Here we go again ... it works (I did not do anything to it) until i changed the password ... (*headbang to desk*) "THIS" again ... ARGH IT !

I am about to throw a white towel ...

Hi @crazychad,

What I understood from your post was that you are getting "random" 403 responses from the server, Am I right?

@crazychad wrote:

Can you tell me what was going on between Forbidden 403 & B2Evolutions ?

Actually, if the permissions, and the webserver in general, are properly set, b2evolution should not ever return a 403 error code. The most common combination is to set directories to 755 and files to 644. This page could be a good starting point to get information on this subject: http://b2evolution.net/man/directory-and-file-permissions. The permissions change can be made through your FTP client, or you may also ask the tech support of your hosting company for help.

Can you share here (or via PM) a URL in which you get the error?

I installed a brand new, updated, new skin, changed skin.

I posted a post in a new blog, and tried to edit the misspelling and saved

(*face slammed to desk*)

403

Here is the video ... ... (*facepalm*)

Couldn't attach selected file:«20150125_104727.mp4» has an unrecognized extension.

I love this BLOG because it's superfast, multiblogging, love this Pyrmont skin, using my own domain name without a monthly fee and best of all ... less or zero advertisements with no 3rd parties linkings to slow down the website like wordpress. It is nice but ugh the speed is lagging and AWFUL.

If there was no problem at all and going smooth ... I would be happy to pay monthly/annual fee for quickest security update/patch. I just do not want to spread all over the internet like facebook, blogger etc ... I guess, I am just dumb and old fart (45) when it comes to PHP coding and understanding ... it is very difficult to learn on my own because too many options to start off. It would be awesome to have a step 1 b2evolution text post only, step 2 categorized it, step 3 so on ... to get a hang of this b2evolution. Is there a way to communicate with you in private like instant message or live chat for a moment to get jumpstart on the b2evolution without waiting for hours/days to get an answer or to explain what happened and teach me how to correct this problem ? ... I have searched forum, google on my own ... it is like a needle in a haystack ... I have a lighter to burn the hay to find the needle quickly but nowhere to find the needle.

I just want to jumpstart at it to get it going then I will be hooked to keep going as I learned something new tricks of b2evolution.

My link sent to private msg.

Ok I am about to get pissed off now ... I just tried wordpress thru cpanel fantastico F3 ... its setup ... login ... 403 ... (*slamming face to desk*)

... I really want this B2Evolution to work and going smoothly. I also would like to learn more about PHP again (I did, but forgotten, years ago)

I feel like the internet is just another messy world online, just like the messy world on earth.

10 years ago ... it was great and simple.

Funny thing is I learned is ... What is wrong with the world or internet ?

Best answer is " I am " ... (chuckling) ... I wish I can freeze the time to allow me to catch up.

OH MY GOSH ... "FORBIDDEN 403" ... I simply uncheck one box and saved at Structure Blog A Advanced ...

DIE !!!! FORBIDDEN 403 !!!! DIE !!!!

I think, I might be done with this b2evolution.

It is a great multi php blogs ... but with these errors/messedup ... sounds like start a new one ... b3evolutions

@mgsolipa wrote earlier:

set directories to 755

I tried that entire folders ... still 403 and could not login as admin ...

its a fresh one on another url ... for testing ... 403 right after first time log in as a admin.

This one FOUR ZERO THREE page
http://####.us//blogs/admin.php

But I went another way to get in ... just go straight to blog page and click that login on that page.
That will let me login
http://####.us//blogs/blog1.php?disp=login&redirect_to=%2F%2Fblogs%2Fblog1.php%3Fdisp%3Dfront&source=menu%20link

Something screwed up good.

it is either CPanel Fantastic 3 or Updated B2E fucked it up.

I have NEVER have this many issues before on this B2E...

ALRIGHT (baseball time) ... bases are loaded bottom final innings ... its either get STRIKE OUT or HOME RUN ...

Hey Coach ... what should I do next ?

p.s. i tried again one last time ... brand new B2E on welcome folder ... Backend
http://tdog.us/welcome/blogs/admin.php ... logging in ... DAMN 403 ... but ... went to tdog.us/welcome > click blogs > login ... logging in ... it went thru ... click admin ... i am there ... WHAT THE FUCK IS GOING ON HERE ? ... I have lost all my patience ... I apologized.

it doesnt matter whether its 5.2.0 or 5.2.1 ... same results ... no skin changed or added ... NOTHING else modified ... I just did a fresh one B2E ... nothing more.

Might be a good news ... I contacted my webhost ... webhost said that it might be related to mod_security brute force attack protection rules ... that is one I saw the search result on google.com based on wordpress ... so I will let you know if that is the case.

@crazychad wrote earlier:

Might be a good news ... I contacted my webhost ... webhost said that it might be related to mod_security brute force attack protection rules ... that is one I saw the search result on google.com based on wordpress ... so I will let you know if that is the case.

webhost asked me to provide step by step until i get to 403 forbidden

I got 2 of them and I am sure there is more ... somewhere

> = is the webhost's word
= is my words

> I did not reproduced any of 403 - I think it is because either you are installing
> many blogs on many multiple accounts and trying too much logins
> to admins blogs ins short period of time

I still get 403 even after I deleted all my domain name's WHM webspace and created just one domain
Installed,
Tested,
403.

there was nothing else on WHM space.

particular IP, especially when you have static, not changing IP ... not sure

ATT DSL might be kept changing the IP or 3 of us sharing same DSL internet lines at once ... but that can not be the case because I am always in my room with my same computer accessing my blog. No where else. I'm divorced.

I do not mind try this

> In admin directory in .htaccess you can paste following:
> order deny,allow
> deny from all
> allow from 111.222.333.444

I will start all over again which is no big deal ... having it secured/security is good ... Thanks for testing and wondering did you tried to change the nickname at b2evolution admin ? changing admin nickname and saved then gave me a good slap of 403.

Well, it looks like some of the rules added to mod_security are not a good friend of your sites. It doesn't make sense on being captured as a brute force attacker after only a couple of login attempts. So, the only people that really can (and should) help you is your hosting provider.

Maybe trying to disable this module can help your site to work properly. In order to do this just add these rules to your .htaccess file:

<IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
</IfModule>

I will try to reproduce the problem just to be aware about it and see if is there something that needs to be improved. Please let us know how is it going.

Thanks.

If you still get 403 pleas use this solution:You can add to your .htaccess lines:<IfModule mod_security.c>SecFilterScanPOST Off</IfModule>in public_html directory.

I have not done/edit mod_security yet, probably won't

Well, it seems going well and have not hit 403 ... By login one ID at a time. Then logout manually

Let web host said too many login at one time or/and too many blogs... On one/many browsers... On a single computer...

That seems the case making brute attack thinking under attack...

Weird but security is better

is this safe or not from brute force, cracking or hacking ?

what does this do ?

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

changing skin giving me a easily this

This webpage is not available

Hide details
The server at blogs can't be found, because the DNS lookup failed. DNS is the network service that translates a website's name to its Internet address. This error is most often caused by having no connection to the Internet or a misconfigured network. It can also be caused by an unresponsive DNS server or a firewall preventing Google Chrome from accessing the network.
Search on Google

Error code: ERR_NAME_NOT_RESOLVED

The piece of code that I suggested before is supposed to disable mod_security in your site (if the module's settings let you to disable it from an .htacccess file). As I mentioned, maybe some of the rules that your server provider set for that module are not working properly and are producing false positives, so even when your site is not under attack, your IP address is banned and you can't go to some pages.

The "right" way is requiring your hosting provider to find the rules blocking your scripts (403 error) and disable those rules.

I think your last comment is not related with the same subject, and as a new scenario, we need to know how to reproduce it. I mean, a detailed description of the steps that you followed to end on that page.