params= new JRegistry(); $this->params->loadString($plugin->params, 'JSON'); $this->_cacheEnabled = $this->params->get('cache_enabled'); if ($this->_cacheEnabled === null) $this->_cacheEnabled == 1; $this->_autoflush = $this->params->get('autoFlush'); if ($this->_autoflush === null) $this->_autoflush = 1; $this->_autoflush3rdParty = $this->params->get('autoFlush-ThirdParty'); if ($this->_autoflush3rdParty === null) $this->_autoflush3rdParty = 1; $this->_autoflushClientSide = $this->params->get('autoFlush-ClientSide'); if ($this->_autoflushClientSide === null) $this->_autoflushClientSide = 0; } /** * Heartbeat cache checking function. Will also monitor $_GET for the jSGCache parameter * (pressing the purge cache button in admin) * * * @access public * @return null */ public function onAfterInitialise() { if (!$this->_cacheEnabled || $this->_isBlacklisted($this->_applicationPath)) { JResponse::setHeader('X-Cache-Enabled','False',true); return; } if ($this->_cacheEnabled) { JResponse::allowCache(true); JResponse::setHeader('X-Cache-Enabled','True',true); } //Init the application url $this->_applicationPath = str_replace(array('administrator/index.php','index.php'),'',str_replace($_SERVER['DOCUMENT_ROOT'],'',$_SERVER['SCRIPT_FILENAME'])); //Check for any admin action and proceed to flushMonitor and 3rd party plugins if ( isset($_POST['task']) || isset($_GET['task']) || isset($_GET['cart_virtuemart_product_id'])) { $this->_flushMonitor(); if ($this->_autoflush3rdParty) $this->_monitorThirdPartyPlugins(); } //Check if we have a logged in user and enable cache bypass cookie 'task' => string 'user.login' $user = JFactory::getUser(); if (!$user->guest || (isset($_POST['task']) && preg_match('/login/i', $_POST['task']))) { $_POST[JSession::getFormToken()] = 1; //Force the correct token, since the login box on the page is cached with the 1st visitors' token //Enable the cache bypass for logged users by setting a cache bypass cookie setcookie('jSGCacheBypass',1,time() + 6000,'/'); } if ($user->guest || (isset($_POST['task']) && $_POST['task'] == 'user.logout')) { //Remove the bypass cookie if not a logged user if (isset($_COOKIE['jSGCacheBypass'])) setcookie('jSGCacheBypass',0, time() - 3600,'/'); } // Handle purge button press when get has jSGCache=purge, but only in admin with a logged user if(isset($_GET['jSGCache']) && $_GET['jSGCache'] == 'purge' && JFactory::getApplication()->isAdmin() && !$user->guest ) $this->_purgeCache(true); } /** * Admin panel icon display * * @access public * @param string $context * @return array */ public function onGetIcons( $context ) { return array(array( 'link'=>'?jSGCache=purge', 'image'=>'refresh', 'text'=>JText::_('Purge jSGCache'), 'id'=>'jSGCache' )); } /** * Calls the cache server to purge the cache * * @access public * @param string|bool $message Message to be displayed if purge is successful. If this param is false no output would be done * @return null */ private function _purgeCache( $message = true ) { $purgeRequest = $this->_applicationPath . '(.*)'; // Construct the PURGE request $hostname = str_replace( 'www.', '', $_SERVER['HTTP_HOST'] ); $purge_method = "PURGE"; $cacheServerSocket = fsockopen($hostname, 80, $errno, $errstr, 2); if(!$cacheServerSocket) { JError::raise(E_ERROR,500,JText::_('Connection to cache server failed!')); JError::raise(E_ERROR,500,JText::_($errstr ($errno))); return; } $request = "$purge_method {$purgeRequest} HTTP/1.0\r\nHost: {$_SERVER['SERVER_NAME']}\r\nConnection: Close\r\n\r\n"; if (preg_match('/^www\./',$_SERVER['SERVER_NAME'])) { $domain_no_www = preg_replace('/^www\./', '', $_SERVER['SERVER_NAME']); $request2 = "$purge_method {$purgeRequest} HTTP/1.0\r\nHost: {$domain_no_www}\r\nConnection: Close\r\n\r\n"; } else $request2 = "$purge_method {$purgeRequest} HTTP/1.0\r\nHost: www.{$_SERVER['SERVER_NAME']}\r\nConnection: Close\r\n\r\n"; fwrite($cacheServerSocket, $request); $response = fgets($cacheServerSocket); fclose($cacheServerSocket); $cacheServerSocket = fsockopen($hostname, 80, $errno, $errstr, 2); fwrite($cacheServerSocket, $request2); fclose($cacheServerSocket); if($message !== false) { if(preg_match('/200/',$response)) { if ($message === true) JFactory::getApplication()->enqueueMessage(JText::_('SG Cache Successfully Purged!')); else JFactory::getApplication()->enqueueMessage(JText::_( $message )); } else { JError::raise(E_NOTICE,501, JText::_('SG Cache: Purge was not successful!')); JError::raise(E_NOTICE,501, jText::_('Error: ' . $response)); } } } /** * Check if url is in caching blacklist * * @param string $applicationPath * * @return bool */ private function _isBlacklisted($applicationPath) { $blacklistArray = explode("\n",$this->params->get('blacklist')); $blacklistRegexArray = array(); $indexIsBlacklisted = false; foreach($blacklistArray as $key=>$row) { $row = trim($row); if ($row != '/' && $quoted = preg_quote($row,'/')) $blacklistRegexArray[$key] = $quoted; if ($row == '/') $indexIsBlacklisted = true; } if ($indexIsBlacklisted && $_SERVER['REQUEST_URI'] == $applicationPath) return true; if (empty($blacklistRegexArray)) return false; $blacklistRegex = '/('.implode('|',$blacklistRegexArray) . ')/i'; return preg_match($blacklistRegex, $_SERVER['REQUEST_URI']); } /** * 3rd party plugin monitor * * @access private * @return null */ private function _monitorThirdPartyPlugins() { // Kunena & K2 if ($this->params->get('autoFlush-ThirdParty') == 1 && isset($_POST['option']) && ($_POST['option']=='com_k2' || $_POST['option' ]== 'com_kunena')) { $this->_purgeCache(false); } // VirtueMart if ( (isset($_POST['option']) && $_POST['option'] == 'com_virtuemart') || ( isset($_GET['option']) && $_GET['option'] == 'com_virtuemart' ) || isset($_GET['cart_virtuemart_product_id']) ) { if($this->params->get('autoFlush-ThirdParty') == 1) $this->_purgeCache(false); } } /** * Action monitor * * @access private * @return null */ private function _flushMonitor() { $user = JFactory::getUser(); if ((!JFactory::getApplication()->isAdmin() && !$this->_autoflushClientSide) || $user->guest) return; $autoflush = $this->params->get('autoFlush'); if ($autoflush === null) $autoflush = 1; if (isset($_POST['task']) && $_POST['task'] && !in_array($_POST['task'],self::$_ignoreTasks) && $autoflush == 1) $this->_purgeCache(false); } } Community Support Forums - Sellacious

204,593+ downloads

Categories:   All Categories
Suggested keywords
New

403 error while editing bank info through seller login

Default Category
  Bug Report
Default Avatar
  UtilZone
  Monday, 03 September 2018
  2 Replies
  1.2K Visits
  Subscribe
After login the bank-end through a seller, when I try to update bank information followed by save button; the page becomes inaccessible. It gives the following error. If I rename the "sellcious" folder it is again accessible.

HTTP Error 403 - Forbidden
Error. Page cannot be displayed. Please contact your service provider for more details. (30)

The website is hosted in HostGator and I created a ticket for this issue. They responded like below...

Upon checking we found that mod security rule was blocking your website.

ModSecurity is one of the apache server modules that provides a complete website protection by defending hackers and other malicious attacks. It is a set of rules with regular expressions that helps to instantly ex-filtrate the commonly known exploits.ModSecurity obstructs the processing of invalid data (code injection attacks) to reinforce and nourish server's security

We found following error logs for your domain :

[Sun Sep 02 15:03:45.631298 2018] [:error] [pid 26491:tid 140563493766912] [client 111.93.159.50:0] [client 111.93.159.50] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "universaluse.com"] [uri "/errors/mdh-403.html"] [unique_id "W4v70SYUr9-KskqDQ9S2@wAAAAg"], referer: https://universaluse.com/sellacious10/index.php?option=com_sellacious&view=profile

Please note that we can not white list this rule because white listing the above mentioned rule will leave the server vulnerable so Please contact your web developer to check the code.
Oldest First  
690 F994e9da8fa86820b565001d1179d5c7
Abhishek Agrawal
5 years ago
·
#2386
Thank you for reporting. kindly DM us server access/cpanel access so that we can look into this further. It looks as if your server provider is blocking some of our scripts by mistake.

-Abhishek
Default Avatar
UtilZone
5 years ago
·
#2401
Thanks for the response. I've updated the credentials.
  • Page :
  • 1
There are no replies made for this post yet.
Be one of the first to reply to this post!
Ask Question
Sellacious Time 00:00:00

Login

?
?

Categories

Important Links

Company

Important Links

Information

Shortcut Links

Shortcut Links

Important Links

  • 10k Startup
  • Ssl Secure
  • Iso Certified
  • +1 (408) 821-8283
  • Email hello@sellacious.com

Search