Page 2 of 2

Re: Illegal Character(s)...? Have a deadline :(

PostPosted: 9:40pm, Fri 31 Jan, 2014
by jimlongo
maybe turn on php error reporting and see if something turns up?

Re: Illegal Character(s)...? Have a deadline :(

PostPosted: 10:52pm, Fri 31 Jan, 2014
by bekabug
How would I do that? I don't see anything in the config for error reporting.

Re: Illegal Character(s)...? Have a deadline :(

PostPosted: 12:33am, Sat 01 Feb, 2014
by jimlongo
try putting this line in admin/index.php and see if anything shows up.
error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);

Re: Illegal Character(s)...? Have a deadline :(

PostPosted: 1:02am, Sat 01 Feb, 2014
by bekabug
That didn't do anything. Also...while processing the bounces I see thousands of messages that say something about the mysql syntax having an error and needing to check the manual for 'biglongstringoflettersandnumbers' on line 2.

Related?

Re: Illegal Character(s)...? Have a deadline :(

PostPosted: 1:41am, Sat 01 Feb, 2014
by jimlongo
sure there could be something wrong with your database.

Back up the database.
Drop the database.
Go to yourlistdirectory/admin/ and recreate the database. (at least I think that's the way to recreate the database - might want to read the installation instructions again).

If that works and you have a fresh database, you can try your message again.
If that works you can slowly reimport data like messages and subscribers one at a time.

just an idea.

Re: Illegal Character(s)...? Have a deadline :(

PostPosted: 9:01pm, Tue 04 Feb, 2014
by bekabug
Finally got to the bottom of this.
A modsec rule was being triggered by the content.

Code: Select all
ModSecurity: Access
denied with code 500 (phase 2). Pattern match
"(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)"
at ARGS:message. [file "/usr/local/apache/conf/modsec2.user.conf"]
[line "371"] [id "300016"] [rev "2"] [msg
"Generic SQL injection protection"] [severity "CRITICAL"]

Re: Illegal Character(s)...? Have a deadline :(

PostPosted: 9:03pm, Tue 04 Feb, 2014
by jimlongo
good to know.

What rules are you using, the cPanel defaults? They are notorious for false positives.

Re: Illegal Character(s)...? Have a deadline :(

PostPosted: 9:06pm, Tue 04 Feb, 2014
by bekabug
I'm not sure but the next time I have an issue that makes absolutely no sense I'm going to start there. :roll:

Re: Illegal Character(s)...? Have a deadline :(

PostPosted: 3:52pm, Thu 06 Feb, 2014
by gingerling
It could be related to this https://mantis.phplist.com/view.php?id=15379 - M asked me to link this thread to that bug. Would that explain some things?

Anna

Re: Illegal Character(s)...? Have a deadline :(

PostPosted: 4:05pm, Thu 06 Feb, 2014
by jimlongo
mod_security by itself is not the problem, without rules it will do nothing.
It's the rules you are using that can trigger false-positives.
Turning off mod_sec is not the solution.

You need to go through the logs and find out what rule is causing you a problem and whitelist that particular rule while leaving all others in place.

And as I said earlier if you are using the free standard rules that cPanel supplies there will be a lot of false positives. That's what you get for free. There are paid rules from AtomicSecurity and Trustwave that have almost no false-positives (and when they do they fix them quickly).

In most cases your provider is administering this and should be called upon to fix any issues.
If you're running your own server, then you need to read up on mod_sec.