Thread: Integration with vBulletin - Zoints Thread Tags - GREAT for SEO
View Single Post
  #336  
Old 11-20-2006, 03:15 PM
buro9 buro9 is offline
 
Join Date: Feb 2002
Location: London, UK
Posts: 585
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by buro9 View Post
I've got a new bug/weirdness going on:
http://www.bowlie.com/forum/tags/superlong/

That page returns a 403 not authorised.

Yet if you click Tags in the top menu, search for 'super'... you'll see that 'superlong' is returned in the results, but clicking on it triggers the 403.

Why would this be? Why would a tag return a 403?

The thread tagged with that is part of the auto-generated tags and relates to this:
http://www.bowlie.com/forum/music-ro...soul-mp3s.html

The record in the database include the tag 'superlong' and is for that threadid.

Can't think why the 403 gets generated.
This is NOT a bug.

It's because of the word 'perl' being in the underlying querystring. I have a lot of server defenses and this one I put in place ages ago to defend against the PHP vunerability that was bouncing around two winters ago.

Anyhow, amusing PM from and to phlogiston on the matter, who I have to thank for finding it and reminding me of it:
Quote:
Originally Posted by buro9
Quote:
Originally Posted by phlogiston
I had a muck around trying to narrow down the 403 and I'm pretty certain it's from "perl" in the tagname (sniperlong 403'd as did a couple others) - do you have a forum named that which vbseo is trying to redirect to or a server setup which could use it as a special directory name or something? :S (servers are beyond my knowledge)

btw - I totally apologise if I may have killed your server by attempting going to http://www.bowlie.com/forum/tags/perl/
I was trying out a few tags and everything was fine until then. Afterwards server death

Ermm, sorry. Obv didn't want to post this in the public thread and having everyone else try incase it is the problem...

Ryan.
Heh, you must've been the one that just triggered my server defenses then:
Quote:

[Mon Nov 20 16:58:00 2006] [error] [client xx.xxx.xxx.xx] mod_security: Access denied with code 403. Pattern match "perl" at QUERY_STRING. [hostname "www.bowlie.com"] [uri "/forum/tags/index.php?tag =superlong"]
[Mon Nov 20 16:59:28 2006] [error] [client xx.xxx.xxx.xx] mod_security: Access denied with code 403. Pattern match "perl" at QUERY_STRING. [hostname "www.bowlie.com"] [uri "/forum/tags/index.php?tag=soperlongr"]
[Mon Nov 20 16:59:35 2006] [error] [client xx.xxx.xxx.xx] mod_security: Access denied with code 403. Pattern match "perl" at QUERY_STRING. [hostname "www.bowlie.com"] [uri "/forum/tags/index.php?tag=soperlong"]
[Mon Nov 20 17:00:15 2006] [error] [client xx.xxx.xxx.xx] mod_security: Access denied with code 403. Pattern match "perl" at QUERY_STRING. [hostname "www.bowlie.com"] [uri "/forum/tags/index.php?tag=sniperlong"]
[Mon Nov 20 17:00:43 2006] [error] [client xx.xxx.xxx.xx] mod_security: Access denied with code 403. Pattern match "perl" at QUERY_STRING. [hostname "www.bowlie.com"] [uri "/forum/tags/index.php?tag=perlong"]
That was indeed the solution, and thanks so much for hitting it several times

I'll update the post to stop any panic

Oh, and the server is fine... it just added you to the iptables and blocked you. In 15 minutes the block will be lifted. It's a set of defenses to stop any DoS or bot attack. I'd just totally forgotten about it

Thanks again
So, that was NOT a bug, it's my server security doing it's job

And if anyone is curious, it's mod_security in addition to iptables that does that
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01155 seconds
  • Memory Usage 1,788KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete