Hello,
My server guy installed mod_security and we started having problems with some functions like registering and posting a reply. I saw an article that addressed this here http://www.vbulletin.com/forum/showthread.php?t=167121, but according to my server guy, the fix disables mod_security and leaves the forum open to possible attack. He said that the reason mod_security is blocking those files is because they have problems.
So, it seems like a catch-22. He can loosen up the mod_security rules to not interfere with the specific files that are having issues, but then those are the ones that leave a security hole. Is this correct? It doesn't seem likely that a mature product like vbulletin would have this issue, but then they just released 3.6.5 to deal with security, so maybe there are other issues.
Can anyone comment?
Thanks
Mike
My server guy installed mod_security and we started having problems with some functions like registering and posting a reply. I saw an article that addressed this here http://www.vbulletin.com/forum/showthread.php?t=167121, but according to my server guy, the fix disables mod_security and leaves the forum open to possible attack. He said that the reason mod_security is blocking those files is because they have problems.
So, it seems like a catch-22. He can loosen up the mod_security rules to not interfere with the specific files that are having issues, but then those are the ones that leave a security hole. Is this correct? It doesn't seem likely that a mature product like vbulletin would have this issue, but then they just released 3.6.5 to deal with security, so maybe there are other issues.
Can anyone comment?
Thanks
Mike
Comment