[jimlongo]

maybe turn on php error reporting and see if something turns up?

[bekabug]

How would I do that? I don't see anything in the config for error reporting.

[jimlongo]

try putting this line in admin/index.php and see if anything shows up.
error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);

[bekabug]

That didn't do anything. Also...while processing the bounces I see thousands of messages that say something about the mysql syntax having an error and needing to check the manual for 'biglongstringoflettersandnumbers' on line 2.

Related?

[jimlongo]

sure there could be something wrong with your database.

Back up the database.
Drop the database.
Go to yourlistdirectory/admin/ and recreate the database. (at least I think that's the way to recreate the database - might want to read the installation instructions again).

If that works and you have a fresh database, you can try your message again.
If that works you can slowly reimport data like messages and subscribers one at a time.

just an idea.

[bekabug]

Finally got to the bottom of this.
A modsec rule was being triggered by the content.

Code: Select all

ModSecurity: Access
denied with code 500 (phase 2). Pattern match
"(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)"
at ARGS:message. [file "/usr/local/apache/conf/modsec2.user.conf"]
[line "371"] [id "300016"] [rev "2"] [msg
"Generic SQL injection protection"] [severity "CRITICAL"]

[jimlongo]

good to know.

What rules are you using, the cPanel defaults? They are notorious for false positives.

[bekabug]

I'm not sure but the next time I have an issue that makes absolutely no sense I'm going to start there.

[gingerling]

It could be related to this https://mantis.phplist.com/view.php?id=15379 - M asked me to link this thread to that bug. Would that explain some things?

Anna

[jimlongo]

mod_security by itself is not the problem, without rules it will do nothing.
It's the rules you are using that can trigger false-positives.
Turning off mod_sec is not the solution.

You need to go through the logs and find out what rule is causing you a problem and whitelist that particular rule while leaving all others in place.

And as I said earlier if you are using the free standard rules that cPanel supplies there will be a lot of false positives. That's what you get for free. There are paid rules from AtomicSecurity and Trustwave that have almost no false-positives (and when they do they fix them quickly).

In most cases your provider is administering this and should be called upon to fix any issues.
If you're running your own server, then you need to read up on mod_sec.