Search results

Thank you DraCoola and mistwang! Using the 2.5 syntax did work. I should have updated the syntax to 2.5 a long time ago I suppose. But it was a case of 'if it ain't broke, don't fix it', so up until 4.2.2, I got lazy. :)

After several years of running the same rules on LSWS Standard without any problem all the way up to 4.2.1, I just upgraded to 4.2.2 and now see a lot of this: 2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT 2013-03-23 13:26:04.114 ERROR...

A strange issue, or bug in LSWS. I'm doing some work for a client on a site that has LSWS operating under a cPanel shared web host. (On this server I do not have access to the LS Admin interface, so I am not aware of which version of LS Enterprise they are running. Probably 4.0.15). I'm...

Thousands of mod_security rules...:eek: Little wonder you are looking into Litespeed on your server to improve performance :)

That doesn't seem like a terribly sophisticated script. It would be rather strange & disappointing if it does indeed let someone suck up a permissions restricted file off a LSWS server, and perhaps set up the attacker to do even more.

Welcome to problem solving. But seriously, look at the errors that application is throwing up, especially those errors like the one where it can't find things like that /statuses/update.xml file. You can't hold the webserver (in this case Litespeed) responsible for things like the...

I think you are in the wrong place if you expect all your problems with this 3rd party PHP script to be solved here, especially when it seems pretty clear by now that the issues (eg file includes specified in that script) have nothing to do with Litespeed.

Thank you for that code NiteWave. Much appreciated. It will help out some users who relied on .htaccess under Apache to do bot-blocking.

I am assuming this means directives like this in .htaccess will also fail to function under Litespeed: BrowserMatchNoCase ^WWW-Mechanize BadRobot BrowserMatchNoCase ^Xenu BadRobot BrowserMatchNoCase "Y!OASIS/TEST" BadRobot BrowserMatchNoCase "YebolBot" BadRobot BrowserMatchNoCase "ZeW"...

Google those exact PHP error responses - that may provide you with some clues about what is going on in the code. And re-examine the way the mod has been installed very carefully.

They seem like simple errors in the php code. Nothing to do with your hosting or litespeed. Open up the php scripts (eg twitter.php) in a text editor and see what line 73 looks like. It might be as simple an issue as a file location or path is being referenced in the script that points back...

I think mistwang may be suggesting that the installation of PHP your host is providing may have been compiled without some of the PHP modules your code may need, or may have those modules disabled in the configuration of PHP that you are using. What are the technical requirements for those...

Great. Another technology layer to worry about and for bad guys to exploit.

Tell that to the Secret Service. :)

I can easily reproduce this on firefox 3.0.11 too. I'll try and sent you a pm with an attached htm file that is a straight View Source > Save of a page with the offending code. To open the file, go File > Open in firefox and see what happens. Even when you open the plain htm file (which...

I've been seeing LOTS of these errors recently in the LSWS error log, after viewing the live stats: 2010-04-23 22:46:52.370 NOTICE [12.34.56.78:2114-0#_AdminVHost] [STDERR] PHP Warning: array_multisort() [<a href='function.array-multisort'>function.array-multisort</a>]: Argument #1 is...

LSWS Standard Edition 4.0.14 has a potential XSS vulnerability within the Web Administration Console, specifically within the Server Log Viewer. This vulnerability arises because LSWS does not sanitise the request data presented to the client browser by the Server Log Viewer. This allows...

Sorry - I stand corrected. My email to sales@litespeedtech.com also got the same message: 'Sales' seems to be going to 'support', or to some catch all email address. Whatever is happening, it's dumb.

Lrn2google. This all has hardly anything to do with LSWS.

Did you email sales@litespeedtech.com, or support@litespeedtech.com instead? My test email to sales hasn't been returned with any message.