Elxis CMS Forum

Support => Elxis 4.x/5.x DEV => Topic started by: seadhna on August 08, 2020, 21:02:44

Title: SEC-DEFG-0035
Post by: seadhna on August 08, 2020, 21:02:44

Hi, on the latest version of Elxis (5.1rev2344), when I upload an image via the Media Manager, I get banned. The defender_ban.php file gives the following ref. code:    SEC-DEFG-0035
Any idea why this is happening? I can't find any other posts about this code.

Title: Re: SEC-DEFG-0035
Post by: webgift on August 09, 2020, 15:18:02

Can you try to repeat the process using a different browser?
If we have the same results please as uppload a file with
name like: 1_image

Title: Re: SEC-DEFG-0035
Post by: seadhna on August 09, 2020, 15:46:22

Hi, the same thing happens in Firefox and Chrome. Actually, I've realised I don't even need to try to upload an image. If I even try to open an image in the folder, I get banned. Then I replace the defender_ban.php file and I am allowed to look at one image or complete one action. After that I am banned again. e.g. if i look at one image, it's ok, but then if I try to look at another image, banned again.

Title: Re: SEC-DEFG-0035
Post by: seadhna on August 09, 2020, 15:48:09

maybe something with permissions with the web host? It doesn't happen in a different Elxis installation on a different host.

Title: Re: SEC-DEFG-0035
Post by: datahell on August 09, 2020, 20:46:37

I believe the problem is the name of one single image or folder. Your browser tries to load it and the name of the file gets passed to the url and so you get banned by Elxis Defender. If you use the default Elxis defender general rules then one of the following rules causes you the problem: -- or //* or /* (most probably: --)

Disable Elxis defender from Elxis configuration.
Go to Site > Logs and clear defender bans
Go to Media and search for a file (or a folder) that contains in its name the rules above. Example: test--image.jpg or my--folder
If you find the file rename it to something else (for example test-image.jpg or my-folder) and then go to Elxis configuration and re-enable Elxis defender.
If you dont find the file you can either disable the General filters or edit them and remove the line below:

array('URI,QUERY', '\-\-|\/\/\*|\/\*', 'PHP/SQL Comment'),

The general rules of Elxis Defender can be found here:
includes/libraries/elxis/defender/general.rules.php

Title: Re: SEC-DEFG-0035
Post by: seadhna on August 09, 2020, 20:54:20

hi datahell,
I just turned off Defender and I can upload any image no problem, browse images, select images, delete images. Everything works fine.
Then I switched back on General Rules in Defender and tried to upload an image called arrow.png
The image did not appear when the upload seemed to be completed. I clicked refresh and I am banned again.
The funny part is that the image actually did upload. I can see it in FTP.

Title: Re: SEC-DEFG-0035
Post by: datahell on August 09, 2020, 20:55:27

Read carefully my reply.

Title: Re: SEC-DEFG-0035
Post by: seadhna on August 09, 2020, 21:10:42

Yes, you are correct - I didn't understand fully your instructions! I found four images breaking the rules (all double hyphens). Seems ok now that I changed those four image filenames. Thanks for the speedy replies!!