Is anyone else getting "page not found" messages when trying to reply to a post?

[tim boyd]

12 hours ago, Dave Ambrose said:

You're tripping up on a different "security" rule. These things are driving me insane(r), but I can't pull them out just yet. What browser are you using? 

Dave....sorry to hear that.  On my laptop I am suing Internet Explorer....I'll try again tonight anyway....thanks for all you do for this Forum!!!!   TIM   

[Dave Ambrose]

If it's not too much trouble, try a different browser. I haven't decoded that security rule, so I don't have a complete understanding of what it does. But, it does seem to be linked to the browser you're using. I recommend Chrome just because it's the most common, but Firefox should work fine too. 

[Jim B]

On 5/20/2019 at 4:06 PM, Koellefornia Kid said:

I get the 404 error/page not found message every time I try to start a new topic. I can reply to posts though, but can´t start a new one 

Same here.  Tried to start a new topic, but got the 404 error message.  I've tried different browsers (IE Edge, Chrome) with the same results.  

Edited September 17, 2019 by Jim B

[tim boyd]

Just tried to post an album of pictures of Round 2's new update of their 1963 Impala SS; again got the 404 error.  This time I was using a different computer, and using Google Chrome instead of Internet Explorer.  Hmmm....TB 

FURTHER UPDATE:  I just started over, posting each element (a brief sentence in lieu of a detailed description, a link, and a photo) separately.  With each "edit' up this point, all the elements posted OK.  But when I tried copying a detailed description of/commentary about the kit from another source (my fotki site) once again the 404 error appeared. 

Not sure just what to think about this, but at least those interested in the subject can now go to my fotki site if they have an interest in the detailed commentary (and/or additional pictures of the kit and kit contents) .  TB 

 

Edited September 17, 2019 by tim boyd

[peteski]

As it has been discovered earlier, there is likely some combination of words in your detailed commentary that trips the forum's anti-hacking routine, causing the 404 error.

[Jim B]

I think that was my issue as well.

[Dave Ambrose]

I'll be working on this in a couple of weeks. There is a filter in our web server that is supposed to filter out malicious requests. Welcome to the post modern Internet. It doesn't work nearly as well as we'd like with this forum software, but I can't just disable them without getting the main MCM site attacked. We've been there, done that, and no thank you very much.

I have some learning to do before I get this ironed out. You've all been incredibly patient so far, and I truly appreciate that. Please bear with me. It's us, not you.

[tim boyd]

On 9/18/2019 at 12:44 PM, Dave Ambrose said:

I'll be working on this in a couple of weeks. There is a filter in our web server that is supposed to filter out malicious requests. Welcome to the post modern Internet. It doesn't work nearly as well as we'd like with this forum software, but I can't just disable them without getting the main MCM site attacked. We've been there, done that, and no thank you very much.

I have some learning to do before I get this ironed out. You've all been incredibly patient so far, and I truly appreciate that. Please bear with me. It's us, not you.

Thanks for the update, Dave.  Much appreciated, and yes, we will continue to be patient as well as appreciative of your e continued efforts to resolve the issue!  TIM 

[peteski]

I have another post which generates an error when posting. Dave Ambrose, if you like, I could send you that text to experiment with (I have not isolated the specific trigger words).  I probably won't be able to PM that text to you (since PMs are probably filtered too), so I would need your email address.

Edited September 23, 2019 by peteski

[Warren D]

Just got bit by this trying to update a thread I started.

[Warren D]

Seems like it happens when I try to include a link to my web gallery on PBase.com.  When I upload the photo directly, it seems to work.

[Dave Ambrose]

3 hours ago, Warren D said:

Seems like it happens when I try to include a link to my web gallery on PBase.com.  When I upload the photo directly, it seems to work.

We'd just as soon you directly upload the images anyway. That way they stay with the posting regardless of what happens with your photo hosting. We lost the images from Harry's builds because of PhotoBucket's change in policy and would like to avoid this in the future. 

[Rodent]

6 minutes ago, Dave Ambrose said:

We'd just as soon you directly upload the images anyway. That way they stay with the posting regardless of what happens with your photo hosting. We lost the images from Harry's builds because of PhotoBucket's change in policy and would like to avoid this in the future. 

Yes please. My employer blocks all of the photo hosting sites. I don't even look at Under Glass or On The Workbench from work because I can't see a fair amount of the photos. Uploaded images are fine.

[Warren D]

44 minutes ago, Dave Ambrose said:

We'd just as soon you directly upload the images anyway. That way they stay with the posting regardless of what happens with your photo hosting. We lost the images from Harry's builds because of PhotoBucket's change in policy and would like to avoid this in the future. 

Most places prefer the link to keep their server sizes down, but ok.

[Xingu]

19 hours ago, Warren D said:

Most places prefer the link to keep their server sizes down, but ok.

We are in a unique situation here, as we have a lot of storage space. That said, please reduce large files to a reasonable size. I generally use either 1024 or 1600 wide photos.

[Ace-Garageguy]

Tried to post repeatedly to this thread at 7:16 PM EST. Oct. 13, 2019. 404 several times, even after reducing the size of the post and removing photos. Was locked off the site for an hour following the last attempt.

EDIT: Was subsequently able to post photos with no text, then go back and edit in some much abbreviated text. May or may not attempt to add the earlier captions prior to the expiration of the edit window.

 

Edited October 14, 2019 by Ace-Garageguy

[peteski]

3 hours ago, Ace-Garageguy said:

Tried to post repeatedly to this thread at 7:16 PM EST. Oct. 13, 2019. 404 several times, even after reducing the size of the post and removing photos. Was locked off the site for an hour following the last attempt.

EDIT: Was subsequently able to post photos with no text, then go back and edit in some much abbreviated text. May or may not attempt to add the earlier captions prior to the expiration of the edit window.

 

Bill, this is the same problem you (and me, and others) posted about on the first page of this thread.   The problem is that certain combinations of words anywhere in the text of the post you are composing get misidentified as a malicious request to the forum's database, and it results in the 404 (page not found) error.  If you keep on trying, the forum locks you out for few hours (probably based on your IP address).

To quote Dave Ambrose from an earlier post:

I'll be working on this in a couple of weeks. There is a filter in our web server that is supposed to filter out malicious requests. Welcome to the post modern Internet. It doesn't work nearly as well as we'd like with this forum software, but I can't just disable them without getting the main MCM site attacked. We've been there, done that, and no thank you very much.

So, it appears that we are unfortunately are stuck with this until hopefully someone comes up with a fix or workaround.  Dave said that he is workign with the forum's vendor to hopefully come up with a workable solution.

 

More info about the problem (and couple of specific words which activate the filter and cause the 404 error:

 

 

Edited October 14, 2019 by peteski

[Ace-Garageguy]

15 hours ago, peteski said:

Bill, this is the same problem you (and me, and others) posted about on the first page of this thread.   The problem is that certain combinations of words anywhere in the text of the post you are composing get misidentified as a malicious request to the forum's database, and it results in the 404 (page not found) error.  If you keep on trying, the forum locks you out for few hours (probably based on your IP address).

To quote Dave Ambrose from an earlier post:

 

 

 

Yes sir, I'm aware of that. I posted this primarily with a time and thread reference so in case anyone might be looking at an event logger, they might gain some insight...as I think I was careful to not use any of the known word-strings that apparently trigger the thing.

[Anglia105E]

3 hours ago, Ace-Garageguy said:

Yes sir, I'm aware of that. I posted this primarily with a time and thread reference so in case anyone might be looking at an event logger, they might gain some insight...as I think I was careful to not use any of the known word-strings that apparently trigger the thing.

Hope you don't mind if I add something to this thread, Bill....... today I successfully posted a new topic in ' On the Workbench ', by only including the photos in my post, along with a short one line explanation to say why there is no text, due to the Page not Found - 404 Error issue. Reading my larger body of text that was causing the problem, I cannot see anything wrong with it actually, so mystified as to what is going on. Replies are now flowing on my new topic and I have got my points across that were contained in the original problematic text.

David

[peteski]

1 hour ago, Anglia105E said:

. . .

Reading my larger body of text that was causing the problem, I cannot see anything wrong with it actually, so mystified as to what is going on. Replies are now flowing on my new topic and I have got my points across that were contained in the original problematic text.

David

The problem is that (as mentioned in this thread, and some other threads in this section of the forum) certain plain English words can falsely trigger the malicious attack filter.  Couple of known words are s e l e c t followed by f r o m (without the spaces of course).  The words do not have to be adjacent to trigger the filter. Did you possibly have those words in your lengthy post?  There are likely undiscovered combinations of other words which will trigger the filter  and the 404 error.
 

[Matt Bacon]

What it’s trying to protect us from is what they call “SQL injection” where the text entered by a user is interpreted as commands in the database language that sits behind the site pages. There’s a full list of SQL code terms here: https://docs.snowflake.net/manuals/sql-reference/sql-all.html

As you can see, lots of common words, and a good number we might use, like a l t e r and j o I n. Combine this with the way SQL uses punctuation marks and an innocuous word and an old school smiley can look like an attempted hack...

best,

M.

[peteski]

Thanks Matt!  That is some eye-opening information. Yet another example how hackers makes our lives more difficult.

[Matt Bacon]

Thanks, Pete... it was your answer that triggered the the thought: s e l e c t  f r o m  xxx w h e  r e something is classic SQL which means choose the entries from the data table called xxx the ones that have the feature something eg s from addresses w state is Michigan...

best,

M.

[Anglia105E]

8 hours ago, peteski said:

The problem is that (as mentioned in this thread, and some other threads in this section of the forum) certain plain English words can falsely trigger the malicious attack filter.  Couple of known words are s e l e c t followed by f r o m (without the spaces of course).  The words do not have to be adjacent to trigger the filter. Did you possibly have those words in your lengthy post?  There are likely undiscovered combinations of other words which will trigger the filter  and the 404 error.
 

Thanks, Peter..... and I do understand the SQL stuff, and how computer stuff works because I am a self employed Technical Support Engineer, working in IT for 39 years. There was the word ' f r o m ' in my text, but even when I removed the word I still got the 404 error. Even when I re-composed the text in a totally different way, leaving out any suspect words, still got the 404 error...... I do realise how difficult it is to track down these problems and much of my work involves doing exactly that. Luckily, I saw that a fellow member announced that when he posted only his photos, and not the text, he was able to post. This allowed me to post the photos first of all, and then add bits of text afterwards in order to build up to what I wanted to say in the first large text. Phew!

David

[Matt Bacon]

I think given what Bill posted about being locked out for a period it must also have some kind of user “risk assessment” model, which makes it more sensitive after it’s “caught you” once. Maybe after the first “attack” is detected it thinks “we might have a wrong’un here” and ups the sensitivity, hence you either get locked out like Bill, or have to tiptoe past like you did, David. The question it would be good to hear an answer to from our hosts is whether this is a big or a feature? Is it doing what it’s meant to, but rather too enthusiastically, or is it actually malfunctioning? If the “404 not found” turns into “Sorry, Dave, I can’t do that.”  we’d better start worrying....

best,

M.