wimg Posted May 16, 2023 Posted May 16, 2023 We upgraded from Sunday on Monday from 4.6.8 to 4.6.10 and next to 4.7.10. That went well no problems with the Community Suite so far. However, trying to upgrade many of our addons, applications and plugins, resulted in multiple errors, with an error message "Sorry! The page you requested does not exist", while we still have a valid subscription, and an Install option for each of them. We have 60 add-ons, of which we are currently using 35 actively. The inactive ones, as far as we tried, give the same results.. Any idea what could be causing this and what we need to do to solve this problem? This happened both in 4.6.10 and in 4.7.10, whatever we tried. Prior to doing the ICS-upgrade we did test everything, because of the required upgrade to PHP 8.x, and it did the same during our tests, although all apps and plugins did not stop working. What we did notice, however, is that we did not get a proper default theme, as it still contains the additions we made to it, for Google and advertising. Could it possibly be that this is what is causing the trouble? Thank you very much in advance! Kind regards, Wim
Jim M Posted May 16, 2023 Posted May 16, 2023 Would suggest reaching out to your hosting provider to see if you have mod_security enabled and disabled it temporarily. Often this is the case when getting a 404 error in the ACP. It is worth mentioning that 60 third party applications/plugins are A LOT! That is a lot of chances for things to be going wrong and I would ensure each of these are compatible (even the disabled ones) with your release of Invision Community that you're running. Uninstall those which you're not using or not 100% required for your community.
wimg Posted May 16, 2023 Author Posted May 16, 2023 28 minutes ago, Jim M said: Would suggest reaching out to your hosting provider to see if you have mod_security enabled and disabled it temporarily. Often this is the case when getting a 404 error in the ACP. It is worth mentioning that 60 third party applications/plugins are A LOT! That is a lot of chances for things to be going wrong and I would ensure each of these are compatible (even the disabled ones) with your release of Invision Community that you're running. Uninstall those which you're not using or not 100% required for your community. We have gone through extensive testing and checks. Only 2 were not compatible, and those were disabled anyway. And yes, 60 is a lot. As mentioned, we currently only use 35 of them , which stiil is a lot. It just shows that the 3rd party community provides a very useful service, the way we see it 😃. We manage our own server, but we do have full support if so required. I just realized we moved to a new server a couple of months ago, as a first step to doinG complete upgrades for everything, including PHP and database. It could well be that mod_security has been enabled for everything again - that was one are we did not check. I'll report back if that indeed solves the issue. Thank you for the heads-up and quick reply, much appreciated! Kind regards, WIm Â
wimg Posted May 16, 2023 Author Posted May 16, 2023 Well, Mod_security was on, indeed, but switching it off, and rebooting, made no difference. If anybody has another idea of what could be causing this, I'd appreciate it. Thank you very much in advance! Kind regards, WIm P.S.: I did reboot the server after resetting and saving the Mod_security settings.
wimg Posted May 16, 2023 Author Posted May 16, 2023 Hi Randy, I have been looking around, but other than the menu settings for FURLs, I have no idea what I should eb looking for. As the error logs mostly showed data from dates prior to the upgrade, I cleared the logs, to ssee what will show up next when I try again, but so far, nothing. The weird thing is that some of the upgrades worked just fine, but now i am stuck with 30+ which do not, but should according to Marketplace. There always is an Install or Upload option, and when I use those, something will start up, but the moment it goes away to do its thing, within a couple of seconds it turns up the error message. As mentioned, I turned off Mod_security, but as that didn't change anything, and i noticed a few attempts at invalid data insertions, I turned it on again, especially as we did have a hacking problem, be it people taking over accounts from not very security conscious members, and posting spam like crazy. If you have any suggestions, I would appreciate it. Kind regards, WIm
Marc Posted May 17, 2023 Posted May 17, 2023 You mention that some of the upgrades work fine. Have you contacted any of the authors of the ones that are not?
wimg Posted May 17, 2023 Author Posted May 17, 2023 Yes, I did. It is not their software. No idea yet what causes it. I have now uninstalled almost every bit of software that has this problem, except 2 add-ons which have a version that works just fine without the update, and is PHP 8-compliant anyway, even though the others were too. The reason for keeping those is for testing purposes as well, to see if I can finally get rid of the problem. O, the apps that work fine are from the same authors. No idea why some, a minority, work and others don't. I did find that we are running an additional security package on our server in the mean time, one we did not have on our previous server, and it is something we cannot control like you do with mod_security. So i have created a ticket for hosting support as a result. In the mean time, any ideas are welcome. I will try a manual upload as far as possible, but I need a reply from one of the authors first. No idea where to upload the contents of an unzipped .tar file to. It is not clear from the directories it creates. Kind regards, Wim
Marc Posted May 18, 2023 Posted May 18, 2023 It does sounds like something is blocking them somewhere on the server
wimg Posted May 20, 2023 Author Posted May 20, 2023 Looks like the problem is solved now. It was a combination of a Joomla plugin exploit bug which appears to be used by Marketplace, and an upload problem, and covered by both security modules which are installed as a standard on our server, although they deal slightly differently with it. Disabling the rules in mod_security and in the 2nd security module fixed this. For mod_security, upload, it was: Request: POST /forum/admin/?app=core&module=applications&controller=applications&appKey=news&do=upload Action Description: Access denied with code 406 (phase 2). Justification: File "/tmp/20230520-145930-ZGjgUoQWffAZPv8BC0az9wACVBc-file-yAgo53" rejected by the approver script "/etc/cxs/cxscgi.  And for Marketplace, the Joomla exploit problem, which actually results in 3 error messages: Request: GET /forum/admin/?app=core&module=applications&controller=plugins&do=doInstall&file=/tmp/IPSMPKovG0x&key=d20a4618bdf9a0118256585816f3a9ab&id=10&csrfKey=c76034ce3b5af74eb2764c97bab4ca77&marketplace=7542&mr=0&_mrReset=1&csrfKey=c76034ce3b5af74eb2764c97bab4ca77 Action Description: Access denied with code 406 (phase 2). Justification: Pattern match "(/tmp|/proc|/dev)" at REQUEST_URI.  We still have one other problem, but that has to do with image uploads to the Gallery and is very specific. I will have to investigate that first myself, to see if I can recreate that.  Anyway, thanks for all the support from everybody, much appreciated!  Kind regards, WIm
Marc Posted May 22, 2023 Posted May 22, 2023 Glad to hear you found a solution to your issue there 🙂
wimg Posted May 22, 2023 Author Posted May 22, 2023 Thank you, Marc! And so am I! Took quite a long session with Support, they had trouble finding it too - not too familiar with the second security system yet. Kind regards, WIm
Recommended Posts