Hi, I'm just wondering if anybody else has come across this problem?
OC 3.0.39
PHP8.1
I have just uploaded my new website to a host for testing (not live yet). I modified, a modification and saved. I was then IP Banned by the host firewall saying it was "PHP Injection" (which it kinda is).
What am i doing wrong , have i modified something i shouldn't have. From passed experience it always ends up, being my fault.
Obviously i don't want to open the site up to PHP injection, even if i had control of the server.
Can anybody recommend a UK based host for running OCv3?
Regards
Steve
Well, if you put php code in a request, whether it is a post or get, whether it is in get parameters, post payload or json structures, you will get this result from mod security or any other firewall your host is using. You will get similar results when doing so with sql statements. I do not know which modification you modified and how, maybe it is the original modification which already does such.
Only the server's raw access logs will tell you more. You should see 403-responses starting at some point.
Also, you should use OC 3.0.4.0 which has a number of security fixes.
Also, you should use OC 3.0.4.0 which has a number of security fixes.
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
Hi nonnedelectari , Thanks for your input. Its my own mod, i haven't got mod_security on my localhost Apache, so obviously i haven't seen the problem before.nonnedelectari wrote: ↑Wed Apr 16, 2025 4:01 pmWell, if you put php code in a request, whether it is a post or get, whether it is in get parameters, post payload or json structures, you will get this result from mod security or any other firewall your host is using. You will get similar results when doing so with sql statements. I do not know which modification you modified and how, maybe it is the original modification which already does such.
All i did was modify the mod for an unknown variable error fix and post it back to the DB. I think the ban occurs when i post the xml back to DB( i don't think I've modified the core OC files "e.g. modification.php", so basically standard opencart operation).
Just an Enthusiast. I wish we had computers at school!
Well at the moment the hosts have gone quiet so....i dont know if i can access the raw logs, i shall take a look.
Sorry I've been so focused on getting this website live i dint even know about OC v3.0.40, i think i merged 3.0.38 to 3.0.39.
I was just generally testing (paypal sandbox etc) then noticed the unknown variable error. Fixed mod and posted mod back. I was getting some 502 page errors before, if that's any help.
Just an Enthusiast. I wish we had computers at school!
Sure, if you post the ocmod xml content to the server, those are filled with php code by definition, no way that will be accepted unless you deactivate mod security, partially or totally.chaptan wrote: ↑Wed Apr 16, 2025 4:40 pmHi nonnedelectari , Thanks for your input. Its my own mod, i haven't got mod_security on my localhost Apache, so obviously i haven't seen the problem before.nonnedelectari wrote: ↑Wed Apr 16, 2025 4:01 pmWell, if you put php code in a request, whether it is a post or get, whether it is in get parameters, post payload or json structures, you will get this result from mod security or any other firewall your host is using. You will get similar results when doing so with sql statements. I do not know which modification you modified and how, maybe it is the original modification which already does such.
All i did was modify the mod for an unknown variable error fix and post it back to the DB. I think the ban occurs when i post the xml back to DB( i don't think I've modified the core OC files "e.g. modification.php", so basically standard opencart operation).
So nonnedelectari, your saying if mod_security is used on host OC will not work? Or at least that OCMOD wont work? So i need to be looking for a host without security?
Just an Enthusiast. I wish we had computers at school!
I recommend Krystal in the UK. I have quite a few sites held with them and none of my customers have a bad word to say.
They all have mod_security on and no issues with Opencart or the modification system besides with Krystal you have full control to turn it on and off anyway.
I think you get a trial time but you might have to double check that no one I have ever sent to them has ever left and a discount coupon https://www.wethrift.com/krystal-hosting.
They all have mod_security on and no issues with Opencart or the modification system besides with Krystal you have full control to turn it on and off anyway.
I think you get a trial time but you might have to double check that no one I have ever sent to them has ever left and a discount coupon https://www.wethrift.com/krystal-hosting.
DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.
https://www.youtube.com/watch?v=zXIxDoCRc84
Looked at logs. codemirror.js the path looks ok then next line 403.html No errors i can see before that?
"GET /admin/view/javascript/codemirror/lib/codemirror.js HTTP/1.1" 200 106376 "https://[my domain]/admin/index.php?route=marketplace/modification/edit&user_token=[my token]&modification_id=[my mod id]" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 FirePHP/0.5"
"GET /favicon.ico HTTP/1.1" 200 126896 "https://[my domain]/admin/ls2srSZyZap38kaks97eDsC8VPwxKGGx7MltG5rZUAJbWqj76wpQOcDZWV2fzZ6K5sO3pgHYvneCuCxZRASR43tOJjxmJzjJCAqW/403.html" ... browser stuff
Is "FirePHP/0.5" causing it, i was going to remove after testing?
Just an Enthusiast. I wish we had computers at school!
No, OC works just fine with mod security but it does depend on which rules your host has enabled, sometimes they enable rules which cause problems for the admin side or specific extensions.
No, I'm saying that you should not put code, php-wise, sql-wise or otherwise in server requests. But if you have to because your mod cannot do it in any other way, you can turn specific rules off, turn mod security off for specific urls or for the entire admin side. That under the assumption that your host allows it and that you have properly secured your admin side, with a fixed ip whitelist for instance, so that while you can post code, others cannot.
So, no, you should not look for a host without mod security, you should confer with your host, check which rules block your request and determine if it is proper to disable those rules, either yourself via htaccess or via your host. But again, disabling rules for php injection for your benign ocmod convenience will also convenience others with less benign intentions.
By the way, if you really need to post ocmod xml, you could also encode that before posting and decode it before updating the database, right?
Last edited by nonnedelectari on Wed Apr 16, 2025 6:05 pm, edited 1 time in total.
Thanks by mona, i shall look into it if my host doesn't help. Shows how often i go on host, i can actually turn mod_security off (not that want to) in the cpanel.by mona wrote: ↑Wed Apr 16, 2025 5:33 pmI recommend Krystal in the UK. I have quite a few sites held with them and none of my customers have a bad word to say.
They all have mod_security on and no issues with Opencart or the modification system besides with Krystal you have full control to turn it on and off anyway.
I think you get a trial time but you might have to double check that no one I have ever sent to them has ever left and a discount coupon https://www.wethrift.com/krystal-hosting.
Just an Enthusiast. I wish we had computers at school!
viewtopic.php?p=878250#p878250chaptan wrote: ↑Wed Apr 16, 2025 6:04 pmThanks by mona, i shall look into it if my host doesn't help. Shows how often i go on host, i can actually turn mod_security off (not that want to) in the cpanel.by mona wrote: ↑Wed Apr 16, 2025 5:33 pmI recommend Krystal in the UK. I have quite a few sites held with them and none of my customers have a bad word to say.
They all have mod_security on and no issues with Opencart or the modification system besides with Krystal you have full control to turn it on and off anyway.
I think you get a trial time but you might have to double check that no one I have ever sent to them has ever left and a discount coupon https://www.wethrift.com/krystal-hosting.
nonnedelectari, thanks for the clarification. I was starting to think i was wasting my time and giving up. From what i have seen in cpanel Mod_security can be disabled but no rules editing. Still waiting on a reply from hosts, they say they UK , but i suspect its USA(i think i will be waiting until 1pm). Plus they might have got funny about my tariff quip. You just cannot say anything nowadays, even if, meant in jest lol
Just an Enthusiast. I wish we had computers at school!
I had a quick look nonnedelectari but I'm still hoping the hosts will reply with a solution. I will revisit that link if they dont, thanks again. I've run out of time this morning, i was hoping to do some proper debugging done over the Easter weekend with the wife.nonnedelectari wrote: ↑Wed Apr 16, 2025 6:07 pmviewtopic.php?p=878250#p878250chaptan wrote: ↑Wed Apr 16, 2025 6:04 pmThanks by mona, i shall look into it if my host doesn't help. Shows how often i go on host, i can actually turn mod_security off (not that want to) in the cpanel.by mona wrote: ↑Wed Apr 16, 2025 5:33 pmI recommend Krystal in the UK. I have quite a few sites held with them and none of my customers have a bad word to say.
They all have mod_security on and no issues with Opencart or the modification system besides with Krystal you have full control to turn it on and off anyway.
I think you get a trial time but you might have to double check that no one I have ever sent to them has ever left and a discount coupon https://www.wethrift.com/krystal-hosting.
We cannot even get started if we banned every time I change something lol frustrating Just an Enthusiast. I wish we had computers at school!
chaptan wrote: ↑Wed Apr 16, 2025 6:37 pmI had a quick look nonnedelectari but I'm still hoping the hosts will reply with a solution. I will revisit that link if they dont, thanks again. I've run out of time this morning, i was hoping to do some proper debugging done over the Easter weekend with the wife.
How about dinner instead?some proper debugging done over the Easter weekend with the wife.
Don't waste your time, it's just the host blocking stuff.
Turn off Mod Security or move to a different host, job done.
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
I was not saying anything about other hosts. I know others have issues with mod_security, no one disputed that. I was replying tononnedelectari wrote: ↑Wed Apr 16, 2025 6:07 pmviewtopic.php?p=878250#p878250chaptan wrote: ↑Wed Apr 16, 2025 6:04 pmThanks by mona, i shall look into it if my host doesn't help. Shows how often i go on host, i can actually turn mod_security off (not that want to) in the cpanel.by mona wrote: ↑Wed Apr 16, 2025 5:33 pmI recommend Krystal in the UK. I have quite a few sites held with them and none of my customers have a bad word to say.
They all have mod_security on and no issues with Opencart or the modification system besides with Krystal you have full control to turn it on and off anyway.
I think you get a trial time but you might have to double check that no one I have ever sent to them has ever left and a discount coupon https://www.wethrift.com/krystal-hosting.
Krystal are in the UK and happen not have that issue.
just to be clear from the reference link - To date I have not had any issues with adding anything in ocmod including those two specifically
Code: Select all
<script></script>
window.onload = function()
DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.
https://www.youtube.com/watch?v=zXIxDoCRc84
According to a quick Google search:Is "FirePHP/0.5" causing it, i was going to remove after testing?
FirePHP/0.5 refers to a specific version of the FirePHP server library, a PHP tool used to log information to a browser's developer console via HTTP response headers.
It might be the case that your server's firewall doesn't like it!
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
I thought about that a bit more, its a browser plugin, you have to give it permission and enable. It wasn't enabled. BUT i might still have some code for debugging in the pages, so i will have to make sure, none are active. I only use it on temp basis.....honest lol I am a novice, i need all the help i can get.JNeuhoff wrote: ↑Wed Apr 16, 2025 7:26 pmAccording to a quick Google search:Is "FirePHP/0.5" causing it, i was going to remove after testing?
FirePHP/0.5 refers to a specific version of the FirePHP server library, a PHP tool used to log information to a browser's developer console via HTTP response headers.
It might be the case that your server's firewall doesn't like it!
Just an Enthusiast. I wish we had computers at school!
Who is online
Users browsing this forum: Amazon [Bot] and 74 guests
