Posts by pathogen

    Found this, but I'm still no nearer to working out the problem!


    =================================

    Code
    1. [Wed Sep 18 09:34:53.909995 2019] [php7:warn] [pid 3462] [client 127.0.0.1:60432] PHP Warning: count(): Parameter must be an array or an object that implements Countable in /srv/web/kingsthorpegrove.northants.sch.uk/www/html/easicms/core/lib/PerchFieldTypes.class.php on line 69, referer: http://www.kingsthorpegrove.northants.sch.uk/easicms/core/apps/content/page/?id=31
    2. [Wed Sep 18 09:35:00.205823 2019] [:error] [pid 13465] [client 127.0.0.1:60530] [client 127.0.0.1] ModSecurity: Warning. detected XSS using libinjection. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "64"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: upgrade-insecure-requests found within ARGS:perch_26_text: <p><span style=\\x22line-height: 1.6em;\\x22>KS1 tests - video for parents -\\xa0</span><a href=\\x22https://youtu.be/M8MjPFWRQs0\\x22 rel=\\x22nofollow\\x22 style=\\x22margin: 0px; padding: 0px; outline: 0px; border: 0px currentColor; border-image: none; color: rgb(215, 59, 75); line-height: 20.8px; font-family: Tahoma, Arial, Helvetica, sans-serif; text-decoration: none; vertical-align: baseline;\\x22>https://youtu.be/M8MjPFWRQs0</a></p>\\x..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [hostname "www.kingsthorpegrove.northants.sch.uk"] [uri "/easicms/core/apps/content/edit/"] [unique_id "XYHsNGFL8XM62zyoffC0NAAAAAg"], referer: http://www.kingsthorpegrove.northants.sch.uk/easicms/core/apps/content/edit/?id=30
    3. [Wed Sep 18 09:35:00.206999 2019] [:error] [pid 13465] [client 127.0.0.1:60530] [client 127.0.0.1] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:perch_26_text. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "236"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <p><span style=\\x22line-height: 1.6em;\\x22>KS1 tests - video for parents -\\xa0</span><a href=\\x22https://youtu.be/M8MjPFWRQs0\\x22 rel=\\x22nofollow\\x22 style=\\x22margin: 0px; padding: 0px; outline: 0px; border: 0px currentColor; border-image: none; color: rgb(215, 59, 75); line-height: 20.8px; font-family: Tahoma, Arial, Helvetica, sans-serif; text-decoration: none; vertical-align: baseline;\\x22>https://youtu.be/M8MjPFWRQs0</a></p>\\x0d\\x0a\\x0d\\x0a<p>KS 2 tests - video for parents -\\xa0<a hre..."] [severity "CRITICAL"] [ [hostname "www.kingsthorpegrove.northants.sch.uk"] [uri "/easicms/core/apps/content/edit/"] [unique_id "XYHsNGFL8XM62zyoffC0NAAAAAg"], referer: http://www.kingsthorpegrove.northants.sch.uk/easicms/core/apps/content/edit/?id=30
    4. [Wed Sep 18 09:35:00.208820 2019] [:error] [pid 13465] [client 127.0.0.1:60530] [client 127.0.0.1] ModSecurity: Rule 7f1d3f955690 [id "941350"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "737"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.kingsthorpegrove.northants.sch.uk"] [uri "/easicms/core/apps/content/edit/"] [unique_id "XYHsNGFL8XM62zyoffC0NAAAAAg"], referer: http://www.kingsthorpegrove.northants.sch.uk/easicms/core/apps/content/edit/?id=30
    5. [Wed Sep 18 09:35:00.211155 2019] [:error] [pid 13465] [client 127.0.0.1:60530] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "57"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.kingsthorpegrove.northants.sch.uk"] [uri "/easicms/core/apps/content/edit/"] [unique_id "XYHsNGFL8XM62zyoffC0NAAAAAg"], referer: http://www.kingsthorpegrove.northants.sch.uk/easicms/core/apps/content/edit/?id=30
    6. [Wed Sep 18 09:35:00.211339 2019] [:error] [pid 13465] [client 127.0.0.1:60530] [client 127.0.0.1] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "73"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=10,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection"] [tag "event-correlation"] [hostname "www.kingsthorpegrove.northants.sch.uk"] [uri "/easicms/core/apps/content/edit/"] [unique_id "XYHsNGFL8XM62zyoffC0NAAAAAg"], referer: http://www.kingsthorpegrove.northants.sch.uk/easicms/core/apps/content/edit/?id=30

    =================================

    OK, I've managed to get a broken Perch installation working again by re-uploading and overwriting the perch core folder with v2.8.34

    I can log in and I can upload assets to the resources folder.


    I have tried to edit a post, but every time I click 'save', I get a 403 Forbidden error.

    I can't see what is causing this. Is there something missing or what do I need to make permissions changes to?


    Thanks in advance for any help.

    Hi Clive, thanks for you input.


    Yes, once you click the 'Continue' button, the site just reloads with the same message.


    I haven't upgraded Perch. The customer at the site said she couldn't log in, so I tried with the login that our old web guy gave me and it does the same.


    Unfortunately, our web dev guy recently left the company, and I don't know anything about Perch to try anything advanced.


    Thanks for your help.

    Jezz.

    One of our sites is stuck in a loop after upgrading itself.


    Can anyone help me sort this as it was set up by a guy who has now left our company, and I have no knowledge of Perch.


    I have read other threads on this and the old forum, but nothing on there has sorted the problem


    Any help would be appreciated.

    Jezz