vBulletin – posts redirecting to content.php

Ran into an interesting issue on vBulletin today where a single user’s posts redirected to foobar.com/vbulletin-path/content.php instead of foobar.com/vbulletin-path/showthread.php?21589-Title-Of-My-Post. What we knew at the time was that it appeared limited to a single user, and to two of their posts (but none of their other 100’s of posts). Or at least nobody else was complaining and we couldn’t replicate it on a spot-check of 100 other posts. Further, functionality worked fine in Tapatalk and, as it appeared anyways, as one would shorten the posts to “random” shorter lengths it would work as well. I.e. one post worked if you shortened the URL by 10 characters, say: “foobar.com/vbulletin-path/showthread.php?21589-Title-” instead of “foobar.com/vbulletin-path/showthread.php?21589-Title-Of-My-Post”, and another if you went 22 characters shorter or more. Further, it was not OS specific nor browser specific. Every OS and browser I could get my hands on replicated it. The posts look innocent enough. This isn’t exact verbiage, but an alternative example of the thread title/links that were doing it was:


Title: “Visited LFS (Local Fish Store) today” resulting in a link of:
showthread.php?22223-Visited-LFS-(-Local-Fish-Store-)-today


and


Title: “Update of my Aquarium” resulting in a link of:
showthread.php?22222-Update-of-my-Aquarium


The first post would work if one shortened it to:
showthread.php?22223-Visited-LFS-(-Local-Fish-Store-
or shorter, all the way down to:
showthread.php?22223


The second post would work if one shortened it to:
showthread.php?22222-Updat
or shorter, all the way down to:
showthread.php?22222


Even disabling hooks and practically re-installing the entire site’s forums didn’t help. Nothing in the access_log or error_log indicated anything either.


Ultimately, the issue proved to be mod_security in Apache. In particular, there were a couple different violations.


For the issue:
Title: “Update of my Aquarium” resulting in a link of:
showthread.php?22222-Update-of-my-Aquarium


OWASP’s Mod Security rule #981247 prevented the term ‘Update’ (among other key SQL terms such as union|delete|select|etc.) directly after a number and dash. Or in vBulletin terms, as the first word of the post. (There are obviously other ways this could be violated, but this is what triggered it in this case.) Rather than simply deleting this rule, I modified the regular expression behind this rule as:





Which relaxed this rule a little bit and allowed such forum titles.


For the issue:
Title: “Visited LFS (Local Fish Store) today” resulting in a link of:
showthread.php?22223-Visited-LFS-(-Local-Fish-Store-)-today


This violated OWASP’s Mod Security rule #981261. Knowing this, I saw that this rule was being ‘violated’ all the time in vBulletin and ultimately I disabled this rule due to the sheer quantity of false hits it was causing.

Spamassassin, RelayCountry, Exim, add_header, and (sorta) cPanel

Previously, my server was using MailScanner which allowed the direct addition of SpamAssassin headers into the email’s Mime Header. However, Exim doesn’t handle SpamAssassin the same way and the typically documented technique for adding headers doesn’t work. (Side note: this has nothing to do with cPanel per se, it just so happens this was on a cPanel box which uses Exim (by default) and thought I’d drop that term in here for people searching out a solution on “cPanel installs”.) In this case, I’m using the RelayCountry plugin and I wanted to see the country list that the emails bounced through prior to arriving on my server.

(more…)

Menalto Gallery GdFunctionality.class fix

When upgrading from PHP 5.2 to a newer 5.x version, Menalto’s Gallery resulted in the following error:

Warning: Missing argument 3 for GdFunctionality::imageJpeg(), called in /home/userdir/public_html/gallery2/modules/gd/classes/GdToolkit.class on line 527 and defined in /home/userdir/public_html/gallery2/modules/gd/classes/GdFunctionality.class on line 351

Rather than just turning off warnings, I fixed it with the following code segment:
(more…)

Site migration day.

If you need to contact me, please visit: http://www.whodah.com/contactWD.php

I upgraded the server hardware and software earlier this month. Many instances of depreciated and insecure code led me to the decision to migrate the site to a new platform. Especially with more on the way as PHP revisions advance. I’ll migrate some of the nifty stuff from the old platform to the new platform, others will just go the way of the Dodo. Enjoy!