Forum Support

Advanced Search


Offline sheldesign
Free Member
Posts: 184
Posted on: October 31, 2016, 06:08:19 PM


I built a site using the Spectrum template in April 2015. I have since been doing regular maintenance on this site for the client and have had no issues with it.

But just last week I discovered an issue with a module using the Image and Content Fader. When I try to make any changes and click 'save' I get a '403 Forbidden' error page. In fact, when I simply open the module and then click close, I also get the '403' error page. I have also tried creating a new module using the Image and Content Fader, and likewise get a '403' Error.

I have 14 other existing modules using the Image and Content Fader and they can be modified and saved/closed without getting the 403 error. It is only the one module above (and when trying to create a new one) that I get the error. I can create new modules using other extensions, etc, but not the Image and Content Fader.

I have asked the web host to look into it, as it seemed like it must be a server issue. They have come back with the following:

"The module on Joomla seems to be vulnerable to a X-Changer SQL Injection Vulnerability which ModSecurity has flagged.
Nov 1 05:17:10 httpd [modsecurity] [Tue Nov 1 05:17:10 2016] [error] [client] ModSecurity: Access denied with code 403, [Rule: 'ARGS:from|ARGS:into|ARGS:id' '(?Sad?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)'] [id "390025"] [msg " WAF Rules - Virtual Just In Time Patch: X-Changer SQL Injection Vulnerability"]
As you are on a shared hosting package, at this stage we would recommend disabling this plugin and use an alternative."

I explained that it's not a plugin and that I don't have an alternative to use! And I explained what I have detailed above to you.

Can you shed any light on this?

many thanks

Offline mikek
Free Member
Posts: 28743 WWW
Posted on: November 01, 2016, 07:52:14 AM


I am not sure what they are trying to show in that code you pasted, that's not from our module. There is a variable called "args", but that's just an array, the rest of the code given is not in our module. Their explanation also doesn't explain why it would work on your other copies and not this one. If those are on the same site, perhaps it's easier to just re-create that copy of the module.

I would suggest updating the module to the latest files. If it has code in it that's not from our original modified, that tells me something has modified.

And to be clear there's nothing in the module that has any potential to cause an injection, and we've never had a report of such.

Offline sheldesign
Free Member
Posts: 184
Posted on: November 01, 2016, 05:04:21 PM

Hi Mike

Yes that's exactly what I said to them - if there was an error with the module none of them would work. Nothing has been modified and it's been working fine for the past year (the error only started last week). That's all great information though - I will pass that on to them as more evidence that it's something on the server, not the site.


Jump to:  

Powered by SMF | SMF © 2013, Simple Machines
Joomla Bridge by
Page created in 0.018 seconds with 21 queries.
Need some help getting your site up and running? Be sure to check out our tutorials area, post on the forum or hire us
Send Us An Email
Please send us your questions and we will email you back as soon as we can. Product support questions should be posted in our support forums under the Help menu. Our staff will assist you from there.