Joomla tips and tricks for the novice or the hacker. Serving Him by giving back what we have learned.
     
Home arrow Blogs arrow Joomla Extensions arrow sh404SEF arrow Internal Server Error When Saving
Internal Server Error When Saving
 

Views : 1895    

Do you get a server error after editing the configuration?

Something like:

Internal Server Error


in your browser?

If your hosting provider has Mod_Security in place on the apache server.  It may be caused because it recognizes it as a rootkit attack.  This attack is for known rootkits, remote toolkits, etc.


This is from Savannah W-ITS,

Review web logs on a regular basis and think about adding filters from IP addresses that are abusive (don't forget to look at the sub-networks).  For example, if don't do business overseas, you can disable access from those areas. Currently (as of Fall 2008) most of the web SPAM posting attempts or RootKit/SQL attacks are coming from central Europe for China.  Once you eliminate access the bad guys will (most likely) go after easier prey.

Here is the guidelines from a hosting provider on how to fix this on a per instance basis.


The first thing to do is log in to the terminal. Once in type " cat
/usr/local/apache/logs/error_log | grep 500 | grep <type the domain name
here>" it should spit out a bunch of stuff you will be looking for ones that
look similar to this:

[Tue Feb 10 08:45:30 2009] [error] [client 219.85.63.226] ModSecurity: Access denied with code 4 06 (phase 2). Pattern match "=(http|www|ftp)\\:/(.+)\\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp| dat|txt|js|html?|tmp|asp)\\x20?\\?" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2/rootki ts.conf"] [line "3"] [id "390144"] [rev "1"] [msg "Rootkit attack: Generic Attempt to install ro otkit"] [severity "CRITICAL"] [hostname "joomlacomponentmanager.com"] [uri "/component//administ rator/components/com_pollxt/conf.pollxt.php"] [unique_id "s1DzyUPjj4QAAGYrEicAAAAM"]


From that long list the only real thing you need is the id which on this one
is 390144.

You then use a text editor of your choice and go to
/usr/local/apache/conf/httpd.conf go to the vhost entry for the domain.

Then type on its own lines:
<Location "/administrator">SecRuleRemoveById 390144</Location>

Then restart apache.

    
Quote this article in website
Favoured
Print
Send to friend
Related articles
Save this to del.icio.us

Users' Comments  RSS feed comment
 

Average user rating

   (0 vote)

  


Add your comment
[-] Hide form
Name
E-mail
Title  
Comment
 
Available characters: 600
   Notify me of follow-up comments
  Mathguard security question:
A44         LYJ      
O      W    R M   LQM
JFW   64W   2 4      
  8    4    T L   BSD
ROW         AR2
   
   

No comment posted



mXcomment 1.0.8 © 2007-2010 - visualclinic.fr
License Creative Commons - Some rights reserved
Next >
[ Back ]

Your help is a blessing

Enter Amount:

Most Read Articles

Newsletter

Please subscribe to our newsletter.

We will NOT be sending you sales or buy now stuff.

The newsletter will only have technical info. to help you with your web efforts.

Geek Updates


Receive HTML?

Popular Tips on Extensions

Last comments

Removing the ask about this...
hg
thanks google.com
More...
By berta

Images are cut off in...
not working
Hey. Good tip, but it doesnt...
More...
By piti4ek

Product detail gets pushed...
Worked for me
Thanks for posting this...
More...
By Vincent Treanor

How to use a different home...
Web guy
In your menu manager, be sure...
More...
By Jeff Honeyager

How to use a different home...
Joomla Home Page
Thanks for the article. I...
More...
By RoshJay

Post your Joomla Resume Here

gears.gifLooking for a Joomla expert to help with a problem or with your website.


Go to our FREE job postings and add your job. 

To see our "no charge" job posting and service provider area CLICK HERE NOW .

Latest Comments

No comment...

Login
Geeks for Grace a Narrow Path Hosting Partner
Powered By PageCache
Generated in 0.16527 Seconds