Simple Machine Forums: Not accepting HTML Code

[lifetool]

Hey all,

I am using Simple Machine Forums. It is not accepting the HTML code. I am using this code:<a href="{Link}" onclick="prompt('Ctrl+C, Enter', 'Code')" onmouseover="document.getElementById('SPAN1').style.visibility = 'visible';" onmouseout="document.getElementById('SPAN1').style.visibility = 'hidden';" target="_blank">Code</a>

It gives me this error:
Forbidden

You don't have permission to access /forums/index.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

I am using the mod Custom Forms, but as admin, I cannot post in a regular post as well. Thank you for helping!

 

[chatngox]

It's mod_sec causing the problem...

 

[lifetool]

What is mod_sec? I don't remember installing it.

 

[essellar]

You didn't. It's a security module installed on the server to prevent several types of abuse. One of the things it really, really clamps down on is JavaScript posted to the server (you can include it on files or upload JS files yourself since you're doing that through the account owner's back end accesspath; posting through software is a security vulnerability).

 

[bdistler]

What is mod_sec? I don't remember installing it.

for information about it - see --> [ https://en.wikipedia.org/wiki/ModSecurity ]

Mod_Security is a Web Application Firewall (WAF) that filters and blocks known malicious HTTP requests. Blocked HTTP requests include many, but not all forms of Brute Force, Cross-Site Scripting (XSS), Remote File Inclusion (RFI) , Remote Execution, and SQL injection (SQLi) attacks.

 

[lifetool]

So is there any way of removing/bypassing it?

 

[bdistler]

So is there any way of removing/bypassing it?

Premium users have the ability to completely disable mod_security on their account via cPanel - even though x10hosting discourage it.

For free-hosting x10hosting has a customized web server setup that does not allow for the same cPanel functionality to disable mod_security - x10hosting also decided it would not be a good idea to allow free-hosting users to disable it - as it is used to not only protect against inbound malicious attacks but to prevent outbound abuse also - Unfortunately free-hosting still gets abusive signups - and allowing them to disable something that helps to prevent their malicious actions would not be in x10hosting's best interest

 

[lifetool]

So as a free user, I have no way of using my Custom Form mod on Simple Machines Forum?

 

[Dead-i]

Hi,

When did you make the request that resulted in a 403 Forbidden error? I'm struggling to find any logs on this, for "lifetool".

Thank you,

 

[lifetool]

Hi, I am actually using my other account. I will post with the account that has the 403 error

 

[totdx10h]

Hi this is my other account

 

[lifetool]

Hi,

When did you make the request that resulted in a 403 Forbidden error? I'm struggling to find any logs on this, for "lifetool".

Thank you,

Hi Dead-i,

Is there a way to get pass mod_security?

 

[bdistler]

EDIT I 'see' -I posted this same information above

Is there a way to get pass mod_security?

while x10hosting discourage it - Premium users have the ability to completely disable mod_security on their account via cPanel

For free-hosting x10hosting has a customized web server setup that does not allow for the same cPanel functionality to disable mod_security - x10hosting also decided it would not be a good idea to allow free-hosting users to disable it - as it is used to not only protect against inbound malicious attacks but to prevent outbound abuse also - Unfortunately free-hosting still gets abusive signups - and allowing them to disable something that helps to prevent their malicious actions would not be in x10hosting's best interest

 

[lifetool]

So x10hosting would not be the right hosting for me if I would like to use the Simple Machines Forum?

 

[Dead-i]

Hi,

I cannot find any recent mod_security alerts for "totdx10h" either, nor can I see SMF installed on that account. Which account is this error occurring on?

Thank you,

 

[lifetool]

oh im sorry, i used my other account, meritbad is the username. thanks for helping