Menu

Topic-icon Since 3.1.6 upgrade admin users getting 'forbidden access'

  • wallyhowe
  • wallyhowe's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
3 months 1 week ago #6808 by wallyhowe
I upgraded yesterday and now our admin users are complaining that they cannot save records (invoices and Newsletters from 2 components), instead they get 'The webmaster has forbidden your access to the site'.
The firewall log shows the following errors:
Line comments :[POST:editor_body]
SQL pattern detected :[POST:pay_inst_1]
Backslashes added to characters :[POST:pay_inst_1]
.
I have temporarily added filters for these for the two components but concerned at having to do this and also concerned as to what else is affected.
Wallyhowe

Please Log in or Create an account to join the conversation.

More
3 months 1 week ago - 3 months 1 week ago #6809 by Jose
Hi Wallyhove,

Since this version (3.1.6) all firewall rules are also applied to super user accounts (previously that group were excluded) to get a better protection against threats targeting them. So adding those exceptions should solve your issue.

I apologize for all the inconveniences caused.

Regards,
Jose

Edited: Remember you can choose to which groups apply firewall rules from Configuration -> Rules management.
Last edit: 3 months 1 week ago by Jose. Reason: Add more info about 'rules management'

Please Log in or Create an account to join the conversation.

  • wallyhowe
  • wallyhowe's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
3 months 1 week ago #6810 by wallyhowe
But one of the users is an Administrator, not a super user.
Note that all descriptions contain similar CSS code and all are reported under SQL injection:
Wallyhowe

Please Log in or Create an account to join the conversation.

More
3 months 1 week ago #6811 by Jose
Then is a false positive.

I recommend you to enable the 'Easy config' feature from main panel of Securitycheck Pro, as this alert is caused by a rule that it's not usually used un sql injection attacks.

Regards,
Jose

Please Log in or Create an account to join the conversation.

More
3 months 1 week ago #6812 by Jose
Hi again,

After checking the code I have added some improvements to avoid false positives in the administrator area. I have updated 3.1.6 version file, so anyone experiencing false positives can download and update this version again.

Regards,
Jose

Please Log in or Create an account to join the conversation.

More
3 months 1 week ago - 3 months 1 week ago #6816 by qldnet
I can confirm that even after instaling the latest file I am getting 'The webmaster has forbidden your access to the site' for something as simple as saving two lines of text in K2. Started since 3.1.6 version. This is preventing me from updating the website. This is happening irrespective of the level of the user (Super User, Admin, Manager). I really need a solution or will have to uninstall Security Check pro.

I have Easy Config setup, running Joomla 3.9.6. The website has had no issues until 3.1.6 upgrade.
Last edit: 3 months 1 week ago by qldnet.

Please Log in or Create an account to join the conversation.

Time to create page: 0.059 seconds
Powered by Kunena Forum

Login or Sign In