Hi
I am receiving a 403 error when trying to access the full sized images, thumbs work ok and also when selecting "slideshow"
My server logs show the following error (mentions the .jpg.php extension)
[Thu Feb 14 14:21:30 2013] [error] [client 80.229.19.251] ModSecurity: [file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "597"] [id "340035"] [rev "5"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Bogus file extensions"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Matched phrase ".jpg.php" at REQUEST_URI. [hostname "www.thestottfamily.co.uk"] [uri "/caravan-and-camping/crown-prince/fortwilliam1.jpg.php"] [unique_id "@ZrTcAVNIpYAAExqSssAAAAE"]
The zenphoto security logs show
2013-02-14 14:21:14 80.229.19.251 Album access thestottfamily John Stott Blocked /zp-core/admin-edit.php?page=edit&album=rabbits&saved&subpage=1&tagsort=1&tab=imageinfo
I guess this is a server problem but my hosting provider does not seem to have any idea.
Cheers
John
P.S Zenphoto version 1.4.4.1s [bf2e07e8cf] (Official build)
All the directories are 0755 and files 0644 for zenphoto.
I do not have access to the /etc directories on the server.
I am still awaiting a response to my second ticket from the hosting company.
Thanks
John
Hi
Just an up-date. The web host sorted the 403 error but now zenphoto setup is asking me to change directory permissions to 0777
Any ideas?
John
Well having the zp-data directory set to 0777 and .log files etc does not make me feel to secure!
Maybe time to change hosting companies.
John
P.S They come across as a UK company but I have traced them to india via there IP adress.
The latest reply - they are after my zenphoto login details!
Quote: If you can provide me with an image to upload and your login / password to Zenphoto then I will login and locate the problem. It seems that Zenphoto is using another ID to upload the files instead of your FTP ID, if I can login I will try to get to the bottom of the issue
Pity its all directories not just albums!
Hi
Thanks for the replies.
Sorry if I miss understand you but should it matter if my FTP login/password differ from what I created for my database?
Regards
John
It get's better...
The cache directory seems to be mirrored onto another domain i have hosted with this company...werid..
John