I use UK2.net as my hosting company and have install Contao to act as my CMS on various websites I have built.
To date (over 3 years) I have had no real issues. However twice recently I have received this message from contao.
Forbidden
You don't have permission to access /apps/Contao/contao/main.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
This appears to happen randomly when I have tried to update some FAQ text for a particulat entry. Other entries in the same FAQ list are fine. I have got around this issue by creating a new record and copying the text across and deleting the offending entry.
However last week I couldn't access the CMS admin interface because UK2.net had barred my IP address because of a security issue.
They sent me this when I raised a ticket.
Thank you for your reply. There was a block on your IP address. It was triggered by our Security software. I am providing the information that the server returned below.
================================================== ================================================== ===================================
/var/log/lfd.log:Sep 5 14:28:19 cpanel36 lfd[493927]: (mod_security) mod_security triggered by 86.146.31.98 (GB/United Kingdom/host86-146-31-98.range86-146.btcentralplus.com): 5 in the last 300 secs - *Blocked in csf* [LF_MODSEC]
ModSecurity Errors (last 20):
340149 Atomicorp.com UNSUPPORTED DELAYED Rules: Potential Cross Site Scripting Attack
13 www.comberenterprises.co.uk/apps/Contao/contao/main.php "onclick="
1234123456 Multipart request body failed strict validation: PE 0, BQ 0, BW 0, DB 0, DA 0, HF 0, LF 0, SM 0, IQ 1, IP 0, IH 0, FL 0
2 www.comberenterprises.co.uk/apps/Contao/contao/main.php
================================================== ================================================== =================================
Essentially, the file "main.php" located in /home/comberen/public_html/apps/Contao/contao is a script that is running and triggering this security rule.
Fortunatly they have unbarred me and I can access Contao again and I sorted out the offending record by creating a new record and deleteing the old one.
Also it would appear that UK2.net have implemented stronger security measures. They sent me this.
I am sorry but we are not experienced with website development. As noted we have implemented stronger security measures including the use of mod_security, this may require an upgrade or modification of the CMS code. You may want to contact Contao CMS support for help with their product.
I am not a developer or have any real knowledge of Contao and wondered whether anyone could shine some light on this issue. I also have end users who access Contao to change content and am concerened they may come across the same issue and have their IP addresses banned.
Obviosuly the issue with the FAQ records causing this issue may be a red herring but it does seem to tie up.
Any ideas or suggestions?
Regards
Alan
Bookmarks