Odd Forum search Error

All errors or issues on the website/forums should be reported here and will be investigated. Support questions about how to use/access features not documented in the forum FAQ and discussion about the site forums are also welcome here, but please read this thread before posting such items.
Locked
User avatar
SyBorg
Ex RouterTech Team
Ex RouterTech Team
Posts: 1621
Joined: Mon Apr 17, 2006 4:09 pm
Location: Berkshire
Contact:

Odd Forum search Error

Post by SyBorg » Sun Jul 02, 2006 11:45 am

If you go to Forum search and specify keyword 'telnet' it returns a nice list of hits.
If you click on any of the Topic titles you get "The server has experienced a temporary error. If the problem persists please contact website admin and be sure to mention what you were trying to access at the time."
I get this every time but only with the keyword 'telnet' everything else works as expected :shock:
We learn something every day, and lots of times it’s that what we learned the day before was wrong.
—Bill Vaughan
User avatar
Shotokan101
RouterTech Team
RouterTech Team
Posts: 4775
Joined: Thu Jan 26, 2006 3:17 pm
Location: Glasgow, Scotland

Post by Shotokan101 » Sun Jul 02, 2006 12:32 pm

Bizzare indeed !

Yet if you search for "telne*" it works.... :?
Jim

.....I'm Sorry But I Can't Do That Dave.....
User avatar
Kieran
RouterTech Team
RouterTech Team
Posts: 2670
Joined: Fri Jan 20, 2006 11:30 am
Location: London
Contact:

Post by Kieran » Sun Jul 02, 2006 12:36 pm

telnet is a banned word on the servers mod_security when passed through the GET variable in a URL. The error shows only when you click the link as the word you searched for is passed in the variable "highlight" when you do so, thus placing it in the GET location. It is allowed on POST though, which is why you can post it in a forum.
Last edited by Kieran on Sun Jul 02, 2006 12:36 pm, edited 1 time in total.
Kieran
"Indeed!"
Invaluable links: Forum Rules | Networking Guides | FAQ | Site Search | Forum Search <-- Use it or feel my wrath!
No support via PM, please ask your questions in the forum!
User avatar
SyBorg
Ex RouterTech Team
Ex RouterTech Team
Posts: 1621
Joined: Mon Apr 17, 2006 4:09 pm
Location: Berkshire
Contact:

Post by SyBorg » Sun Jul 02, 2006 12:36 pm

Shotokan101 wrote:Bizzare indeed !

Yet if you search for "telne*" it works.... :?
I'm just glad you see it too :D
We learn something every day, and lots of times it’s that what we learned the day before was wrong.
—Bill Vaughan
User avatar
Shotokan101
RouterTech Team
RouterTech Team
Posts: 4775
Joined: Thu Jan 26, 2006 3:17 pm
Location: Glasgow, Scotland

Post by Shotokan101 » Sun Jul 02, 2006 12:42 pm

Kieran wrote:telnet is a banned word on the servers mod_security when passed through the GET variable in a URL. The error shows only when you click the link as the word you searched for is passed in the variable "highlight" when you do so, thus placing it in the GET location. It is allowed on POST though, which is why you can post it in a forum.
I've seen you refernce this before Kiran - but I've never understood why certain words pose a security problem :oops: - can you give some more info. or point me at some "Light Reading for Dummies" ? - I guess it's a PHP thing ?
Last edited by Shotokan101 on Sun Jul 02, 2006 1:26 pm, edited 1 time in total.
Jim

.....I'm Sorry But I Can't Do That Dave.....
User avatar
SyBorg
Ex RouterTech Team
Ex RouterTech Team
Posts: 1621
Joined: Mon Apr 17, 2006 4:09 pm
Location: Berkshire
Contact:

Post by SyBorg » Sun Jul 02, 2006 12:43 pm

Kieran,

I get the same behaviour on your forum. I tried it as I wondered if it was a standard phpBB 'feature'??
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@kieranoshea.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
We learn something every day, and lots of times it’s that what we learned the day before was wrong.
—Bill Vaughan
User avatar
SyBorg
Ex RouterTech Team
Ex RouterTech Team
Posts: 1621
Joined: Mon Apr 17, 2006 4:09 pm
Location: Berkshire
Contact:

Post by SyBorg » Sun Jul 02, 2006 12:45 pm

Kieran wrote:telnet is a banned word on the servers mod_security when passed through the GET variable in a URL. The error shows only when you click the link as the word you searched for is passed in the variable "highlight" when you do so, thus placing it in the GET location. It is allowed on POST though, which is why you can post it in a forum.
Didn't see this before posting again :oops:

So is it just something to live with?
We learn something every day, and lots of times it’s that what we learned the day before was wrong.
—Bill Vaughan
User avatar
Kieran
RouterTech Team
RouterTech Team
Posts: 2670
Joined: Fri Jan 20, 2006 11:30 am
Location: London
Contact:

Post by Kieran » Sun Jul 02, 2006 12:48 pm

I think if you know what telnet is then its quite easy to see why you wouldn't want that command to execute in the servers unix shell with arguments from an unauthorised source.

Essentially telnet (or ssh) has the ability to connect the server on which the command is executed to another and then pass data and more importantly commands. This could be used to take remote control of the server, not something I really want to contemplate ;)

Sy, no, its not phpBB specific, it is simply based on POST and GET requests containing certain commands being restricted.
Kieran
"Indeed!"
Invaluable links: Forum Rules | Networking Guides | FAQ | Site Search | Forum Search <-- Use it or feel my wrath!
No support via PM, please ask your questions in the forum!
User avatar
SyBorg
Ex RouterTech Team
Ex RouterTech Team
Posts: 1621
Joined: Mon Apr 17, 2006 4:09 pm
Location: Berkshire
Contact:

Post by SyBorg » Sun Jul 02, 2006 12:55 pm

OK. All understood.

It's a bit odd though. Given the nature of the forum some of the keywords likely to be used are the ones that are banned.
Is it possible to put an explanation in the error message returned?
We learn something every day, and lots of times it’s that what we learned the day before was wrong.
—Bill Vaughan
User avatar
Shotokan101
RouterTech Team
RouterTech Team
Posts: 4775
Joined: Thu Jan 26, 2006 3:17 pm
Location: Glasgow, Scotland

Post by Shotokan101 » Sun Jul 02, 2006 1:29 pm

O.K. - makes sense - I'd forgotten some of the problems inherrent in Unix flexibility with its command shell :?
Jim

.....I'm Sorry But I Can't Do That Dave.....
User avatar
Neo
RouterTech Team
RouterTech Team
Posts: 3583
Joined: Thu Jan 26, 2006 1:09 pm
Contact:

Post by Neo » Sun Jul 02, 2006 2:13 pm

This is history repeating: viewtopic.php?t=279

Although I can forgive you because it would have thrown up an error when you clicked on the results :lol:

When a result for a telnet search is returned, the link might be something like:

Code: Select all

https://www.routertech.org/viewtopic.php?t=279&highlight=telnet
It's the

Code: Select all

&highlight=telnet
which is produces the error, so if you manually remove that from the address box it works fine ;)
RouterTech Team
Image
No support via PM, please ask your questions on the forum!
User avatar
Shotokan101
RouterTech Team
RouterTech Team
Posts: 4775
Joined: Thu Jan 26, 2006 3:17 pm
Location: Glasgow, Scotland

Post by Shotokan101 » Sun Jul 02, 2006 2:22 pm

Interesting Neo so could the search script be modded then to remove those entries from the results only for "proscribed" search terms ? :?
Jim

.....I'm Sorry But I Can't Do That Dave.....
User avatar
Neo
RouterTech Team
RouterTech Team
Posts: 3583
Joined: Thu Jan 26, 2006 1:09 pm
Contact:

Post by Neo » Sun Jul 02, 2006 2:31 pm

That's one possible solution :)

I first reported the problem for another keyword back in March...then Kieran did some tweaking to sort it out. I think each keyword (there are several) needs to be dealt with accordingly...

viewtopic.php?p=416#416
viewtopic.php?p=657#657
RouterTech Team
Image
No support via PM, please ask your questions on the forum!
User avatar
Shotokan101
RouterTech Team
RouterTech Team
Posts: 4775
Joined: Thu Jan 26, 2006 3:17 pm
Location: Glasgow, Scotland

Post by Shotokan101 » Sun Jul 02, 2006 2:49 pm

Thanks Neo - that's where I remebered reading about the problem before :D

....seems a bit odd that each word needs to be handled individualy - can't it be "list driven" ?
Jim

.....I'm Sorry But I Can't Do That Dave.....
User avatar
Kieran
RouterTech Team
RouterTech Team
Posts: 2670
Joined: Fri Jan 20, 2006 11:30 am
Location: London
Contact:

Post by Kieran » Fri Jul 14, 2006 5:17 pm

Words need to be dealt with individuallt because each is a command in a unix shell and so if you wish to enable a word you have to weigh up the security implications and sometimes add some additional security to allow it to be submitted but not pose a risk. Sometimes a banned word has to stay irrespective of its annoyance to users too I'm afraid.

As a result a message is now dispalyed along with the standard server error to indicate that a word in your post/search/link may have caused the error. Locked.
Kieran
"Indeed!"
Invaluable links: Forum Rules | Networking Guides | FAQ | Site Search | Forum Search <-- Use it or feel my wrath!
No support via PM, please ask your questions in the forum!
Locked