Joomla tips and tricks for the novice or the hacker. Serving Him by giving back what we have learned.
     
Home arrow Blogs arrow Joomla Extensions arrow sh404SEF arrow Internal Server Error When Saving
Internal Server Error When Saving
Do you get a server error after editing the configuration?

Something like:

Internal Server Error


in your browser?

If your hosting provider has Mod_Security in place on the apache server.  It may be caused because it recognizes it as a rootkit attack.  This attack is for known rootkits, remote toolkits, etc.


This is from Savannah W-ITS,

Review web logs on a regular basis and think about adding filters from IP addresses that are abusive (don't forget to look at the sub-networks).  For example, if don't do business overseas, you can disable access from those areas. Currently (as of Fall 2008) most of the web SPAM posting attempts or RootKit/SQL attacks are coming from central Europe for China.  Once you eliminate access the bad guys will (most likely) go after easier prey.

Here is the guidelines from a hosting provider on how to fix this on a per instance basis.


The first thing to do is log in to the terminal. Once in type " cat
/usr/local/apache/logs/error_log | grep 500 | grep <type the domain name
here>" it should spit out a bunch of stuff you will be looking for ones that
look similar to this:

[Tue Feb 10 08:45:30 2009] [error] [client 219.85.63.226] ModSecurity: Access denied with code 4 06 (phase 2). Pattern match "=(http|www|ftp)\\:/(.+)\\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp| dat|txt|js|html?|tmp|asp)\\x20?\\?" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2/rootki ts.conf"] [line "3"] [id "390144"] [rev "1"] [msg "Rootkit attack: Generic Attempt to install ro otkit"] [severity "CRITICAL"] [hostname "joomlacomponentmanager.com"] [uri "/component//administ rator/components/com_pollxt/conf.pollxt.php"] [unique_id "s1DzyUPjj4QAAGYrEicAAAAM"]


From that long list the only real thing you need is the id which on this one
is 390144.

You then use a text editor of your choice and go to
/usr/local/apache/conf/httpd.conf go to the vhost entry for the domain.

Then type on its own lines:
<Location "/administrator">SecRuleRemoveById 390144</Location>

Then restart apache.
 
Next >
[ Back ]

Your help is a blessing

Enter Amount:

Most Read Articles

Newsletter

Please subscribe to our newsletter.

We will NOT be sending you sales or buy now stuff.

The newsletter will only have technical info. to help you with your web efforts.

Geek Updates


Receive HTML?

For Expert Joomla Help...

We've been at it for years. We have a closet full of t-shirts.

Visit Expert Web Professionals .
We can help with your Joomla project.



Popular Tips on Extensions

Last comments

Images are cut off in...
not working
Hey. Good tip, but it doesnt...
More...
By piti4ek

Product detail gets pushed...
Worked for me
Thanks for posting this...
More...
By Vincent Treanor

How to use a different home...
Web guy
In your menu manager, be sure...
More...
By Jeff Honeyager

How to use a different home...
Joomla Home Page
Thanks for the article. I...
More...
By RoshJay

Jiggle Effect for Catalyst...
Great Post! Great Site
Thank you very much. This is...
More...
By mchlcnco

Post your Joomla Resume Here

gears.gifLooking for a Joomla expert to help with a problem or with your website.


Go to our FREE job postings and add your job. 

To see our "no charge" job posting and service provider area CLICK HERE NOW .

Latest Comments

No comment...

Login
Geeks for Grace a Narrow Path Hosting Partner
Powered By PageCache
Generated in 0.02264 Seconds