Illegal Character(s)...? Have a deadline :(

Version 3 Solutions you have discovered or come across should go here. Questions should go in the other three Version 3 forums, thank you.
Forum rules
Please do not ask questions here, this is for Version 3 Solutions you have discovered or come across.

Re: Illegal Character(s)...? Have a deadline :(

Postby jimlongo » 9:40pm, Fri 31 Jan, 2014

maybe turn on php error reporting and see if something turns up?
jimlongo
PL Geek
 
Posts: 88
Joined: 10:10pm, Tue 15 May, 2007

Re: Illegal Character(s)...? Have a deadline :(

Postby bekabug » 10:52pm, Fri 31 Jan, 2014

How would I do that? I don't see anything in the config for error reporting.
bekabug
PL Nut
 
Posts: 34
Joined: 3:21pm, Thu 05 Apr, 2007

Re: Illegal Character(s)...? Have a deadline :(

Postby jimlongo » 12:33am, Sat 01 Feb, 2014

try putting this line in admin/index.php and see if anything shows up.
error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);
jimlongo
PL Geek
 
Posts: 88
Joined: 10:10pm, Tue 15 May, 2007

Re: Illegal Character(s)...? Have a deadline :(

Postby bekabug » 1:02am, Sat 01 Feb, 2014

That didn't do anything. Also...while processing the bounces I see thousands of messages that say something about the mysql syntax having an error and needing to check the manual for 'biglongstringoflettersandnumbers' on line 2.

Related?
bekabug
PL Nut
 
Posts: 34
Joined: 3:21pm, Thu 05 Apr, 2007

Re: Illegal Character(s)...? Have a deadline :(

Postby jimlongo » 1:41am, Sat 01 Feb, 2014

sure there could be something wrong with your database.

Back up the database.
Drop the database.
Go to yourlistdirectory/admin/ and recreate the database. (at least I think that's the way to recreate the database - might want to read the installation instructions again).

If that works and you have a fresh database, you can try your message again.
If that works you can slowly reimport data like messages and subscribers one at a time.

just an idea.
jimlongo
PL Geek
 
Posts: 88
Joined: 10:10pm, Tue 15 May, 2007

Re: Illegal Character(s)...? Have a deadline :(

Postby bekabug » 9:01pm, Tue 04 Feb, 2014

Finally got to the bottom of this.
A modsec rule was being triggered by the content.

Code: Select all
ModSecurity: Access
denied with code 500 (phase 2). Pattern match
"(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)"
at ARGS:message. [file "/usr/local/apache/conf/modsec2.user.conf"]
[line "371"] [id "300016"] [rev "2"] [msg
"Generic SQL injection protection"] [severity "CRITICAL"]
bekabug
PL Nut
 
Posts: 34
Joined: 3:21pm, Thu 05 Apr, 2007

Re: Illegal Character(s)...? Have a deadline :(

Postby jimlongo » 9:03pm, Tue 04 Feb, 2014

good to know.

What rules are you using, the cPanel defaults? They are notorious for false positives.
jimlongo
PL Geek
 
Posts: 88
Joined: 10:10pm, Tue 15 May, 2007

Re: Illegal Character(s)...? Have a deadline :(

Postby bekabug » 9:06pm, Tue 04 Feb, 2014

I'm not sure but the next time I have an issue that makes absolutely no sense I'm going to start there. :roll:
bekabug
PL Nut
 
Posts: 34
Joined: 3:21pm, Thu 05 Apr, 2007

Re: Illegal Character(s)...? Have a deadline :(

Postby gingerling » 3:52pm, Thu 06 Feb, 2014

It could be related to this https://mantis.phplist.com/view.php?id=15379 - M asked me to link this thread to that bug. Would that explain some things?

Anna
gingerling
phpLister
 
Posts: 12
Joined: 4:03pm, Thu 02 Jan, 2014

Re: Illegal Character(s)...? Have a deadline :(

Postby jimlongo » 4:05pm, Thu 06 Feb, 2014

mod_security by itself is not the problem, without rules it will do nothing.
It's the rules you are using that can trigger false-positives.
Turning off mod_sec is not the solution.

You need to go through the logs and find out what rule is causing you a problem and whitelist that particular rule while leaving all others in place.

And as I said earlier if you are using the free standard rules that cPanel supplies there will be a lot of false positives. That's what you get for free. There are paid rules from AtomicSecurity and Trustwave that have almost no false-positives (and when they do they fix them quickly).

In most cases your provider is administering this and should be called upon to fix any issues.
If you're running your own server, then you need to read up on mod_sec.
jimlongo
PL Geek
 
Posts: 88
Joined: 10:10pm, Tue 15 May, 2007

Previous

Return to Answers, HowTos, Tips and Tricks

Who is online

Users browsing this forum: No registered users and 1 guest