ZenphotoCMS Forum
403 error forbidden - Printable Version

+- ZenphotoCMS Forum (https://forum.zenphoto.org)
+-- Forum: Support (https://forum.zenphoto.org/forum-1.html)
+--- Forum: General support (https://forum.zenphoto.org/forum-4.html)
+--- Thread: 403 error forbidden (/thread-10848.html)



403 error forbidden - seroxatmad - 2013-02-14

Hi

I am receiving a 403 error when trying to access the full sized images, thumbs work ok and also when selecting "slideshow"

My server logs show the following error (mentions the .jpg.php extension)

[Thu Feb 14 14:21:30 2013] [error] [client 80.229.19.251] ModSecurity: [file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "597"] [id "340035"] [rev "5"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Bogus file extensions"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Matched phrase ".jpg.php" at REQUEST_URI. [hostname "www.thestottfamily.co.uk"] [uri "/caravan-and-camping/crown-prince/fortwilliam1.jpg.php"] [unique_id "@ZrTcAVNIpYAAExqSssAAAAE"]

The zenphoto security logs show

2013-02-14 14:21:14 80.229.19.251 Album access thestottfamily John Stott Blocked /zp-core/admin-edit.php?page=edit&album=rabbits&saved&subpage=1&tagsort=1&tab=imageinfo

I guess this is a server problem but my hosting provider does not seem to have any idea.

Cheers

John

P.S Zenphoto version 1.4.4.1s [bf2e07e8cf] (Official build)




403 error forbidden - acrylian - 2013-02-14

Quote:"/etc/httpd/modsecurity.d/10_asl_rules.conf"]
This tells that some server security is involved. Did you check the permissions?




403 error forbidden - seroxatmad - 2013-02-14

All the directories are 0755 and files 0644 for zenphoto.

I do not have access to the /etc directories on the server.

I am still awaiting a response to my second ticket from the hosting company.

Thanks

John




403 error forbidden - seroxatmad - 2013-02-14

Hi

Just an up-date. The web host sorted the 403 error but now zenphoto setup is asking me to change directory permissions to 0777

Any ideas?

John




403 error forbidden - sbillard - 2013-02-14

Probably your host fixed the problem by settins some folder permissions to 0777. You should not set permissions to 0777 unless Zenphoto will not run otherwise. So do nothing.




403 error forbidden - seroxatmad - 2013-02-20

Well having the zp-data directory set to 0777 and .log files etc does not make me feel to secure!

Maybe time to change hosting companies.

John

P.S They come across as a UK company but I have traced them to india via there IP adress.




403 error forbidden - acrylian - 2013-02-20

A lot of bigger companies move certain services to India (and UK of course still has some connection anyway I guess) as they are good at informatics stuff but also cheaper...




403 error forbidden - seroxatmad - 2013-02-20

The latest reply - they are after my zenphoto login details!

Quote: If you can provide me with an image to upload and your login / password to Zenphoto then I will login and locate the problem. It seems that Zenphoto is using another ID to upload the files instead of your FTP ID, if I can login I will try to get to the bottom of the issue
Pity its all directories not just albums!




403 error forbidden - acrylian - 2013-02-20

I would actually say it is not that bad if they want to try to reproduce it themselves. If you fear unwanted access you could setup a test install where it does not matter.




403 error forbidden - sbillard - 2013-02-20

Well,since it is their site, they should know what user ID that PHP scripts run under for a particular user. If that is not the same as your FTP user, then you will have this sort of issue. They should probably also know your FTP user ID.




403 error forbidden - seroxatmad - 2013-02-22

Hi

Thanks for the replies.

Sorry if I miss understand you but should it matter if my FTP login/password differ from what I created for my database?

Regards

John




403 error forbidden - acrylian - 2013-02-22

The database (on its own server generally anyway) and FTP are not related so that is how it should be.




403 error forbidden - seroxatmad - 2013-02-23

It get's better...

The cache directory seems to be mirrored onto another domain i have hosted with this company...werid..

John