We are hosting on Dreamhost. All of the checks were green when we upgraded from J4 to 5. Running PHP 8.1.25 and SQL 8.0.28 on J5.0.1
Most articles save just fine but for a couple of them whenever we hit save, save and close, or even just close from the editor window we get a 500 error. In the system error log we get these that are being caught when we try to save the article to the database. I have looked in the HTML code for the article and there are no strange characters, etc. that I can see. Any ideas what is going on?
Most articles save just fine but for a couple of them whenever we hit save, save and close, or even just close from the editor window we get a 500 error. In the system error log we get these that are being caught when we try to save the article to the database. I have looked in the HTML code for the article and there are no strange characters, etc. that I can see. Any ideas what is going on?
[Sun Dec 24 16:50:37.674914 2023] [:error] [pid 204493:tid 126535228712704] [client 123.82.30.187:3289] [client 123.82.30.187] ModSecurity: Warning. Pattern match "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+(?:\\\\/|\\\\w)[^\\\\s]*(?:\\\\s+http\\\\/\\\\d|[\\\\r\\\\n])" at ARGS:jform[articletext]. [file "/etc/modsecurity/mod_sec3_CRS/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "53"] [id "921110"] [msg "HTTP Request Smuggling Attack"] [data "Matched Data: get there.</p>\\x0d found within ARGS:jform[articletext]: <p>you are planning to write a memoir, a business book, or another work of nonfiction. a good idea is a good first step, but where do you go from there?</p>\\x0d\\x0a<p>my team and i are here to help guide you in how to write a manuscript and how to become an author.</p>\\x0d\\x0a<h2>manuscript writing</h2>\\x0d\\x0a<p>i have guided numerous writers to bring their ideas to light and can help you too. i will lead you to a clear understanding..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "parano [hostname "www.xxxxx.com"] [uri "/administrator/index.php"] [unique_id "ZYjR3VVVUuJbMY@d0KZzkQAAAHU"], referer: https://www.xxxxx.com/administrator/ind ... =edit&id=7
[Sun Dec 24 16:50:37.675903 2023] [:error] [pid 204493:tid 126535228712704] [client 123.82.30.187:3289] [client 123.82.30.187] ModSecurity: Warning. Pattern match "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+(?:\\\\/|\\\\w)[^\\\\s]*(?:\\\\s+http\\\\/\\\\d|[\\\\r\\\\n])" at REQUEST_BODY. [file "/etc/modsecurity/mod_sec3_CRS/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "53"] [id "921110"] [msg "HTTP Request Smuggling Attack"] [data "Matched Data: get there.</p>\\x0d found within REQUEST_BODY: jform[title]=manuscript development&jform[alias]=manuscript-development&jform[articletext]=<p>you are planning to write a memoir, a business book, or another work of nonfiction. a good idea is a good first step, but where do you go from there?</p>\\x0d\\x0a<p>my team and i are here to help guide you in how to write a manuscript and how to become an author.</p>\\x0d\\x0a<h2>manuscript writing</h2>\\x0d\\x0a<p>i have guided numerous writers to bring the..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1" [hostname "www.xxxx.com"] [uri "/administrator/index.php"] [unique_id "ZYjR3VVVUuJbMY@d0KZzkQAAAHU"], referer: https://www.xxxx.com/administrator/inde ... =edit&id=7
[Sun Dec 24 16:50:37.711086 2023] [:error] [pid 204493:tid 126535228712704] [client 123.82.30.187:3289] [client 123.82.30.187] ModSecurity: Access denied with code 418 (phase 2). Operator GE matched 7 at TX:anomaly_score. [file "/etc/modsecurity/mod_sec3_CRS/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.xxxx.com"] [uri "/administrator/index.php"] [unique_id "ZYjR3VVVUuJbMY@d0KZzkQAAAHU"], referer: https://www.xxxx.com/administrator/inde ... =edit&id=7
Statistics: Posted by maestroc — Mon Dec 25, 2023 1:35 am