I'm not getting a 404 anywhere, the browser URL basically just showsthecoalman wrote: Fri Mar 01, 2024 2:03 am What does the address say in the browser after getting 404?
Code: Select all
https://www.kingdommythica.info/adm/index.php
error_reporting(E_ALL - E_NOTICE);
, determine where that is coming from. The last time I updated the forum, it was several months back, and the style was upgraded as well, but this acp login loop wasn't happening back then.thecoalman wrote: Fri Mar 01, 2024 2:30 am My mistake, another topic. Does issue persist switching to prosilver? Did you upgrade the style when you upgraded forum?
If you haven't already done so clear the cache manually. Using FTP delete everything in the cache folder except .htaccess and index.htm.
I found where that was coming from and was a suggested fix from another topic, but I have removed the line and it should be gone.thecoalman wrote: Fri Mar 01, 2024 2:30 amMay not be your problem but it's a problem. At the top of the page is the texterror_reporting(E_ALL - E_NOTICE);
, determine where that is coming from.
That's used to override the default error logging level and would only be used in php script. It should not be displayed as output. Additionally the default error logging level can be changed in the php.in so it affects all scripts.
Alright, I found ModSecurity in the cpanel and turned it off for that domain. and turning it off appears to solve the issue with the ACP Login Loop that I'm having, so I'm going to update the ticket that I have with my hosting provider about this since ModSecurity may be causing the issue.thecoalman wrote: Mon Mar 04, 2024 3:25 pm Open your hosting control panel and see if there is setting for mod_security, turn it off and see if that helps.
If that works let your hosting support know about the issue so they can resolve the problem and you can turn it back on.
I looked through the server error logs as well and didn't see anything that mentions mod-security.thecoalman wrote: Mon Mar 04, 2024 3:25 pm If you would check your server error logs, if you see any lines related to mod_security post them here please. You can also relay them to the host.
Imunify is apparently providing the rule set for mod_security. It's triggering on a path traversal, the redirect is usingMick wrote: Tue Mar 05, 2024 9:57 am What is Imunify360 set to, I saw another post mentioning that only yesterday? A2 should be able to help you with that.
viewtopic.php?p=16001419#p16001419
./../adm/index.php
. It's used as hidden input value posted by the user so that is probably why it's being triggered. I recall there being a post about same issue a year or two ago but I think that was OWASP rules. If there is any other inputs with hidden redirect input values they aren't being affected because they are in the same directory.