Recent Topics

editing demo user profile

Started by on Feb 08, 2019 – Contents updated: Feb 18, 2019

Feb 08, 2019 02:35    

editing demo user profile

Is it possible.???

I have two new installs a 6.10.6 and 7.0.0 on a new host and can't change any detail on the preset admin account.

I can change profile picture and I can add a new user with admin status and can edit that.

It's just the default one that is uneditable.

Ideas on https://forums.b2evolution.net/pre-installed-users-how-to-delete-the-admin do not seem to work

Do I have to got to the database to change it and how and why is it locked??

Feb 13, 2019 20:39

Thanks

host "just whitelisted two mod_security rules" and all is fine

340162 - This rule detects possible Remote File Injection attempts.
340465 - provide a base level of protection for any web application

Here is the hosts log

Message: Access denied with code 403 (phase 2). Test 'MATCHED_VARS' against '!@rx ://%{SERVER_NAME}/' is true.
[file "/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf"] [line "1352"] [id "340465"] [rev "58"]
[msg "Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (admin.php)"] [severity "CRITICAL"]
[MatchedString "https://twitter.com/b2evolution/"]

[MatchedString "https://twitter.com/b2evolution/"]

host :: Its a server-wide settings as such it will just reject any remote file injections

me :: But was there really an attempt by twitter?

host :: As the rule was incorrectly triggering the above function, I had to disable that rule for your account

me ::So the rule isn't quite right??

host :: The rule is correct but it was incorrectly triggering your genuine attempt

NOW I just have to find how to remove those pesky links, I suppose they are widgets/plugins hopefully. Can find a way under users or profiles to send twitter to it's death. OK DONE

Feb 17, 2019 20:37

My host is super security minded. If I do something that violates a mod_security rule, they lock me out of all my sites. I have love/hate feelings about it. All I have to do is log into my account and click unblock IP and I've gotten used to it but the first time, I had no idea what was going on. Also happens if smtp, ssh, ftp log in fails a few times.



@fplanque


Couple of typos on that mod-sec wiki page. (sorry, I'm a proof reader without trying)
Should be "is a PITA" - current "in a PITA
Should be "in the HTTP" - current "inthe HTTP"

Feb 18, 2019 02:36

Couple of typos fixed, and then some...


Form is loading...

Build your own site! – This forum is powered by b2evolution CMS, a complete engine for your website.