tim boyd Posted September 12, 2019 Share Posted September 12, 2019 12 hours ago, Dave Ambrose said: You're tripping up on a different "security" rule. These things are driving me insane(r), but I can't pull them out just yet. What browser are you using? Dave....sorry to hear that. On my laptop I am suing Internet Explorer....I'll try again tonight anyway....thanks for all you do for this Forum!!!! TIM Quote Link to comment Share on other sites More sharing options...
Dave Ambrose Posted September 12, 2019 Share Posted September 12, 2019 If it's not too much trouble, try a different browser. I haven't decoded that security rule, so I don't have a complete understanding of what it does. But, it does seem to be linked to the browser you're using. I recommend Chrome just because it's the most common, but Firefox should work fine too. Quote Link to comment Share on other sites More sharing options...
Jim B Posted September 15, 2019 Share Posted September 15, 2019 (edited) On 5/20/2019 at 4:06 PM, Koellefornia Kid said: I get the 404 error/page not found message every time I try to start a new topic. I can reply to posts though, but can´t start a new one Same here. Tried to start a new topic, but got the 404 error message. I've tried different browsers (IE Edge, Chrome) with the same results. Edited September 17, 2019 by Jim B Quote Link to comment Share on other sites More sharing options...
tim boyd Posted September 17, 2019 Share Posted September 17, 2019 (edited) Just tried to post an album of pictures of Round 2's new update of their 1963 Impala SS; again got the 404 error. This time I was using a different computer, and using Google Chrome instead of Internet Explorer. Hmmm....TB FURTHER UPDATE: I just started over, posting each element (a brief sentence in lieu of a detailed description, a link, and a photo) separately. With each "edit' up this point, all the elements posted OK. But when I tried copying a detailed description of/commentary about the kit from another source (my fotki site) once again the 404 error appeared. Not sure just what to think about this, but at least those interested in the subject can now go to my fotki site if they have an interest in the detailed commentary (and/or additional pictures of the kit and kit contents) . TB Edited September 17, 2019 by tim boyd Quote Link to comment Share on other sites More sharing options...
peteski Posted September 18, 2019 Share Posted September 18, 2019 As it has been discovered earlier, there is likely some combination of words in your detailed commentary that trips the forum's anti-hacking routine, causing the 404 error. Quote Link to comment Share on other sites More sharing options...
Jim B Posted September 18, 2019 Share Posted September 18, 2019 I think that was my issue as well. Quote Link to comment Share on other sites More sharing options...
Dave Ambrose Posted September 18, 2019 Share Posted September 18, 2019 I'll be working on this in a couple of weeks. There is a filter in our web server that is supposed to filter out malicious requests. Welcome to the post modern Internet. It doesn't work nearly as well as we'd like with this forum software, but I can't just disable them without getting the main MCM site attacked. We've been there, done that, and no thank you very much. I have some learning to do before I get this ironed out. You've all been incredibly patient so far, and I truly appreciate that. Please bear with me. It's us, not you. Quote Link to comment Share on other sites More sharing options...
tim boyd Posted September 21, 2019 Share Posted September 21, 2019 On 9/18/2019 at 12:44 PM, Dave Ambrose said: I'll be working on this in a couple of weeks. There is a filter in our web server that is supposed to filter out malicious requests. Welcome to the post modern Internet. It doesn't work nearly as well as we'd like with this forum software, but I can't just disable them without getting the main MCM site attacked. We've been there, done that, and no thank you very much. I have some learning to do before I get this ironed out. You've all been incredibly patient so far, and I truly appreciate that. Please bear with me. It's us, not you. Thanks for the update, Dave. Much appreciated, and yes, we will continue to be patient as well as appreciative of your e continued efforts to resolve the issue! TIM Quote Link to comment Share on other sites More sharing options...
peteski Posted September 23, 2019 Share Posted September 23, 2019 (edited) I have another post which generates an error when posting. Dave Ambrose, if you like, I could send you that text to experiment with (I have not isolated the specific trigger words). I probably won't be able to PM that text to you (since PMs are probably filtered too), so I would need your email address. Edited September 23, 2019 by peteski Quote Link to comment Share on other sites More sharing options...
Warren D Posted October 5, 2019 Share Posted October 5, 2019 Just got bit by this trying to update a thread I started. Quote Link to comment Share on other sites More sharing options...
Warren D Posted October 11, 2019 Share Posted October 11, 2019 Seems like it happens when I try to include a link to my web gallery on PBase.com. When I upload the photo directly, it seems to work. Quote Link to comment Share on other sites More sharing options...
Dave Ambrose Posted October 11, 2019 Share Posted October 11, 2019 3 hours ago, Warren D said: Seems like it happens when I try to include a link to my web gallery on PBase.com. When I upload the photo directly, it seems to work. We'd just as soon you directly upload the images anyway. That way they stay with the posting regardless of what happens with your photo hosting. We lost the images from Harry's builds because of PhotoBucket's change in policy and would like to avoid this in the future. Quote Link to comment Share on other sites More sharing options...
Rodent Posted October 11, 2019 Share Posted October 11, 2019 6 minutes ago, Dave Ambrose said: We'd just as soon you directly upload the images anyway. That way they stay with the posting regardless of what happens with your photo hosting. We lost the images from Harry's builds because of PhotoBucket's change in policy and would like to avoid this in the future. Yes please. My employer blocks all of the photo hosting sites. I don't even look at Under Glass or On The Workbench from work because I can't see a fair amount of the photos. Uploaded images are fine. Quote Link to comment Share on other sites More sharing options...
Warren D Posted October 11, 2019 Share Posted October 11, 2019 44 minutes ago, Dave Ambrose said: We'd just as soon you directly upload the images anyway. That way they stay with the posting regardless of what happens with your photo hosting. We lost the images from Harry's builds because of PhotoBucket's change in policy and would like to avoid this in the future. Most places prefer the link to keep their server sizes down, but ok. Quote Link to comment Share on other sites More sharing options...
Xingu Posted October 12, 2019 Share Posted October 12, 2019 19 hours ago, Warren D said: Most places prefer the link to keep their server sizes down, but ok. We are in a unique situation here, as we have a lot of storage space. That said, please reduce large files to a reasonable size. I generally use either 1024 or 1600 wide photos. Quote Link to comment Share on other sites More sharing options...
Ace-Garageguy Posted October 14, 2019 Share Posted October 14, 2019 (edited) Tried to post repeatedly to this thread at 7:16 PM EST. Oct. 13, 2019. 404 several times, even after reducing the size of the post and removing photos. Was locked off the site for an hour following the last attempt. EDIT: Was subsequently able to post photos with no text, then go back and edit in some much abbreviated text. May or may not attempt to add the earlier captions prior to the expiration of the edit window. Edited October 14, 2019 by Ace-Garageguy Quote Link to comment Share on other sites More sharing options...
peteski Posted October 14, 2019 Share Posted October 14, 2019 (edited) 3 hours ago, Ace-Garageguy said: Tried to post repeatedly to this thread at 7:16 PM EST. Oct. 13, 2019. 404 several times, even after reducing the size of the post and removing photos. Was locked off the site for an hour following the last attempt. EDIT: Was subsequently able to post photos with no text, then go back and edit in some much abbreviated text. May or may not attempt to add the earlier captions prior to the expiration of the edit window. Bill, this is the same problem you (and me, and others) posted about on the first page of this thread. The problem is that certain combinations of words anywhere in the text of the post you are composing get misidentified as a malicious request to the forum's database, and it results in the 404 (page not found) error. If you keep on trying, the forum locks you out for few hours (probably based on your IP address). To quote Dave Ambrose from an earlier post: I'll be working on this in a couple of weeks. There is a filter in our web server that is supposed to filter out malicious requests. Welcome to the post modern Internet. It doesn't work nearly as well as we'd like with this forum software, but I can't just disable them without getting the main MCM site attacked. We've been there, done that, and no thank you very much. So, it appears that we are unfortunately are stuck with this until hopefully someone comes up with a fix or workaround. Dave said that he is workign with the forum's vendor to hopefully come up with a workable solution. More info about the problem (and couple of specific words which activate the filter and cause the 404 error: Edited October 14, 2019 by peteski Quote Link to comment Share on other sites More sharing options...
Ace-Garageguy Posted October 14, 2019 Share Posted October 14, 2019 15 hours ago, peteski said: Bill, this is the same problem you (and me, and others) posted about on the first page of this thread. The problem is that certain combinations of words anywhere in the text of the post you are composing get misidentified as a malicious request to the forum's database, and it results in the 404 (page not found) error. If you keep on trying, the forum locks you out for few hours (probably based on your IP address). To quote Dave Ambrose from an earlier post: Yes sir, I'm aware of that. I posted this primarily with a time and thread reference so in case anyone might be looking at an event logger, they might gain some insight...as I think I was careful to not use any of the known word-strings that apparently trigger the thing. Quote Link to comment Share on other sites More sharing options...
Anglia105E Posted October 14, 2019 Share Posted October 14, 2019 3 hours ago, Ace-Garageguy said: Yes sir, I'm aware of that. I posted this primarily with a time and thread reference so in case anyone might be looking at an event logger, they might gain some insight...as I think I was careful to not use any of the known word-strings that apparently trigger the thing. Hope you don't mind if I add something to this thread, Bill....... today I successfully posted a new topic in ' On the Workbench ', by only including the photos in my post, along with a short one line explanation to say why there is no text, due to the Page not Found - 404 Error issue. Reading my larger body of text that was causing the problem, I cannot see anything wrong with it actually, so mystified as to what is going on. Replies are now flowing on my new topic and I have got my points across that were contained in the original problematic text. David Quote Link to comment Share on other sites More sharing options...
peteski Posted October 15, 2019 Share Posted October 15, 2019 1 hour ago, Anglia105E said: . . . Reading my larger body of text that was causing the problem, I cannot see anything wrong with it actually, so mystified as to what is going on. Replies are now flowing on my new topic and I have got my points across that were contained in the original problematic text. David The problem is that (as mentioned in this thread, and some other threads in this section of the forum) certain plain English words can falsely trigger the malicious attack filter. Couple of known words are s e l e c t followed by f r o m (without the spaces of course). The words do not have to be adjacent to trigger the filter. Did you possibly have those words in your lengthy post? There are likely undiscovered combinations of other words which will trigger the filter and the 404 error. Quote Link to comment Share on other sites More sharing options...
Matt Bacon Posted October 15, 2019 Share Posted October 15, 2019 What it’s trying to protect us from is what they call “SQL injection” where the text entered by a user is interpreted as commands in the database language that sits behind the site pages. There’s a full list of SQL code terms here: https://docs.snowflake.net/manuals/sql-reference/sql-all.html As you can see, lots of common words, and a good number we might use, like a l t e r and j o I n. Combine this with the way SQL uses punctuation marks and an innocuous word and an old school smiley can look like an attempted hack... best, M. Quote Link to comment Share on other sites More sharing options...
peteski Posted October 15, 2019 Share Posted October 15, 2019 Thanks Matt! That is some eye-opening information. Yet another example how hackers makes our lives more difficult. Quote Link to comment Share on other sites More sharing options...
Matt Bacon Posted October 15, 2019 Share Posted October 15, 2019 Thanks, Pete... it was your answer that triggered the the thought: s e l e c t f r o m xxx w h e r e something is classic SQL which means choose the entries from the data table called xxx the ones that have the feature something eg s from addresses w state is Michigan... best, M. Quote Link to comment Share on other sites More sharing options...
Anglia105E Posted October 15, 2019 Share Posted October 15, 2019 8 hours ago, peteski said: The problem is that (as mentioned in this thread, and some other threads in this section of the forum) certain plain English words can falsely trigger the malicious attack filter. Couple of known words are s e l e c t followed by f r o m (without the spaces of course). The words do not have to be adjacent to trigger the filter. Did you possibly have those words in your lengthy post? There are likely undiscovered combinations of other words which will trigger the filter and the 404 error. Thanks, Peter..... and I do understand the SQL stuff, and how computer stuff works because I am a self employed Technical Support Engineer, working in IT for 39 years. There was the word ' f r o m ' in my text, but even when I removed the word I still got the 404 error. Even when I re-composed the text in a totally different way, leaving out any suspect words, still got the 404 error...... I do realise how difficult it is to track down these problems and much of my work involves doing exactly that. Luckily, I saw that a fellow member announced that when he posted only his photos, and not the text, he was able to post. This allowed me to post the photos first of all, and then add bits of text afterwards in order to build up to what I wanted to say in the first large text. Phew! David Quote Link to comment Share on other sites More sharing options...
Matt Bacon Posted October 15, 2019 Share Posted October 15, 2019 I think given what Bill posted about being locked out for a period it must also have some kind of user “risk assessment” model, which makes it more sensitive after it’s “caught you” once. Maybe after the first “attack” is detected it thinks “we might have a wrong’un here” and ups the sensitivity, hence you either get locked out like Bill, or have to tiptoe past like you did, David. The question it would be good to hear an answer to from our hosts is whether this is a big or a feature? Is it doing what it’s meant to, but rather too enthusiastically, or is it actually malfunctioning? If the “404 not found” turns into “Sorry, Dave, I can’t do that.” we’d better start worrying.... best, M. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.