneline=true assign="measurementsheight" tab="Fig 1 - Measurements"}
{content block="measurementswidth" label="Enter Width" block_type="text" oneline=true assign="measurementswidth" tab="Fig 1 - Measurements"}
{content block="measurementsdepth" label="Enter Depth" block_type="text" oneline=true assign="measurementsdepth" tab="Fig 1 - Measurements"}
{content block="measurementnameTwo" label="Enter measurement description for figure 2" block_type="text" oneline=true assign="measurementnametwo" tab="Fig 2 - Measurements"}
{content block="measurementsheightTwo" label="Enter height" block_type="text" oneline=true assign="measurementsheighttwo" tab="Fig 2 - Measurements"}
{content block="measurementswidthTwo" label="Enter Width" block_type="text" oneline=true assign="measurementswidthtwo" tab="Fig 2 - Measurements"}
{content block="measurementsdepthTwo" label="Enter Depth" block_type="text" oneline=true assign="measurementsdepthtwo" tab="Fig 2 - Measurements"}
</__body class="{$page_alias}">
<div id="preloader"><div class="textload">Loading</div><div id="status"><div class="spinner"></div></div></div>
<main class="body-wrapper">
{global_content name='cp_navbar_include'}
{if $page_alias == 'home'}
{Gallery dir='cp-home' action="showrandom" template="cp_fullscreen"}
{/if}
<div class="dark-wrapper">
<div class="container{if $page_alias == "home"}-fluid{/if} inner">
{if $page_alias != "home"}
{if !isset($workpage)}
<div class="row">
<div class="col-xs-12">
<h1>{title}{if $year != ''}<span class="nowrap"> ‑ <small>{$year}</small></span>{/if}</h1>
</div><!--/.col-->
{/if}
{/if}
{if ($roottitle == 'work' && $roottitle == $parenttitle)}
<div class="archiveWorks">
<div class=" row yeargroup">
<div class="col-xs-12">
<h5><a href="{root_url}/work/{$childtitle}" title="Work - {$childtitle}">{$childtitle}</a></h5>
<div class="cp-archve-works owl-carousel">
{$children=cgsimple::get_children('')}
{foreach from=$children item='child' key=k}
{if $child.show_in_menu}
{page_attr page=$child.alias key="Pullout"}
{page_attr page=$child.alias key="Date" assign="year"}
{$childtitle=cgsimple::get_page_title($child.alias)}
{$childcontent=cgsimple::get_page_content($child.alias)}
<div class="owl-item">
{Gallery dir={page_attr page=$child.alias key="Gallery"} template="cp_simple" number="1"}
</div>
{/if}
{/foreach}
</div>
</div><!--/.col -->
</div><!--/.row -->
{$prev_page} | {$next_page}
{/if}
{if $page_alias == 'work'}
<section class="archiveWorks">
{$children=cgsimple::get_children('work')}
{foreach from=$children item='child'}
{if $child.show_in_menu}
{$childtitle=cgsimple::get_page_title($child.alias)}
{$grandchildren=cgsimple::get_children($child.alias)}
{if $grandchildren|@count gt 0}
<div class="row archiveyear">
<div class="col-xs-12">
<h5>{$childtitle|replace:'Work-':''}</h5>
<div class="cp-archve-works owl-carousel">
{$grandchildren=cgsimple::get_children($child.alias)}
{foreach from=$grandchildren item='grandchild' name='grandchildrenpages' key=k}
{if $grandchild.show_in_menu}
{page_attr page=$grandchild.alias key="Show-on-root_url-Work" assign="displayroot_url"}
{page_attr page=$grandchild.alias key="Pullout" assign="pullout"}
{page_attr page=$grandchild.alias key="Date" assign="year"}
{$grandchildtitle=cgsimple::get_page_title($grandchild.alias)}
{$grandchildcontent=cgsimple::get_page_content($grandchild.alias)}
<div class="{if ($k+1)%8== 0}end{/if} owl-item">
{Gallery dir={page_attr page=$grandchild.alias key="Gallery"} template="cp_simple" number="1"}
</div>
{/if}
{/foreach}
</div>
</div><!--/.col -->
</div><!--/.row -->
{/if}
{/if}
{/foreach}
</section>
{/if}
{if isset($workpage)}
<div class="row">
<div class="col-sm-7"><!--left col -->
<div class="contemporary-ceramic-sculpture owl-carousel">
{Gallery dir=$galleryname template="cp_owl" }
</div>
</div><!--/.left col -->
<div class="col-sm-5"><!--right col -->
<h1>{title}{if $year != ''}<span class="nowrap"> ‑ <small>{$year}</small></span>{/if}</h1>
<hr />
{if $measurementsheight !=""}
<ul class="list-unstyled">
<li>{if $measurementnameone !=""}<small>{$measurementnameone}</small> - {/if} {if $measurementsheight !=""}<small>H</small> {$measurementsheight}{/if}<small>cm</small> x {if $measurementswidth !=""} <small>W</small> {$measurementswidth}{/if}<small>cm</small> x {if $measurementsdepth !=""} <small>D</small> {$measurementsdepth}<small>cm</small>{/if}</li>
{if $measurementsheighttwo !=""}
<li class="extrameasure">{if $measurementnametwo !=""}<small>{$measurementnametwo}</small> - {/if} {if $measurementsheighttwo !=""}<small>H</small> {$measurementsheighttwo}{/if}<small>cm</small> x {if $measurementswidthtwo !=""} <small>W</small> {$measurementswidthtwo}{/if}<small>cm</small> x {if $measurementsdepthtwo !=""} <small>D</small> {$measurementsdepthtwo}<small>cm</small>{/if}</li>
{/if}
</ul>
{/if}
<hr />
{assign var=mediatypes value=","|explode:$mediatype scope=global}
<ul class="list-inline">
<li>{foreach from=$mediatypes item='specifications' name="media"}{$specifications}{if !($smarty.foreach.media.last)},{/if}{/foreach}{if $mediaextraone != ''}, {$mediaextraone}{/if}{if $mediaextratwo != ''}, {$mediaextratwo}{/if}{if $mediaextrathree != ''}, {$mediaextrathree}{/if}
</li>
</ul>
<div class="cp">
{$content}
<hr />
{$prev_page}<br />
{$next_page}
</div>
</div><!--/.right col -->
</div><!--/.row-->
{/if}
{if $page_alias == 'about'}
{$content}
{/if}
{if $page_alias == 'news'}
{CGBlog action="default" category="General" summarytemplate="cp_summary" number="10" }
{/if}
{if $page_alias == 'press'}
<h3>Publications</h3>
{CGBlog action="default" summarytemplate="press" category="Publications" sortby="cgblog_date"}
<h3>Press</h3>
{CGBlog action="default" summarytemplate="press" category="Press Release" sortby="cgblog_date"}
{/if}
{if $page_alias == 'exhibitions'}{/if}
{if $page_alias == 'contact'}
{$content}
{FormBuilder|replace:'class="cms_form"':'class="form-inline"' form='cp_form'}
{/if}
</div><!--/.container -->
</div><!-- /.dark-wrapper -->
{global_content name='cp_footer'}
</main>
<__body>
</__html>
Thankyou