Melodeon.net Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Welcome to the new melodeon.net forum

Pages: 1 [2] 3 4   Go Down

Author Topic: Error: You don't have permission to access /index.php  (Read 13950 times)

0 Members and 1 Guest are viewing this topic.

MatthewVanitas

  • Good talker
  • **
  • Offline Offline
  • Posts: 94
  • Hohner HA-113A - HA-112D - D Chanson re-reed

Just had another long post get blocked in the Instrument Repair section. Having an inkling now what the problem is, I tracked down the two iterations of the words "strap" and "on" occurring in proximity and change to "strap for the right" and it went through fine. I'm amazed that that combo of words isn't bedeviling folks every week with the censor-bot.

I had some real hassle posting the first post of this thread about Skype lessons: http://forum.melodeon.net/index.php/topic,12176.0.html

Somehow when I tried to embed the links into the names, it somehow tripped the 'bot. It don't think it was just the URL formatting, I think it was something about the specific patterns of letters, since 3/4 of the links embedded fine and two just kept tripping the censor. I couldn't figure out exactly what letters were doing it since after multiple attempts to post the system just locked out my IP for four days or so and I could only access this site from a different computer or my phone.

Is my being outside of the UK compounding this issue, or am I just being noiser about tracking down an issue others are having too?
Logged

Andrew Wigglesworth

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1068
  • 07
    • My website

Well, this has just happened to me and the way that this board deals with its blocking of things it doesn't like in posts is little short of stupid, and very annoying.

I've just lost a long and detailed post because of the 404 page that was thrown up. Going back to the previous page wiped everything that I'd written. Bad, bad, bad design.

Serves me right I suppose, I usually use a browser plugin that lets me compose posts in Emacs. If I'd done that then I wouldn't have lost it. I'll have to make sure that I do that in the future and avoid this particular inanity.

Andrew Wigglesworth

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1068
  • 07
    • My website

OK, I've just downloaded SMF with a view to installing it on this box and seeing what is going on with it.

I had a quick look at some of the code and grepped some "naughty words" to see where the word list might be.

I can't find the word list, which is a bit odd to say the least. Maybe the words I grepped words weren't naughty enough?

Looking at bits of the code I have a strong suspicion that there is a fault in the installation of melnet that is causing the 404 error. There also seems to be a whole part of the admin system for dealing with the banned word list and for turning it on and off in certain situations and for different users. There are even settings for simply censoring words for different users that can (optionally) be turned on and off by the user themselves ...

Now to install it here.

Theo

  • Administrator
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 9691
  • Hohner Club Too
    • The Box Place

As far as I know this is turned off in the melnet installation.
When I raised this with our web hosting people they said the words were being trapped in "mod security" part of the Apache Server. The only option they could suggest was to turn off mod security. I would be interested to hear from anyone with server experience what the implications of this might be.
Logged
Theo Gibb

Day job: The Box Place. Follow me on Twitter and please like my Facebook page
Night job: Sunniside Up! Ceilidh Band

Clive Williams

  • Administrator
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 2495
    • Home Page

This is indeed caused by Apache's security plugin, not SMF - other than whining to the server operator, there's nothing we can do about it. The main job of mod_security as I understand it is to protect against SQL injection hacking attacks - firing things like ';shutdown --' in text input fields, which can prove an effective attack vector for hackers. The main problem being that as server operators, they have no way of preventing users from running out of date copies of say, wordpress, or indeed SMF, leaving the server wide open to attack. This gives them a form of server-wide defence, but the rude word thing is just pointless and shouldn't be in the same plugin.

Chris Ryall

  • "doc 3-row"
  • French Interpreter
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 7810
  • Wirral UK
    • Chris Ryall

It would seem that melnet's ISP either don't want, or cannot be bothered to fix what is patently an absurd bug. It then becomes a matter of how much it annoys our site's nominal owners. But contracts do come to an end. I sacked Demon Internet (wiped my entire site, twice!) and foolishly moved to "Streamline". Those cowboys were too lazy to kick off (trojan infected?) clients relaying spam, and eventually big boys like hotmail blacklisted all email passed via them, including mine  >:(

I have to say that my present web host provider plays a very mean melodeon, and provides excellent service. Nothing has been too much trouble. Believe he can do SMF too ..
Logged
  _       _    _      _ 

Andrew Wigglesworth

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1068
  • 07
    • My website

This is indeed caused by Apache's security plugin, not SMF - other than whining to the server operator, there's nothing we can do about it. The main job of mod_security as I understand it is to protect against SQL injection hacking attacks - firing things like ';shutdown --' in text input fields, which can prove an effective attack vector for hackers. The main problem being that as server operators, they have no way of preventing users from running out of date copies of say, wordpress, or indeed SMF, leaving the server wide open to attack. This gives them a form of server-wide defence, but the rude word thing is just pointless and shouldn't be in the same plugin.

Playing around it seems so. For anyone that doesn't know, mod_security is an application firewall module for web servers.

If they want to secure PHP then they surely should be using Suhosin. The Zend engine gives security enhancements against SQL injection.

Sorry, but a web host doing that with mod_security is just plain rude.

Andrew Wigglesworth

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1068
  • 07
    • My website

It would seem that melnet's ISP either don't want, or cannot be bothered to fix what is patently an absurd bug. It then becomes a matter of how much it annoys our site's nominal owners. But contracts do come to an end. I sacked Demon Internet (wiped my entire site, twice!) and foolishly moved to "Streamline". Those cowboys were too lazy to kick off (trojan infected?) clients relaying spam, and eventually big boys like hotmail blacklisted all email passed via them, including mine  >:(

I have to say that my present web host provider plays a very mean melodeon, and provides excellent service. Nothing has been too much trouble. Believe he can do SMF too ..

Oh dear, using streamline put you into the hands of fasthosts.

I feel your pain   :'(  >:( >:( >:( >:( >:( >:(

Anahata

  • This mind intentionally left blank
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 4262
  • Oakwood D/G, C/F Club, 1-rows in C,D,G
    • Treewind Music

my present web host provider

... before reading that, was already wondering what melodeon.net's total data and bandwidth footprint is.

The virtual machine on which I host 31 domains and about 25 sites so far is expandable if necessary, and my rates are reasonable...
More to the point, I have full shell access to the machine can install and configure any OS and software I like, and Bytemark's very helpful and competent technical support to advise me if anything happens which I can't understand.

Actually, Bytemark's entry level offering of a VPS with 512M RAM, 10GB disk and 200GB/month bandwidth for £180/year might be just the thing for melnet, and Clive would be more competent than I to administer such a thing...
Logged
I'm a melodeon player. What's your excuse?
Music recording and web hosting: www.treewind.co.uk
Mary Humphreys and Anahata: www.maryanahata.co.uk
Ceilidh band: www.fendragon.co.uk

Chris Ryall

  • "doc 3-row"
  • French Interpreter
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 7810
  • Wirral UK
    • Chris Ryall

Oh  ::) hello Anahata! Y'know, I was just thinking of you  ;)

[edit] Jeez! £300/month per terabyte of RAID protected storage. We pay about 50x that in the NHS  :-\
         No wonder the British government is skint ...
« Last Edit: April 30, 2013, 01:56:02 PM by Chris Ryall »
Logged
  _       _    _      _ 

Andrew Wigglesworth

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1068
  • 07
    • My website

And Bytemark have a deservedly good reputation.

Lester

  • MADman
  • Mods and volunteers
  • Hero Member
  • ***
  • Offline Offline
  • Posts: 6972
  • Hohners'R'me
    • Lester's Melodeon Emporium and Tune-a-Rama

Just tried to post a bunch of previously posed links to the Theme of the Month and got the same stupid error message gave up trying to find out what perfectly innocuous word was causing the problem. This is becoming a right royal pain in the arse.
Logged
Melodeon Repairs - Website - Facebook
Lester's Tune-a-Day Blog
Hohner Melodeons
Made in Germany
Improved in Wendover

Chris Ryall

  • "doc 3-row"
  • French Interpreter
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 7810
  • Wirral UK
    • Chris Ryall

Yet paradoxically Lester's last word passed without challenge  ::)

(I suspect it won't be his last word, though)!  ;)
Logged
  _       _    _      _ 

Anahata

  • This mind intentionally left blank
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 4262
  • Oakwood D/G, C/F Club, 1-rows in C,D,G
    • Treewind Music

Yet paradoxically Lester's last word passed without challenge  ::)

Maybe the server's using an American smut dictionary.
Logged
I'm a melodeon player. What's your excuse?
Music recording and web hosting: www.treewind.co.uk
Mary Humphreys and Anahata: www.maryanahata.co.uk
Ceilidh band: www.fendragon.co.uk

Chris Ryall

  • "doc 3-row"
  • French Interpreter
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 7810
  • Wirral UK
    • Chris Ryall

Hmm, let's test that: one of my accordion acquaintences in France is the delightful and youthful Fanny, of Marseille  >:E

No ...
« Last Edit: May 02, 2013, 10:26:43 AM by Chris Ryall »
Logged
  _       _    _      _ 

Chris Ryall

  • "doc 3-row"
  • French Interpreter
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 7810
  • Wirral UK
    • Chris Ryall

However, whenever I try to post a reply, I get the following error:
Quote
Forbidden

You don't have permission to access /index.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

A recent post elsewhere, and Clive's response caused me to revisit this thread. Clearly our ISP can't arsed* to sort out its "unfit for purpose" cheapskate text filter.

But the second part of this message suggests that there's also an error document missing? If they might simply pen a couple of meaningful lines (apologetic or otherwise) and swap 'em in HTML at least naive users wouldn't be left thinking their client hadn't paid its  bill ::)

Just an idea.
* hmm, another unexpected word slips by!
Logged
  _       _    _      _ 

Theo

  • Administrator
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 9691
  • Hohner Club Too
    • The Box Place

Thanks for the suggestion Chris.  I think an error document is something Clive or I can add.
Logged
Theo Gibb

Day job: The Box Place. Follow me on Twitter and please like my Facebook page
Night job: Sunniside Up! Ceilidh Band

btracy

  • Good talker
  • **
  • Offline Offline
  • Posts: 90
  • Just a guy from Jersey.
    • Bill Tracy Photography

I'm getting this error too when trying to reply to a post.  I attached a screen shot of the actual text I was trying to reply with.  I can't seem to spot a bad word that could trigger this filter.

btracy

  • Good talker
  • **
  • Offline Offline
  • Posts: 90
  • Just a guy from Jersey.
    • Bill Tracy Photography

LMAO!!  Ok, if you read my text you'll see I had the word "strap" followed by the word "on"  so the filter thinks I was being naughty, lol
Pages: 1 [2] 3 4   Go Up
 


Melodeon.net - (c) Theo Gibb; Clive Williams 2010. The access and use of this website and forum featuring these terms and conditions constitutes your acceptance of these terms and conditions.