CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Core CiviCRM Functions (Moderator: Yashodha Chaku) »
  • Generic SQL injection protection rule
Pages: [1]

Author Topic: Generic SQL injection protection rule  (Read 646 times)

sibro

  • I post occasionally
  • **
  • Posts: 47
  • Karma: 2
  • CiviCRM version: 4.4.5
  • CMS version: Drupal 7.27
  • MySQL version: 5.5
  • PHP version: 5.4
Generic SQL injection protection rule
June 11, 2014, 05:21:03 am
On civi 4.4.5 and MYSQL 5.5
In the last few days two of my people got locked out, their browsers just hung. It turned out they were blocked when Cpanel got the following error
Quote
[Wed Jun 11 03:15:51 2014] [error] [client 68.x.y.229] ModSecurity: Access denied with code 500 (phase 2). Pattern match "((alter|create|drop)[[:space:]]+(column|database|procedure|table)|delete[[:space:]]+from|update.+set.+=)" at ARGS:entryURL. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "368"] [id "300015"] [rev "1"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname "xyz.org"] [uri "/civicrm/contact/view/rel"] [unique_id "z"]

I believe the users were trying to delete a relationship

The last entry in the Watchdog log is
Quote
Notice: Undefined index: 62_ in CRM_Contact_Form_Relationship->setDefaultValues() (line 218 of /home/xyzprod/public_html/sites/all/modules/civicrm/CRM/Contact/Form/Relationship.php).

I don't think the messages are related. Working through the issue of something thinking a normal request is a security issue.
Bruce

Hershel

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4640
  • Karma: 176
    • CiviHosting
  • CiviCRM version: Latest
  • CMS version: Mostly WordPress and Drupal
Re: Generic SQL injection protection rule
June 11, 2014, 05:37:23 am
Quote from: sibro on June 11, 2014, 05:21:03 am
I don't think the messages are related. Working through the issue of something thinking a normal request is a security issue.

Yes, they do not appear related. It appears you need to tone down your ModSecurity settings. :)
CiviHosting and CiviOnline -- The CiviCRM hosting experts, since 2007

See here for the official: What to do if you think you've found a bug.

sibro

  • I post occasionally
  • **
  • Posts: 47
  • Karma: 2
  • CiviCRM version: 4.4.5
  • CMS version: Drupal 7.27
  • MySQL version: 5.5
  • PHP version: 5.4
Re: Generic SQL injection protection rule
June 12, 2014, 01:35:38 pm
Hershel, thanks for your suggestion. 

My ISP updated modsecurity.  Fixed it and also the failure I was seeing in updating relationships. I made changes to Civi, Mysql, PHP and Drupal. Unclear which update created the issue. 
Bruce
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Core CiviCRM Functions (Moderator: Yashodha Chaku) »
  • Generic SQL injection protection rule

This forum was archived on 2017-11-26.