I think I broke phpMyAdmin: I did nothing and now I cant login, because the form isnt on the website. I used my backup and uploaded it, but its still not there.
Please help me
the website: prog-kid.prog-ag.de/phpmyadmin/index.php
There is a hidden error message in your page. After manually showing it, it reads:
There is mismatch between HTTPS indicated on the server and client. This can lead to non working phpMyAdmin or a security risk. Please fix your server configuration to indicate HTTPS properly.
Also, your page is complaining that jQuery and $ are not defined, meaning that jQuery is not loading correctly (probably because of the above error).
It's pleasure to be here; hoping a good support from all.
I am developing this application using personal FrameWork (CITS: construesol.com/our-solutions/cits-framework.html)
Facing the following issue, and not sure if this is due to some server or issue in my framework.
This Works: wrosc.commbuss.com/index.php
This gives Page not found error:
wrosc.commbuss.com/index.php?login__ga=GA1.2.1438238513.1446927241&
login_ck_login_id_20=1&
login_ck_login_language_20=en_us&
login_default_horde_view=auto&
login_PHPSESSID=evnvh60rcd8j37b64ajbb02vi7&
login_feacc482788c1ab9a7c03bcd5b19c90e=CookieEnabledClient
These are the additional paramaters passed from my machine; may be due to some tools I am using with my browser; like FireBug
&login__ga=GA1.2.1438238513.1446927241&
login_ck_login_id_20=1&
login_ck_login_language_20=en_us&
login_default_horde_view=auto&
login_PHPSESSID=evnvh60rcd8j37b64ajbb02vi7&
login_feacc482788c1ab9a7c03bcd5b19c90e=CookieEnabledClient
I am running a loop for $_REQUEST to check if some parameters are passed to redirect user to proper module (Parameters received: This is the feature of the framework).
The problem is only with this machine (and all developer) and not on "Non-Developer" machines; As we think this is due to some tools we are using with browser (e.g. FireBug)
NOTE: **** "login_" in front of each parameter is performed by the framework
Resolved the bug: Issue was with Framework, handled using urlencode
***But still those parameters are passed.
I'm new to moodle environment and I'm having this error:
Not Acceptable!
An appropriate representation of the requested resource could not be
found on this server. This error was generated by Mod_Security.
I haven't done anything, I'm just viewing the registered users in my website:
http://www.joyfementira.com/dnsc/it14lms I've noticed that my profile picture is not properly loaded so I clicked on it (picture's position), and after that the error came out.
What probably caused this error and how would I fix it?
I was experiencing same issue with my WP site shared-hosted in HostMonster. I resolved simply by accessing to the server via SSH and added the following lines on the .htaccess file :
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
Just to add to the answers. If this happens while you are trying to login to a WordPress website admin and you are using any type of VPN on your machine, you'd have to turn it off to solve the problem.
If you turn off your VPN, you'd be able to login without experiencing the issue.
Apache has a mod_security tool that tries to block SQL injections by url. This rule is also blocking some real urls. The solution is:
access WHM in your dedicated server
search for mod_security tools
check if it's blocking some urls
click in the rule id
click in deploy and Restart Apache
if you don't have access to WHM in your server. Pass this issue to your server administrator.
This is the rule that was blocking my urls
SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer "\b(\d+) ?= ?\1\b|\'\"[\'\"] ?= ?[\'\"]\2\b" \
"phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'SQL Injection Attack',id:'959901',tag:'WEB_ATTACK/SQL_INJECTION',logdata:'%{TX.0}',severity:'2'"
This error will appear in some sites if cookies are turned off and mod_security requires cookies to match session data. It is suppossed to make things more secure... it ends up just annoying. Especially because web indexing crawlers like googleBot and other search engines do not use cookies, so THEY see this error instead of your site.
Do you have experience in setting up servers? Is this hosted by yourself or is it a shared hosting package?
The reason I ask is because this is a server-side (Apache) issue.
First, make sure your .htaccess file doesn't have any silly rules in it. The error arises because the server is denying access.
Second, make sure your file permissions are set up correctly. Generally speaking, you want directories to be 7/0/0 or 7/5/0 and files to be 6/0/0 or 6/4/0.
Read this for more details on Moodle security guidelines.
As for the profile picture issue, I'm not entirely sure what you're referring to so unfortunately I'm unable to answer that question. I doubt the two issues are related from the sounds of things.
I'm writing scripts to communicate from one server to another and I don't own either servers and cannot change any settings. I was getting the Not Acceptable error with some embedded URLs but not others. For example this one gets Not Acceptable:
http://magic.kayaker.net/simlink.php?avname=http://junk.com
While this one does not:
http://magic.kayaker.net/simlink.php?name=http://junk.com
(fails whether I escape the query or not) The second one gets an unknown command, which is an error my script generates, the first one returns the not acceptable without ever running my php script.
My solution has been to strip the http:// off all URLs and have the scripts on both ends put it back on.
In my case, I received this error when sending to viewer file wrong path to the file it needed to view.
err: example.com/subDir/myViewer.php?file=%27../../myImages/myFile.gif%27
fix: example.com/subDir/myViewer.php?file=%27../myImages/myFile.gif%27
It had the same problem when enter a link in a form.
It's is not the http:// or https://
In the form i had
<input type='text' name='demo'>
The name='demo' wasn't accepted anymore. I altered name='demo' into name='link' and solve it.
Most of the time this error occurs due to location. in my case, that was also an IP issue.
Use any FREE VPN to fix this issue for a permanent solution you can contact your hosting provider to white list your IP.
I had the same error when submitting a form to insert values into a database. The issue was that one of the form inputs was a link (with https). Once I took that input out, the error stopped showing up.
...In my case I was trying to save a Wordpress menu, with a link that pointed to #process (a div´s ID)...changed the #process to #ourprocess and it worked...
pretty strange if you asked me, but as real as it gets, I was able to replicate the issue more than 10 times. It is definitely the URL of the link that is blacklisted...
so, if you are using Wordpress in a shared hosting (in my case is Bluehost) it could be this... or something similar.
If this is on WordPress, You just need to contact your hosting provider, They will white list your IP
For me it was a missing Content-Type header in my Insomnia requests!
Shout out to this blog post:
https://clay-atlas.com/us/blog/2021/10/17/wordpress-en-not-acceptable-mod-security/
Using HTTP header in request helped in my case
headers = {'user-agent': ...}
requests.get(url, headers=headers)
Encountered same issue today.
I was trying to access wordpress admin dashboard with browsec vpn turned on.
I turned it off and issue was resolved in seconds.
I'm trying to get Gracenote APi to work on my site. I got it working some months back but never went any further. I am using the same credintials that used back then when it worked and the php gracnote class from Rich Adams on github. I am trying to get the example file to work but am recieving this error.
Fatal error: Undefined class constant 'HTTP_RESPONSE_ERROR' in C:\wamp\www\Interface\php-gracenote-master\php-gracenote\HTTP.class.php on line 113
This is on my localhost atm. I tried it on my server aswell and it threw the same error.
I have made another app on Gracenote thinking they may have blocked the old one but that didn't help. Does gracenote block the entire account if it isn't active for some months or I am I just been a tool and missing something here?
EDIT
The issue seems to be when trying to register for a user id
This is caused when cURL returns an error code when trying to make the request to Gracenote's servers.
There was a bug in php-gracenote where HTTP_RESPONSE_ERROR wasn't defined, which is why you didn't get a human-friendly error message. I've just updated the code on GitHub, so you'll actually get a proper error now.
The exception will give you the cURL error code that was returned, which you can lookup in the libcurl error codes to see what the problem is. Could be anything from a DNS issue to an incorrect SSL version.
As far as I'm aware, Gracenote doesn't deactivate accounts for inactivity on the developer program. This may change in future though.
I have a website set up that uses a custom 404 error page. This seems to be working on most pages.
In fact, I have two different error pages that I want to show, and now a third that I just found out about.
This page, which does not exist, shows the correct error page that should be shown if a page cannot be found. This shows the error page as configured in my .htaccess file:
http://www.canadiancommuter.com/wontfindthis.php
This error page is generated from my PHP code if someone tries to access an old article that no longer exists in the database:
http://www.canadiancommuter.com/2334054466-some+old+article.html
However, this link, which will also generate a 404 error, shows a different error page (which usually includes advertising):
http://www.canadiancommuter.com/2012062500-TTC+asks+Ministry+of+Labour+to+treat+CNE+like+Rolling+Stones+concert%2FCaribana.html
I know the reason WHY this URL doesn't work. I purposely added characters to it to cause it to return a 404 error. My problem is that I can't figure out WHERE this other 404 error page is coming from.
It's not in my .htaccess file, the error page from my .htaccess file can be seen in the first link above.
It's not in my code. The only error page generated by the code itself can be seen in the second link above.
The only other places it could come from is my domain registrar, and my web host.
The domain is registered through one registrar, but points to my hosting account with another provider. The registrar says that because I'm just pointing the DNS for my domain to we web host the error page wouldn't come from them, but would come from my web host.
My web host says this error page isn't coming from them, but must be in my code.
I've heavily modified all of the code used for this site, so I'm pretty confident that the error page is not coming from there.
Does anyone have any ideas where I should look for this error page?
(Just a note, I'm not certain the registrar or the web host were entirely sure of what they were talking about, so I haven't ruled out either of them as being the source of this page. However, a thorough look through the administrative consoles for both do not reveal anything to this effect.)
Your pages are being served through a proxy running cloudflare-nginx which could be catching some 404 errors because slashes in either / or %2F form cause a different 404 page to be served.
Do you have an .htaccess rule that catches all of the possible 404 errors and not just the ones that match your filename scheme? If not, try setting one up. You could also try to run the site in a local server instance and see if the 404 pages behave as expected.
Edited because I mistakenly took characters produced by Transfer-encoding: chunked to be caused by misconfifguration
If (as you have already determined) your code doesn't generate the error page, then the "mysterious" 404 page comes either from the default websersver configuration (which is presumably controlled by your hosting provider) or indirectly from your DNS service (if your webserver redirects your browser to an unregistered domain, for example, then you may be redirected to a page which invites you to buy it).
The most straightforward way IMO to track this down is by using a browser equipped with machinery for tracking redirects (e.g. Firefox with the Firebug extension installed). If the error pages are indeed coming from your domain (and not a misspelling of it), then that implicates the default webserver configuration (and so presumably your hosting provider).
EDIT:
Re-reading the above I realize that I should clarify: your DNS service can't simply "redirect" you somewhere. If you find that typing a non-existing domain into your browser redirects you to a page with advertising then you can be fairly sure that it's your network connectivity provider that is inspecting your HTTP request, doing a DNS looking on your behalf behind the scenes, and redirecting you.
This is absolutely from your host provider!!
When %2F is given in url, nginx cannot handle that as an error (this might be a bug!) and it displays your host's default error page, you can see the same error on other websites hosted on the same server as your site:
http://aias-uic.org/not-found.html
http://halfdrawn.com/not-found.html
http://flyingmantis.com/not%2Ffound.html
...
and there are many other websites on the same server as your site! (you can check their IP to be sure)
The last one uses custom error page, so with %2F the mysterious error page is shown!
You can also disable your custom error pages for a while and you will probably get the mysterious error page!