XF 1.1 Error 403 - Forbidden

[zmalone]

Hello,

I have a

Error 403 - Forbidden

when I click on a topic or a forum

Please help me

 

[zmalone]

I still find this error in :

Extension List
Install Extension
Thread Prefixes
custom Fields
titles users
IP addresses discouraged
User groups
Promotions user groups
Permissions groups
user permissions
List of subscriptions
active subscriptions
Color
Style Properties
template
custom components
expressions
Reconstruction caches
Health Check files
Testing Facebook integration
Questions and Answers
History Cleaner spam

Sorry for my english but i am french.

 

[soloarquitectura]

I still find this error in

Confirmed
XenForo is virtually unusable after the upgrade of 1&1.

 

[zmalone]

I will call 1 & 1 and then threaten them tomorrow because I'm paying for nothing

 

[zmalone]

1&1 has made ​​an error handling

I just posted another thread on this - I apologize for the duplication. (Maybe a MOD can merge these?)

I am experiencing the exact same issue. It took a while, but I finally got through to the dedicated server support line.

From what they told me, at some point last night, they upgraded the MySQL (or something, he was kind of nonspecific). There was supposed to be an email notification detailing the changes that need to be made, but it was never sent. There is a massive ticket being worked on right now, and I was advised to wait for an email.

1&1 broke something, and it is affecting all dedicated server customers.

And raison for the maintenance :

http://status.1and1.com/

Important note: Database maintenance

Tonight, 9 May 2012 from 5.30 to 6.30 pm EST, we will perform maintenance on our databases systems.

- During this time, it will be temporarily impossible to log in to our protected customer zones (e.g. 1&1 Control Panel).
- 1&1 eShop customers: During this time, payment transactions cannot be executed in your shop. We have already informed you of this by e-mail and in the "Message Board" in your 1&1 Control Panel.

Not affected by this measure:

- The availability of your website or your server

Of course, we will finish the maintenance as quickly as possible in order to minimize the downtime.

After the maintenance, all systems will be available to you as usual.

We apologize for any inconvenience.
(2012-05-09)

 

[zmalone]

I contact 1 & 1 requires that the developer has put xenforo update the script

 

[soloarquitectura]

I contact 1 & 1 requires that the developer has put xenforo update the script

Incredible
What about the loss of traffic from Google?

 

[zmalone]

they want nothing to do for them it just xenforo, I really do not know how to make more people come to access my site

 

[zmalone]

I could know if the developers working on the problem now?

 

[soloarquitectura]

Issue is the combination of ? and - in URL.

Sample:
admin.php?tools/file-check

 

[zmalone]

but how to change it in the administration panel

 

[soloarquitectura]

but how to change it in the administration panel

It's impossible.
Modify the script is not the solution. vBulletin is also affected.
If 1&1 does not offer a solution soon all we can do is go to another provider.

 

[zmalone]

 

[zmalone]

Dear

we inform you that an update of
1 & 1 web servers will take place between 21/05/2012 and 25/05/2012.
It affects 5 to 10 minutes during your Accommodation Pack
(unavailability possible).

Following this maintenance, you will
enhanced services, in particular in safety and stability
of your accommodation.

No action on your part is required. The update
takes place automatically during the 8:45 a.m. to 6:45 p.m. time slot.
It is unfortunately not possible to give you a date
or a specific time for this update.


What improvements?
=============================

In addition to improving performance and security of your pack,
the upgrade to a Linux (Debian based Squeeze/6.0)
specific to the needs of customers 1 & 1 also includes a
upgrade the following components:

Apache 2.2

http://apache.org/

Configuration changes, the execution time: for example,
you must use the command 'IndexOptions FanyIndex' to use
function previously obtained by the command 'FancyIndex One, which has
now disappeared.

http://httpd.apache.org/docs/2.0/upgrading.html

If you use software or scripts very old,
we wish to draw your attention to the fact that some
internal variables such as 'REMOTE_USER' will in future
available after a redirect by Apache as 'REDIRECT_REMOTE_USER'.

 

[soloarquitectura]

we inform you that an update...

Yes, I've read this.
But we do not know if the issue will be fixed.
Meanwhile, Google traffic is destroyed.

 

[soloarquitectura]

Almost certainly the source of the issue:
http://www.php.net/archive/2012.php#id2012-05-03-1

In Spanish:
http://rm-rf.es/vulnerabilidad-critica-en-instalaciones-de-php-basadas-en-cgi/

 

[soloarquitectura]

http://www.php.net/archive/2012.php#id2012-05-06-1

PHP 5.3.12/5.4.2 do not fix all variations of the CGI issues described in CVE-2012-1823. It has also come to our attention that some sites use an insecure cgiwrapper script to run PHP. These scripts will use $* instead of "$@" to pass parameters to php-cgi which causes a number of issues. Again, people using mod_php or php-fpm are not affected.
One way to address these CGI issues is to reject the request if the query string contains a '-' and no '='. It can be done using Apache's mod_rewrite like this:
RewriteCond %{QUERY_STRING} ^[^=]*$
RewriteCond %{QUERY_STRING} %2d|\- [NC]
RewriteRule .? - [F,L]

Note that this will block otherwise safe requests like ?top-40 so if you have query parameters that look like that, adjust your regex accordingly.

 

[soloarquitectura]

Issue fixed in my sites by the 1&1 staff. Thanks!

 

[zmalone]

Hey how to fix your problem ?

 

[soloarquitectura]

Hey how to fix your problem ?

I sent an email to 1&1 Technical Support, explaining the issue.