Tweet
Hello. I recently installed vBulletin in my dedicated server (two times, first 5.3.2 and now 5.3.3). The install goes fine, the same with site builder, user creation and theme import... but I have a critical error.
When I try to create a new thread, entering in the creation window freeze the screen for about a minute. The same happen if I enter in a thread to respond, but in that case only freeze for a couple of seconds.
I enable the debug mode, and see A LOT of AJAX requests and errors:
This error is repeated 140 times:
So I searched the server error log file (I'm using the latest LSWS version, but the same happen if I switch to apache), and found this (obviously repeated 140 times):
If you have any idea about how to fix this, I'll be very greatful. I know this is not a vBulletin error but a server error, now I'm going to contact my hosting provider. But maybe some of you face this problem yet and have some solution.
Theoretically if I shut down the mod security rule this should work, but I guess that rule was not created exclusively to bother me but for security reasons, so I'm going to research if there are others option before disabling it.
Thank you.
When I try to create a new thread, entering in the creation window freeze the screen for about a minute. The same happen if I enter in a thread to respond, but in that case only freeze for a couple of seconds.
I enable the debug mode, and see A LOT of AJAX requests and errors:
This error is repeated 140 times:
Code:
/ajax/apidetach/cron/run (success, 83126ms, 0ms) /ajax/api/phrase/getPhrases (error, 475ms, 1ms) Error: Internal Server Error ... /ajax/api/phrase/getPhrases (error, 428ms, 0ms) Error: Internal Server Error /chat/loadheaderdata (success, 243ms, 1ms)
Code:
[Sat Oct 28 20:50:48 2017] [error] [client MY-IP] ModSecurity: Access denied with code 500, [Rule: 'ARGS' '(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\(.*from)'] [id "300016"] [msg "Generic SQL injection protection"] 2017-10-28 20:50:48.431 [NOTICE] [MY-IP] Content len: 8486, Request line: 'POST /ajax/api/phrase/getPhrases HTTP/1.1' 2017-10-28 20:50:48.431 [INFO] [MY-IP] Cookie len: 286, bblastvisit=********; PHPSESSID=********; bblastactivity=********; bbpassword=******; bbuserid=1; bbsitebuilder_active=1; bbcpsession=********; bbsessionhash=******** 2017-10-28 20:50:48.431 [NOTICE] [MY-IP] Redirect: #1, URL: /index.php 2017-10-28 20:50:48.431 [INFO] [MY-IP] File not found [/home/myforumpath/500.shtml] 2017-10-28 20:50:48.805 [NOTICE] [MY-IP] mod_security rule [Id '300016'] triggered!
Theoretically if I shut down the mod security rule this should work, but I guess that rule was not created exclusively to bother me but for security reasons, so I'm going to research if there are others option before disabling it.
Thank you.
Comment