Page 2 of 2
Re: 500 Internal Server Errors
Posted: Mon Jan 15, 2007 12:56 pm
by Greg
Inserting this phrase in any page or news item is causing a 500 internal server error on all of the website I manage. Thsi happens with or without the WYSIWYG editor on. Some sites have Pretty URL's on some don't. All sites are at 1.0.2 running on BSD Apache MySql PHP 4.4.4
Choose from all objects or those associated with a given domain.
The words 'Choose from' seem to be the problematic word combination, as I can insert 'all objects or those associated with a given domain' without creating the error.
Any Ideas?
Re: 500 Internal Server Errors
Posted: Tue Jan 16, 2007 1:16 am
by Greg
The server error log shows the following
[Mon Jan 15 19:06:41 2007] [error] [client 71.17.123.189] mod_security: Access denied with code 500. Pattern match "(insert[[:space:]] into. values|select.*from. [a-z|A-Z|0-9]|select. from|bulk[[:space:]] insert|union. select|convert. \\\\(.*from)" at POST_PAYLOAD [id "300016"][rev "2"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname "
www.gregbloor.com"] [uri "/admin/editcontent.php?content_id=18&page="]
[Mon Jan 15 19:07:20 2007] [error] [client 71.17.123.189] mod_security: Access denied with code 500. Pattern match "(insert[[:space:]] into. values|select.*from. [a-z|A-Z|0-9]|select. from|bulk[[:space:]] insert|union. select|convert. \\\\(.*from)" at POST_PAYLOAD [id "300016"][rev "2"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname "
www.gregbloor.com"] [uri "/admin/editcontent.php?content_id=18&page="]
[Mon Jan 15 19:07:30 2007] [error] [client 71.17.123.189] mod_security: Access denied with code 500. Pattern match "(insert[[:space:]] into. values|select.*from. [a-z|A-Z|0-9]|select. from|bulk[[:space:]] insert|union. select|convert. \\\\(.*from)" at POST_PAYLOAD [id "300016"][rev "2"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname "
www.gregbloor.com"] [uri "/admin/editcontent.php?content_id=18&page="]
Anyone have any suggestions as I have no idea what this information is telling me.
Re: 500 Internal Server Errors
Posted: Wed Jan 17, 2007 12:13 am
by Greg
Seems to be a problem with editcontent.php.
I created a new page - no problem.
Edited the page to add some content and got the Internal Server Error.
Deleted the page.
Created a new page with the original information AND the information I tried to add using edit page - NO internal server error.
Help - I cannot edit any existing pages?
Re: 500 Internal Server Errors
Posted: Wed Jan 17, 2007 11:18 pm
by Greg
Why would editcontent.php produce this problem and addcontent.php does not?
Looks like I am talking to myself.
could this be part of the answer
http://wiki.e107.org/?title=Security:mod_security
Re: 500 Internal Server Errors
Posted: Fri Jan 19, 2007 3:51 pm
by Pierre M.
Greg wrote:
The server error log shows the following
[Mon Jan 15 19:06:41 2007] [error] [client x.y.z.t] mod_security: Access denied...
Anyone have any suggestions as I have no idea what this information is telling me.
Your hosting provider seems to use the webserver module "mod_security" which is denying your software (CMSms) to work as expected. May be you should inform your supplier and ask him to tune its security module accordingly.
PM
Re: 500 Internal Server Errors
Posted: Sat Jan 20, 2007 1:01 am
by Greg
Thanks Pierre - I contacted my hosting service and they changed the configuration of mod_security.
All is working again!
Re: 500 Internal Server Errors
Posted: Sat May 09, 2009 12:26 am
by WebGirl
I had a similar problem, and after 5 days of stress and drama, I finally discovered that the CHMOD of 777 needed to be changed to 755.
Hope this helps someone else!