Hello,
This is a weird one. I've been using ZenPhoto for a while and have no complaints, it's great! The reason I'm posting here is because I've just moved hosting companies and Ive moved ZenPhoto accross. When I'm viewing galleries on my website (www.rgimaging.co.uk) after a number of views the website appears to stop working.
This happened the other day and I didnt relate it to ZenPhoto and my host told me that my IP had been blocked due to 10 failed logins. Well, it's just happened again but this time all I was doing was browsing my ZenPhoto galleries.
How is it possible that ZenPhoto is causing 10 failed logins at my host? If the MySQL password was wrong surely I wouldnt be able to see any of the gallery at all. (I've checked and it's not wrong).
Any ideas?
Thanks in advance,
Russ
Zenphoto
Comments
Anyway, this is really a problem your ISP will have to deal with.
Russ
[Mon Jul 07 19:22:39 2008] [error] [client 78.146.13.233] ModSecurity: Access denied with code 406 (phase 2). Invalid UTF-8 encoding: invalid byte value in character at ARGS:i. [offset "1"] [file "/usr/local/apache/conf/modsec2.user.conf"] [line "20"] [id "950801"] [msg "UTF8 Encoding Abuse Attack Attempt"] [severity "WARNING"] [hostname "rgimaging.co.uk"] [uri "/zp-core/c.php"] [unique_id "Kn3j-VwwXhgAACmNQIYAAAAS"]
And this is the config that is causing the problem, which they say they can't change:
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "@validateUtf8Encoding" "deny,log,auditlog,msg:'UTF8 Encoding Abuse Attack Attempt',id:'950801',severity:'4'"
What should I say to my host? This is all a bit above me to be honest.
Russ
Unfortunately, it is used when you login if there is an admin email address. You can add `$star = '';` just before the code:
` if ($star == '*') {
$captchaCode = generateCaptcha($img);
echo "n ";
echo "n ".gettext("*Enter").' ';
echo "" .
" ";
echo ' '.gettext("to email a password reset.");
echo " ";
}`
from admin-functions.php and also be sure that you do not have captcha checked for your comment fields required. Then c.php will not be invoked.
I've disabled catptcha from the comments options. I attempted to edit admin-functions.php as you said but what you suggested generated a Fatal Error on every page. I have now reverted back what I changed but the errors continue!
Im just in the process of restoring yesterdays backup to try and get back to how it was 20 mins ago.
Will disabling catptcha in comments have cured the problem?
My host has mod_security installed - which is what's generating the error and doing the IP blocking.
My host has just sent me a message with the same error output as yours.
Any help would be greatly appreciated.
Go into your Admin area, click the options tab, then comment configuration. Untick Captcha from the required fields area.
My host has confirmed that this has stopped the errors being generated in the log.
Russ
That's fixed the problem for me as well - cheers
But I really don't understand why the captcha image should be causing any problem. The server should be treating it just like any other image.
--snip--
mod_security: Access denied with code 403. Error normalising REQUEST_URI: Invalid character detected [0] [severity "EMERGENCY"] [hostname "www.xyz.invalid"] [uri "/zenphoto/zp-core/c.php?i=%00%99k"] [unique_id "NQCXPtlFoqUBAG8XRXYAAABB"]
--snap--
I guess mod_security thinks that the appended query sting is an attack of some sort. One option is to disable Captchas, as you did. The other one is to disable mod_security for that virtual host in question:
<IfModule mod_security.c>
<Directory /home/www/webspace/nassenstein/hosting/haemmern>
SecFilterRemove 300018
SecFilterEngine Off
</Directory>
</IfModule>
I think you can add this to your .htaccess, if you can't access Apache's config. Anyway, I don't know if it's a good idea to disable mod_security.
Zenphoto programers should change the query string to something un-suspicious in the next version.
http://www.zenphoto.org/support/topic.php?id=2453&page=2&replies=39