Dirty Butter Posted August 27, 2015 Share Posted August 27, 2015 The front end works just fine, but last night I suddenly got a 403 on an attempt to login to both our site admins. All I see is 403 Forbidden. I've contacted our host, but could it be something I accidentally did yesterday? I've checked the file permissions for my admin (renamed) folders, and they're both 755. I also tried the default .htacess files, in case I'd messed that up, but no joy. Is there anything else I can check? Quote Link to comment Share on other sites More sharing options...
bsmither Posted August 27, 2015 Share Posted August 27, 2015 I think you would get a PHP error about not being able to read a file for inclusion if it was the file permissions that got changed.On the other hand, I have seen two instances where the CKEditor javascript files triggered a 403 response - but probably not because of file permission settings.A 403 is by and large a web server response. Somewhere, a web server setting got changed (.htaccess rules can do this), or a server security appliance got new rules, that is triggering on something.I have to believe your hosting provider has access to the fault log and can determine what triggered the 403. Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted August 27, 2015 Author Share Posted August 27, 2015 I've contacted the host provider and they've kicked this up to a higher tech level. They will hopefully be able to use a recent backup to get me in again. Very disconcerting to say the least. I haven't changed the .htaccess recently and the file permissions all appear normal.Thanks for your input - makes me feel like it has to be on the server end, not something I did accidentally. Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted August 27, 2015 Author Share Posted August 27, 2015 (edited) I was just thinking.... rather than have someone order, and then my host restore yesterday morning's backup and lose their info, I took my store Offline via editing the config file in cpanel. I made a copy first, just in case, though. Edited August 27, 2015 by Dirty Butter Quote Link to comment Share on other sites More sharing options...
bsmither Posted August 27, 2015 Share Posted August 27, 2015 The database data and the files/folders are separate. I cannot comprehend how any data in the database would cause PHP to malfunction in any way that would, in turn, cause the web server to issue a 403.So, don't restore the database. There is (99.9999999999999999999999999% chance) no way the database is the cause.And, technically, yes, you can edit the 'config' array. Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted August 27, 2015 Author Share Posted August 27, 2015 I'm sure you're right, but we'll be gone today and I didn't want to spend the day fretting about orders being created and then messed up with whatever they do to fix this. I do have a recent local backup of the whole sites. Since it happened on both stores, it must be a server setting that changed last night. Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted August 27, 2015 Share Posted August 27, 2015 A 403 error can be caused by mod_security rules being tripped and that can change if data in the database has changed that then trips a rule or the rules themselves have been updated which then causes a trip that didnt happen before. If it is mod_security then it easy to check but I would also have expected a good host to have checked that immediately you reported the errorIan Quote Link to comment Share on other sites More sharing options...
bsmither Posted August 27, 2015 Share Posted August 27, 2015 Can you give an example of a mod_security rule that would get tripped which was caused by certain data queried from the database and being used by Cubecart?I do not understand how an Apache module would be aware of what PHP is doing within PHP's own memory space. Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted August 27, 2015 Share Posted August 27, 2015 We have seen it happen plenty of times when content within a document, category or product description can cause it - often if descriptions are cut and pasted from something like a Word document for exampleIan Quote Link to comment Share on other sites More sharing options...
bsmither Posted August 27, 2015 Share Posted August 27, 2015 The next time you see this, I would very much appreciate learning of the exact string from a database query that tripped a web server module. Thanks. Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted August 27, 2015 Share Posted August 27, 2015 Havent seen it for a little while but as I said, it is often where product descriptions are written by a store owner in Word and then simply copy and pasted into CubeCart - never a good idea. However DB's hosting company should really have been checking that and it is trivial to see whether mod_security rules have been tripped by a specific account which would either confirm or disprove that this is the cause in this caseIan Quote Link to comment Share on other sites More sharing options...
bsmither Posted August 27, 2015 Share Posted August 27, 2015 Ok, I see your general observation where POSTing previously unforeseen/unanticipated form data (hence, not sanitized by javascript prior to POSTing) from perhaps a text entry field, could trigger the mod_security firewall.So, along these lines, we can have the admin login form be suspect: maybe the security token or a cookie value. (Certainly not the username or password???)But still not something that is already in the database, populating a web page, and being delivered out to the client. Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted September 2, 2015 Author Share Posted September 2, 2015 Ian can explain this better than I can, but this turned out to be some kind of issue with the CC Security mod and my setup. I'm not saying anything is wrong with the mod, but disabling it and moving the folder out of my modules directory finally got me back into admin on both stores.I am SO relieved to be able to mark this thread as RESOLVED!! Thank you beyond belief to Havenswift-Hosting!! 1 Quote Link to comment Share on other sites More sharing options...
bsmither Posted September 2, 2015 Share Posted September 2, 2015 I hope he takes the time to explain it with sufficient detail. Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted September 3, 2015 Share Posted September 3, 2015 No in depth explanation required ! A single IP address had been added using the plugin which then excluded all other IP addresses from accessing admin - DBs IP address was not fixed and had changed blocking her (as well as everyone else except the new user of that dynamic IP !) out from her own admin !Ian Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted September 3, 2015 Author Share Posted September 3, 2015 (edited) I had used that same IP address the whole time we've had cable, so I really did think I had a Dedicated IP. Obviously not!Anyway, I would suggest the wording on the CC Security Mod popup when the security settings are checked where it says to "Please add your IP address", and you do NOT have a Dedicated IP address, to please uncheck to "Only allow trusted IP addresses to login".Just tried to add my current IP address and UNCHECK only allow trusted IP address to login. I figured I'd leave the email warning that someone other had logged in, but when I uncheck the box, if there is an IP address in my Trusted list, the box checks itself back on Save! I tried this on both stores, with same behavior.That doesn't seem right to me - is this a bug???I always seem to know just enough to get myself into trouble. LOL Edited September 3, 2015 by Dirty Butter Quote Link to comment Share on other sites More sharing options...
harrisorganic Posted December 29, 2015 Share Posted December 29, 2015 (edited) Hi DB, Happy holidays,Just like you, I took the holiday time to improve my security with this plugin and found after one very frustrating week of no admin page, I made the same observations you have made. see above.I seriously suggest that Al and his CC team provide some better help information and thoroughness to this plugin so you, me, Ian and Brian could spend our valuable time not pulling our hair out.There are many questions to be answered. The designer of this plugin should provide these before I take my chances again.PS there is a revision available 1.0.6 - Fixed error with creation of CubeCart_ccss_ip_addresses with database prefix Edited December 29, 2015 by harrisorganic Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted December 29, 2015 Share Posted December 29, 2015 I seriously suggest that Al and his CC team provide some better help information and thoroughness to this plugin so you, me, Ian and Brian could spend our valuable time not pulling our hair out.There are many questions to be answered. The designer of this plugin should provide these before I take my chances again.PS there is a revision available 1.0.6 - Fixed error with creation of CubeCart_ccss_ip_addresses with database prefixIt can be frustrating to have errors but that is the nature of software - the versions of core software, skin and ALL extensions should always be regularly checked and updated. This is a manual task (for extensions) checking against the marketplace and while it would be much better to have a notification in the store (there is an open git issue requesting this enhancement) it isn't a big task to check this. WordPress has a great system for this but even then, the vast majority of users don't update these often or at all which shows that regardless of how much help is provided, many users don't help themselves.Glad you finally found the cause and have fixed the issueIan Quote Link to comment Share on other sites More sharing options...
harrisorganic Posted April 9, 2017 Share Posted April 9, 2017 Hi DB et al , I think I have repeated the same issue again, I clicked on Dedicated IP button within the CubeCart Security Suite, when I try to enter the admin page, I get 403 Forbidden. I went to the cubecart database and changed the ip address in CubeCart_ccss_ip_addresses with my dedicated ip address which was different to what was there. However , I was not able to solve the "403 Forbidden ". Any suggestions please. Duncan. Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted April 9, 2017 Author Share Posted April 9, 2017 So even with ccss disabled you still are getting 403? Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted April 9, 2017 Share Posted April 9, 2017 403 errors are most often caused by tripping a mod_security rule (assuming you gave that installed and enabled on your hosting server). Ask your hosting company to check for rules being tripped by your IP address around the approximate times you have been getting the 403 errors. Mod_security can give false positives and these can be whitelisted but this can also be due to older or poorly written software being run Ian Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.