Cannot update Front Page. Forbidden error. Suspect Mod_Security

Status
Not open for further replies.

Keith Corbett

New Member
Messages
3
Reaction score
0
Points
1
Error Message

Forbidden
You don't have permission to access /wp/wp-admin/post.php on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

website
http://blueskies.x10host.com/wp/
 

Livewire

Abuse Compliance Officer
Staff member
Messages
18,169
Reaction score
216
Points
63
I checked into the mod_security logs but wasn't able to confirm this as the cause; there's a large number of hits present for your site in those logs, but all of them I could find were known security exploit filters we use to help keep our WP users secure. Unfortunately for safety we cannot disable these filters even on an account-specific basis, as the types of attacks being attempted would, if successful, result in a complete take-over of the account, allowing it to execute any commands the attacker wishes including but not limited to sending spam, running malicious processes to try and break into the server itself, and running arbitrary code on a victim's browser (in the case of XSS vulnerabilities).

One issue I did notice is that the permissions on your .htaccess files and on wp-admin/post.php aren't correct; files should only ever be 644, while some of these are 777. As another security measure, files with 777 permissions can and usually will throw a 403 error - 777 allows any user on the server to run and execute the file, as opposed to just you (the file's owner) and/or root (admins). While it's unlikely this would be exploitable with our setup, we do have that in place as an additional security check.

The best recommendation I can make is to reset the permissions to 644 for files and 755 for folders, then see if the error continues. If it does, reply back with a description of what was being done, what browser was in use, and the time you tried it so we can try and investigate further to see why it's causing a mod_security hit, or if it's being caused by that at all.
 

Keith Corbett

New Member
Messages
3
Reaction score
0
Points
1
I checked into the mod_security logs but wasn't able to confirm this as the cause; there's a large number of hits present for your site in those logs, but all of them I could find were known security exploit filters we use to help keep our WP users secure. Unfortunately for safety we cannot disable these filters even on an account-specific basis, as the types of attacks being attempted would, if successful, result in a complete take-over of the account, allowing it to execute any commands the attacker wishes including but not limited to sending spam, running malicious processes to try and break into the server itself, and running arbitrary code on a victim's browser (in the case of XSS vulnerabilities).

One issue I did notice is that the permissions on your .htaccess files and on wp-admin/post.php aren't correct; files should only ever be 644, while some of these are 777. As another security measure, files with 777 permissions can and usually will throw a 403 error - 777 allows any user on the server to run and execute the file, as opposed to just you (the file's owner) and/or root (admins). While it's unlikely this would be exploitable with our setup, we do have that in place as an additional security check.

The best recommendation I can make is to reset the permissions to 644 for files and 755 for folders, then see if the error continues. If it does, reply back with a description of what was being done, what browser was in use, and the time you tried it so we can try and investigate further to see why it's causing a mod_security hit, or if it's being caused by that at all.



I changed those permissions to see if it was a mod_security problem. I have now changed them back. I have tried to update my Front Page from different browsers (Firefox, Chrome, IE, and Safari) and they all give me the same error. I did this from 9:30- 9:45 Pacific Standard Time.
 

Livewire

Abuse Compliance Officer
Staff member
Messages
18,169
Reaction score
216
Points
63
I'm still only seeing the security-based denials in the logs; to test it I did disable one regarding XSS, but assuming that's fixed it you'll need to take extra care to ensure the account doesn't become compromised/used for malicious purposes. Can you test this again and confirm if that fixed it?
 

Keith Corbett

New Member
Messages
3
Reaction score
0
Points
1
Your fix did the job! I can now update my Front Page. This all began about when I was trying to add the WENS logo slider plug-in. I tried again and it still does not work. I am unable to add the php to the functions.php file in my Twenty-Seventeen child theme. Could this be related? Other than that, you can consider this problem solved. Thanks!
 
Status
Not open for further replies.
Top