SecurePHPx

[ascheinberg]

Can someone explain to me what SecurePHPx is? I can't find ANY mention of it on the internet. I have a script that has certain areas disabled, and the best I can tell, it was preventing me from using show_source() and/or include() in certain areas, like with .txt files.

Is there any documention that can explain what is so bad about the script?

Thanks,

Adam

[TeeJa]

Doing a seach on Google pretty much tells you.
Mod_security on your server has disabled that script because it feels there is a security problem with it.
Without seeing the script, there would be no way to tell you what needs to be fixed in it.

[ascheinberg]

Have you actually searched Google? I see no mention of SecurePHPx on google other than this: http://64.233.187.104/search?q=cache...Px+about&hl=en, and a HUGE slew of errors that have been spidered and cached.

And furthermore, nearly every mention is someone hosted on hostgator. I don't think it's out of line to ask what it is, especially when Google does NOT return that info and the "official" homepage appears to be offline. Especially when my script looks ok to me.

[TeeJa]

Quote:

Originally Posted by ascheinberg

Have you actually searched Google? I see no mention of SecurePHPx on google other than this: http://64.233.187.104/search?q=cache...Px+about&hl=en, and a HUGE slew of errors that have been spidered and cached.

And furthermore, nearly every mention is someone hosted on hostgator. I don't think it's out of line to ask what it is, especially when Google does NOT return that info and the "official" homepage appears to be offline. Especially when my script looks ok to me.

That's what I was talking about. Sure are a lot of busted scripts? Strange that Google spiders them?

As far as your question about your script, I would have no clue unless Me or someone else sees a copy of it to dissect it to see where the "proposed compromise" is in the script. There could be many things, but mostly it has to do with sending of email via a contact form. It would need to either replaced or fixed.

Some more reading:
http://forums.hostgator.com/showthread.php?t=5929

http://forums.hostgator.com/showthread.php?t=6213

Now this is a good 1

If I pass the variable state=British%20Columbia as part of the url I receive the message that the script or action has been blocked

http://bonspiel.net/index.php?state=...r=2007&format=



However, if I pass the variable state=Nova%20Scotia as part of the url, or any other state or province I have tried, the url loads normally.

http://bonspiel.net/index.php?state=...r=2007&format=



Someone please explain to me why british columbia is considered unsafe...

[Serra]

Nothing is wrong with that. Contact support and ask them to adjust mod_security so you query works.

Have you tried the same thing using http_post instead of using a URL?

I just wote a bit of code to convert %20 to a + and resolved the problem, but the problem should not have happened in the first place...

I don`t want to use POST because of limitations with the search engines useing POST

[quietFinn]

Quote:

Originally Posted by Sitemagik

Someone please explain to me why british columbia is considered unsafe...

Anything with "sh%20" gives the same error.

[thlayli]

I am also finding that this happens with the string "get%20"

It seems that converting all spaces to "+" symbols (and converting any "+" symbols you wish to keep into "%2B") will prevent this error.

Essentially it blocks some of the basic apps. used in most exploits. If you're finding it too restrictive don't hesitate to contact support regarding the issue so we can make modifications if necessary.

Thank you for your time!