CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

Complete System Crash on template submit

https://forum.cmsmadesimple.org/viewtopic.php?t=75018

Page 1 of 1

Complete System Crash on template submit

Posted: Sun Jun 05, 2016 1:41 pm
by naturelab
This is weird.
I worked on a site about a week ago, then took a break for 5 days, when I came back to it, logged into CMSMS and attempted to make a small change to the main page template.

I hit
apply
and seemed to be immediately blocked my hosting provider.

I had not made any other changes to ANYTHING & they assure me that they have not made any changes either.

ie:- I was just pressing the
apply / submit
button on the template that was working previously.

They have now white-listed my IP, but this keeps happening. This is the error messages that they sent me... I am way out of my depth here, could anyone suggest ( from the info provided ) why this is happening ?

One other thing I tried, which enabled me to do a successful submit / apply, wa to paste in the default page template set-up. This was accepted.


Code: Select all

Your IP address xx.xxx.xxx.xxx had been blocked by the server firewall due to a detected "URL Encoding Abuse Attack Attempt". I have now unblocked this IP address.

---
[Thu Jun 02 16:14:23 2016] [error] [client xx.xxx.xxx.xxx] ModSecurity: Access denied with code 406 (phase 2). Pattern match "\\\\%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:m1_contents. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "68"] [id "950107"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [hostname "mysite.co.uk"] [uri "/dev/admin/moduleinterface.php"] [unique_id "V1BNT06BrzMABU85EA8AAAAj"]
[Thu Jun 02 16:14:57 2016] [error] [client xx.xxx.xxx.xxx] ModSecurity: Access denied with code 406 (phase 2). Pattern match "\\\\%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:m1_contents. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "68"] [id "950107"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [hostname "mysite.co.uk"] [uri "/dev/admin/moduleinterface.php"] [unique_id "V1BNcU6BrzMABVazTHEAAAA8"]
[Thu Jun 02 16:16:01 2016] [error] [client xx.xxx.xxx.xxx] ModSecurity: Access denied with code 406 (phase 2). Pattern match "\\\\%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:m1_contents. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "68"] [id "950107"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [hostname "mysite.co.uk"] [uri "/dev/admin/moduleinterface.php"] [unique_id "V1BNsU6BrzMABVX7QFEAAAAm"]
System info :-

Code: Select all

----------------------------------------------

Cms Version: 2.1.3

Installed Modules:

    AdminSearch: 1.0.1
    CGBlog: 1.13.6
    CGContentUtils: 2.1
    CGExtensions: 1.53.6
    CGHeadMaster: 1.0.9.2
    CGSimpleSmarty: 2.1
    CGSnapshot: 1.1
    CMSContentManager: 1.1
    CMSMailer: 6.2.14
    DesignManager: 1.1.1
    FileManager: 1.5.2
    FormBuilder: 0.8.1.4
    Gallery: 2.1.5
    JQueryTools: 1.3.9
    MicroTiny: 2.0.3
    ModuleManager: 2.0.2
    Navigator: 1.0.3
    News: 2.50.5
    Search: 1.50.2
    SimpleSiteInfo: 3.1


Config Information:

    php_memory_limit:
    max_upload_size: 2000000
    url_rewriting: mod_rewrite
    page_extension: /
    query_var: page
    auto_alias_content: true
    locale:
    set_names: true
    timezone: Europe/London
    permissive_smarty: false


Php Information:

    phpversion: 5.6.18
    md5_function: On (True)
    json_function: On (True)
    gd_version: 2
    tempnam_function: On (True)
    magic_quotes_runtime: Off (False)
    E_ALL: 32767
    E_STRICT: 2048
    E_DEPRECATED: 8192
    test_file_timedifference: No time difference found
    test_db_timedifference: No time difference found
    create_dir_and_file: 1
    memory_limit: 128M
    max_execution_time: 30
    register_globals: Off (False)
    output_buffering: 4096
    disable_functions: symlink, dl, system, passthru, exec, shell_exec, escapeshellarg, escapeshellcmd, popen, posix_uname
    open_basedir:
    test_remote_url: Success
    file_uploads: On (True)
    post_max_size: 8M
    upload_max_filesize: 2M
    session_save_path: /tmp (0700)
    session_use_cookies: On (True)
    xml_function: On (True)
    xmlreader_class: On (True)
    check_ini_set: On (True)
    curl: On


Performance Information:

    allow_browser_cache: Off (False)
    browser_cache_expiry: 60
    php_opcache: On (True)
    smarty_cache: Off (False)
    smarty_compilecheck: Off (False)
    smarty_cache_udt: Off (False)
    auto_clear_cache_age: On (True)

Server Information:

    Server Software: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips DAV/2 mod_bwlimited/1.4
    Server Api: cgi-fcgi
    Server Os: Linux 2.6.32-604.30.3.lve1.3.63.el6.x86_64 On x86_64
    Server Db Type: MySQL (mysqli)
    Server Db Version: 5.5.48
    Server Db Grants: Found a "GRANT ALL" statement that appears to be suitable

My complete template :-

Code: Select all

{strip}{process_pagedata}
{content assign='content'}{$content=$content scope=global}
{$theme_path = "{uploads_url}/cp/"}
{cms_selflink dir='previous'  assign='prev_page'}
{cms_selflink dir='next'  assign='next_page'}
{share_data scope=global vars='theme_path,prev_page,next_page' }
{/strip}
<!DOCTYPE html>
<__html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />
{cghm_set key='description' val="{$content|strip_tags|truncate:155:"...":false}" }
{if $page_alias == "home"}
  {cghm_config_set key='title' val="{sitename} - {global_content name='strap'}" }
{else}
  {if isset($workpage)}
    {cghm_config_set key='title' val="{title} ({$year}) - {foreach from=$mediatypes item='specifications' name="media"}{$specifications}{if $smarty.foreach.media.last} {else}, {/if}{/foreach} | {sitename}" }
  {/if}
{/if}
{cghm_render}
{metadata}
<link rel='stylesheet' href='https://fonts.googleapis.com/css?family=Roboto+Slab:400,700,300' type='text/css'>
<link rel='stylesheet' href='http://fonts.googleapis.com/css?family=Karla:400,400italic,700,700italic' type='text/css'>
<link rel="stylesheet" href='https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css' type='text/css'>
<link rel="stylesheet" href='https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css' type='text/css'>
{cgjs_require jsurl='https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js'}
{cgjs_require jsurl='//maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js'}
{cgjs_require jsfile='uploads/cp/js/owl.carousel.min.js'}
{cgjs_require jsfile='uploads/cp/js/jquery.themepunch.tools.min.js'}
{cgjs_require jsfile='uploads/cp/js/plugins.js'}
{cgjs_require jsfile='uploads/cp/js/scripts.js'}
{cgjs_render}
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<__script__ src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></__script>
<__script__ src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></__script>
<![endif]-->
{cms_stylesheet}
{cms_selflink dir='start' rellink=1}
{cms_selflink dir='prev' rellink=1}
{cms_selflink dir='next' rellink=1}
</head>
{$roottitle=cgsimple::get_root_alias()}
{$parenttitle=cgsimple::get_parent_alias()}
{$kids=cgsimple::has_children()}
{if ($roottitle == 'work' && $roottitle != $parenttitle && !$kids)}
  {assign var="workpage" value=1 scope=global}
{/if}
{content_module module='CGContentUtils' block='Gallery' assign="galleryname" tab='Gallery'}
{$year = "{content_module module='CGContentUtils' block='Year' tab='Year'}" scope=global}
{content_module module='CGContentUtils' block='Media-Types' assign='mediatype' tab='Media Types'}
{content block="mediaTypeExtraOne" label="Enter a bespoke media type" block_type="text" oneline=true  assign="mediaextraone" tab='Media Types'}
{content block="mediaTypeExtraTwo" label="Enter a bespoke media type" block_type="text" oneline=true  assign="mediaextratwo" tab='Media Types'}
{content block="mediaTypeExtraThree" label="Enter a bespoke media type" block_type="text" oneline=true  assign="mediaextrathree" tab='Media Types'}
{content block="measurementnameOne" label="Enter measurement description for figure 1" block_type="text" oneline=true  assign="measurementnameone" tab="Fig 1 - Measurements"}
{content block="measurementsheight" label="Enter height" block_type="text" oneline=true  assign="measurementsheight" tab="Fig 1 - Measurements"}
{content block="measurementswidth" label="Enter Width" block_type="text" oneline=true  assign="measurementswidth" tab="Fig 1 - Measurements"}
{content block="measurementsdepth" label="Enter Depth" block_type="text" oneline=true  assign="measurementsdepth" tab="Fig 1 - Measurements"}
{content block="measurementnameTwo" label="Enter measurement description for figure 2" block_type="text" oneline=true  assign="measurementnametwo" tab="Fig 2 - Measurements"}
{content block="measurementsheightTwo" label="Enter height" block_type="text" oneline=true  assign="measurementsheighttwo" tab="Fig 2 - Measurements"}
{content block="measurementswidthTwo" label="Enter Width" block_type="text" oneline=true  assign="measurementswidthtwo" tab="Fig 2 - Measurements"}
{content block="measurementsdepthTwo" label="Enter Depth" block_type="text" oneline=true  assign="measurementsdepthtwo" tab="Fig 2 - Measurements"}
</__body class="{$page_alias}">
<div id="preloader"><div class="textload">Loading</div><div id="status"><div class="spinner"></div></div></div>
<main class="body-wrapper">
{global_content name='cp_navbar_include'}
{if $page_alias == 'home'}
{Gallery dir='cp-home' action="showrandom" template="cp_fullscreen"}
{/if}
<div class="dark-wrapper">
<div class="container{if $page_alias == "home"}-fluid{/if} inner">
{if $page_alias != "home"}
  {if !isset($workpage)}
    <div class="row">
      <div class="col-xs-12">
        <h1>{title}{if $year != ''}<span class="nowrap"> &#8209 <small>{$year}</small></span>{/if}</h1>
       </div><!--/.col-->
{/if}
{/if}
{if ($roottitle == 'work' && $roottitle == $parenttitle)}
<div class="archiveWorks">
<div class=" row yeargroup">
<div class="col-xs-12">
<h5><a href="{root_url}/work/{$childtitle}" title="Work - {$childtitle}">{$childtitle}</a></h5>
<div class="cp-archve-works owl-carousel">
{$children=cgsimple::get_children('')}
{foreach from=$children item='child' key=k}
{if $child.show_in_menu}
{page_attr page=$child.alias key="Pullout"}
{page_attr page=$child.alias key="Date" assign="year"}
{$childtitle=cgsimple::get_page_title($child.alias)}
{$childcontent=cgsimple::get_page_content($child.alias)}
<div class="owl-item">
{Gallery dir={page_attr page=$child.alias key="Gallery"} template="cp_simple" number="1"}
</div>
{/if}
{/foreach}
</div>
</div><!--/.col -->
 </div><!--/.row -->
 {$prev_page} | {$next_page}
{/if}

{if  $page_alias == 'work'}
<section class="archiveWorks">
{$children=cgsimple::get_children('work')}
{foreach from=$children item='child'}
{if $child.show_in_menu}
{$childtitle=cgsimple::get_page_title($child.alias)}
{$grandchildren=cgsimple::get_children($child.alias)}
{if $grandchildren|@count gt 0}
<div class="row archiveyear">
<div class="col-xs-12">
<h5>{$childtitle|replace:'Work-':''}</h5>
<div class="cp-archve-works owl-carousel">
{$grandchildren=cgsimple::get_children($child.alias)}
{foreach from=$grandchildren item='grandchild'  name='grandchildrenpages' key=k}
{if $grandchild.show_in_menu}
{page_attr page=$grandchild.alias key="Show-on-root_url-Work" assign="displayroot_url"}
{page_attr page=$grandchild.alias key="Pullout" assign="pullout"}
{page_attr page=$grandchild.alias key="Date" assign="year"}
{$grandchildtitle=cgsimple::get_page_title($grandchild.alias)}
{$grandchildcontent=cgsimple::get_page_content($grandchild.alias)}
<div class="{if ($k+1)%8== 0}end{/if} owl-item">
{Gallery dir={page_attr page=$grandchild.alias key="Gallery"} template="cp_simple" number="1"}
</div>
{/if}
{/foreach}
</div>
</div><!--/.col -->
</div><!--/.row -->
{/if}
{/if}
{/foreach}
</section>
{/if}

{if isset($workpage)}
<div class="row">
<div class="col-sm-7"><!--left col -->
<div class="contemporary-ceramic-sculpture owl-carousel">
{Gallery dir=$galleryname  template="cp_owl" }
</div>
</div><!--/.left col -->

<div class="col-sm-5"><!--right col -->
<h1>{title}{if $year != ''}<span class="nowrap"> &#8209 <small>{$year}</small></span>{/if}</h1>
<hr />
{if $measurementsheight !=""}
<ul class="list-unstyled">
<li>{if $measurementnameone !=""}<small>{$measurementnameone}</small> - {/if} {if $measurementsheight !=""}<small>H</small> {$measurementsheight}{/if}<small>cm</small> x {if $measurementswidth !=""} <small>W</small> {$measurementswidth}{/if}<small>cm</small> x {if $measurementsdepth !=""} <small>D</small> {$measurementsdepth}<small>cm</small>{/if}</li>
{if $measurementsheighttwo !=""}
<li class="extrameasure">{if $measurementnametwo !=""}<small>{$measurementnametwo}</small> - {/if} {if $measurementsheighttwo !=""}<small>H</small> {$measurementsheighttwo}{/if}<small>cm</small> x {if $measurementswidthtwo !=""} <small>W</small> {$measurementswidthtwo}{/if}<small>cm</small> x {if $measurementsdepthtwo !=""} <small>D</small> {$measurementsdepthtwo}<small>cm</small>{/if}</li>
{/if}
</ul>
{/if}
<hr />
{assign var=mediatypes value=","|explode:$mediatype scope=global}
<ul class="list-inline">
<li>{foreach from=$mediatypes item='specifications' name="media"}{$specifications}{if !($smarty.foreach.media.last)},{/if}{/foreach}{if $mediaextraone != ''}, {$mediaextraone}{/if}{if $mediaextratwo != ''}, {$mediaextratwo}{/if}{if $mediaextrathree != ''}, {$mediaextrathree}{/if}
</li>
</ul>
<div class="cp">
{$content}
<hr />
{$prev_page}<br />
{$next_page}
</div>
</div><!--/.right col -->
</div><!--/.row-->
{/if}

{if $page_alias == 'about'}
{$content}
{/if}

{if $page_alias == 'news'}
{CGBlog action="default" category="General" summarytemplate="cp_summary"  number="10" }
{/if}

{if $page_alias == 'press'}
<h3>Publications</h3>
{CGBlog action="default" summarytemplate="press" category="Publications" sortby="cgblog_date"}
<h3>Press</h3>
{CGBlog action="default" summarytemplate="press" category="Press Release" sortby="cgblog_date"}
{/if}

{if $page_alias == 'exhibitions'}{/if}
{if $page_alias == 'contact'}
{$content}
{FormBuilder|replace:'class="cms_form"':'class="form-inline"' form='cp_form'}
{/if}
</div><!--/.container -->
</div><!-- /.dark-wrapper -->
{global_content name='cp_footer'}
</main>
<__body>
</__html>

Re: Complete System Crash on template submit

Posted: Sun Jun 05, 2016 2:25 pm
by calguy1000
They have now white-listed my IP, but this keeps happening.
Rule #1. mod_security sucks. and we do not support it.
Rule #2. If they had white listed your IP/site completely then you wouldn't be getting the same errors from mod_security.

Your recommendations for Hosting that is setup for CMSMS ?

Posted: Wed Jun 15, 2016 4:57 pm
by naturelab
Your recommendations for Hosting that is setup for CMSMS ?

Re: Your recommendations for Hosting that is setup for CMSMS

Posted: Thu Jun 16, 2016 10:28 am
by PinkElephant
naturelab wrote:recommendations for Hosting
CMSms hosting partners might be of interest.

Re: Complete System Crash on template submit

Posted: Thu Jun 16, 2016 10:30 am
by naturelab
:) Thankyou
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited