PHPBB 403 error on string combination?

evileyes45 · March 11th, 2008, 1:16 PM

Hopefully this is the write topic since this concerns a PHP-MySQL based message board.

Yesterday, I installed PHPBB2 at Good Night Moon RPG :: Index via Fantastico. On certain string combinations, posting replies generates 403 errors. This looks to be a mod_security problem to protect Apache.

Here is the text we're posting:

Quote:

11:54:41 Kai Askari: e_e hrm. So then the idea is more than 'tone down' but 'phase out.' In terms of magic at any rate. It makes it seem more like, say... X-men.

which definitely puts a stress on 'ability selection' during character creation.

I guess one issue though, is going to still be coming across potentially 'overpowering' abilities. Magneto would be an example of that. Control of magnetism has a truckload of applications and with multiple applications, common ability lists can be compiled and then we're back to spellbooks, essentially.
11:54:48 Kai Askari: So then some kind of limitation on ability selection would have to be thought up to prevent that from happening. Either that, or you would just have to take it on a case by case basis. -.o

Also... wah. Vampires with magic. lol Isn't that part of the romance?

What is the idea of toning down vampires? Like... what kinda range? Make them much more susceptible in the daytime?
11:54:57 Kai Askari: It seems like maybe you could do something in the character profile with strengths and weaknesses where vampires and halflings (and perhaps bions, for 'implants/upgrades, etc.') could choose a certain number from some compiled list of abilities? So then not everyone is 'super in every way'?

I realize that's making it much more like tabletop stuff, but if there isn't some kind of quantification of power level, it's going to remain vague and lead to the 'overpowered' complaints, I believe.

And 'spiritual' connection feels to me like it pigeon-holes the kind of character type who gets their 'special power.'

After some searching through the paragraphs looking to isolate the exact string combination, I came up with:

Quote:

limitation on ability selection would have to be thought up to prevent that from happening.

before my internet decided to not load my site contents anymore. The text is harmless and in no way relating to trying to hack/spam the site. 403 errors on other string combination have happened as well but I did not fully document it until this one. It was only until I had rewritten my previous texts did it post fully.

**Mark** · March 11th, 2008, 1:22 PM

Yes it is definitely mod_security. You can turn it off by creating an .htaccess file in the forum directory and adding the following lines:

Code:

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

However this is generally not recommended, especially with the number of security holes phpbb has had in the past

evileyes45 · March 11th, 2008, 1:45 PM

Hm, I figured. Embarassing question but where is my htaccess file? I searched for it but found none. Maybe I'm looking for the wrong filename.

Thanks for getting back to me so quickly! Out of curiosity, what word(s) in the above set it off?

Are there alternate solutions to cover the holes? Would validating my members be decent enough? We're only a small group anyways with no plans to expand.

**Roxy** · March 11th, 2008, 2:13 PM

check for it in your public_html folder and also the folder where the forum is located. If not there, try checking in the folder BEFORE click on public_html.

**Mark** · March 11th, 2008, 3:11 PM

You can create one and upload it through ftp, or create it in the cpanel file manager. It just needs to be named .htaccess with the period in front

evileyes45 · March 11th, 2008, 3:39 PM

Thanks a million! You deserve one for being super helpful.

**Roxy** · March 11th, 2008, 3:42 PM

Quote:

Originally Posted by Mark

You can create one and upload it through ftp, or create it in the cpanel file manager. It just needs to be named .htaccess with the period in front

Or you could do that too...lol. =D

**MarkRH** · March 11th, 2008, 5:04 PM

If you want, you can try using just this:

Code:

<IfModule mod_security.c>
SecFilterScanPOST Off
</IfModule>

This will turn the scanning off as it relates to POSTs but will still filter GETs (what comes across in the address bar basically) and other items.

evileyes45 · March 12th, 2008, 10:30 AM

Both solutions worked perfectly. Everyone on the message board thanks you especially the guy who was trying to post.

March 11th, 2008, 1:22 PM	#2 (permalink)
Mark Surpass Developer On a golden path... Joined in Jan 2004 Lives in Florida Hosted on decc.surpasshosting.com 463 posts Gave thanks: 15 Thanked 75 times	Yes it is definitely mod_security. You can turn it off by creating an .htaccess file in the forum directory and adding the following lines: Code: <IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule> However this is generally not recommended, especially with the number of security holes phpbb has had in the past __________________ Mark Surpass Hosting Developer sɹnoʎ uɐɥʇ ɹǝʇʇǝq sı bıs ʎɯ

March 11th, 2008, 1:45 PM	#3 (permalink)
evileyes45 Registered User Fresh Surpasser Joined in Jul 2005 8 posts Gave thanks: 4 Thanked 0 times	Hm, I figured. Embarassing question but where is my htaccess file? I searched for it but found none. Maybe I'm looking for the wrong filename. Thanks for getting back to me so quickly! Out of curiosity, what word(s) in the above set it off? Are there alternate solutions to cover the holes? Would validating my members be decent enough? We're only a small group anyways with no plans to expand. Last edited by evileyes45; March 11th, 2008 at 1:48 PM.

March 11th, 2008, 2:13 PM	#4 (permalink)
Roxy URB4N 5K1LLZ Super #1 Joined in Sep 2005 Lives in Orlando, FL Hosted on SH63 2,651 posts Gave thanks: 81 Thanked 128 times	check for it in your public_html folder and also the folder where the forum is located. If not there, try checking in the folder BEFORE click on public_html. __________________ Roxanne Urban Roxy -Personal Blog SH63 - the best darn shared server!

March 11th, 2008, 3:11 PM	#5 (permalink)
Mark Surpass Developer On a golden path... Joined in Jan 2004 Lives in Florida Hosted on decc.surpasshosting.com 463 posts Gave thanks: 15 Thanked 75 times	You can create one and upload it through ftp, or create it in the cpanel file manager. It just needs to be named .htaccess with the period in front __________________ Mark Surpass Hosting Developer sɹnoʎ uɐɥʇ ɹǝʇʇǝq sı bıs ʎɯ

March 11th, 2008, 5:04 PM	#8 (permalink)
MarkRH Race Surpass Super #1 Joined in Jul 2006 Lives in Oklahoma City, OK Hosted on sh102 1,218 posts Gave thanks: 18 Thanked 86 times	If you want, you can try using just this: Code: <IfModule mod_security.c> SecFilterScanPOST Off </IfModule> This will turn the scanning off as it relates to POSTs but will still filter GETs (what comes across in the address bar basically) and other items. __________________ SH102 : Mark Headrick - Blog - Gallery Pelicar \| Company of Valor \| Mysstie Wolfestar

March 11th, 2008, 3:39 PM	#6 (permalink)
evileyes45 Registered User Fresh Surpasser Joined in Jul 2005 8 posts Gave thanks: 4 Thanked 0 times	Thanks a million! You deserve one for being super helpful.

March 12th, 2008, 10:30 AM	#9 (permalink)
evileyes45 Registered User Fresh Surpasser Joined in Jul 2005 8 posts Gave thanks: 4 Thanked 0 times	Both solutions worked perfectly. Everyone on the message board thanks you especially the guy who was trying to post.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Rate This Thread
Rate This Thread: