All CMS Builder Links suddenly return Error 403 - Forbidden

14 posts by 6 authors in: Forums > CMS Builder
Last Post: June 1, 2012   (RSS)

By mark99 - May 9, 2012

An unusual and potentially very damaging (Google links) problem has cropped up on my site and I can find no explanation for it. Essentially I've been using CMSB 2.09 for awhile, it's been perfectly happy doing its thing and I've not made any changes, yet at some point within the last 12 or 24 hours all of the links to my product detail pages have stopped working and throw out "Error 403 - Forbidden" messages.

After running some tests I could find no change to either the database or settings file, or anything, that would account for this. So I did some more digging and found what was trigging the problem but not how to resolve it and make my old links work again.

To demonstrated I created a default detail viewer file, which allows you to jot in any product number of your choosing (I use 12 as an example).

http://www.ispreview.co.uk/isp_list/ISP_Detail.php?12

This works fine, but in my public system I auto-generate an SEO friendly URL by doing things like this:

<a href="ISP_Detail.php?<?php echo preg_replace("/[ ]/", "-", $record['title']); ?>-<?php echo $record['num'] ?>" class="italhead">

As a result the above URL would become this, which worked fine until this morning..

http://www.ispreview.co.uk/isp_list/ISP_Detail.php?A-Well-Connected-12

Now I figured out that if I changed all the minus-hypens to underscores (from "-" to "_") then that resolved it but this breaks all my links in Google and is a big problem. I also tried to solve this by using the hypen-minus character code (&#45;) instead of the character itself but the same problem occurs. Anybody have any ideas? For now I'll have to go in and adjust tons of URL calls as a temporary fix but that's going to mess up google big time and my backlinks :(!

Re: [mark99] All CMS Builder Links suddenly return Error 403 - Forbidden

By Damon - May 9, 2012

Hi,

The issue is specific to hyphens so I'm wondering if there is something in your .htaccess file causing this.

>As a result the above URL would become this, which worked fine until this morning..

Was there any changes to the site last night or hosting updates?

Can you send in a support request with the site details so we can find out what is causing the issue:
https://www.interactivetools.com/support/email_support_form.php?priority=free&message=http://www.interactivetools.com/forum/gforum.cgi?post=93183#93183
Cheers,
Damon Edis - interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Re: [Damon] All CMS Builder Links suddenly return Error 403 - Forbidden

By mark99 - May 9, 2012

Submitted (please be careful as it's a live site environment).

No changes to the server that I am aware of but I have asked the host to tell me if anything was adjusted and am awaiting a reply.

Re: [mark99] All CMS Builder Links suddenly return Error 403 - Forbidden

By Damon - May 9, 2012

Hi,

Here are two test pages (not updated with CMS Builder):

This one works:
http://www.ispreview.co.uk/hello.php?one_two

But when I add the hypens in the query it causes an error:
http://www.ispreview.co.uk/hello.php?one-two

Check with your host and let me know what they think is causing the issue with any hyphens in a query.

Thanks!
Cheers,
Damon Edis - interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Re: [Damon] All CMS Builder Links suddenly return Error 403 - Forbidden

By affinitymc - May 10, 2012 - edited: May 10, 2012

I'm having exactly the same problem, it just started today. Any resolution on this yet? My hosting is with 1and1

Operating System Linux infong 2.4 #1 SMP Tue Jan 17 02:58:41 UTC 2012 i686 GNU/Linux
Web Server: Apache/1.3.41

Database Server: MySQL v5.0.921401 (Max Connections: 300)

PHP Version: PHP v4.4.9

Re: [mark99] All CMS Builder Links suddenly return Error 403 - Forbidden

By Dave - May 10, 2012

Hi Mark99,

I'm not working on your ticket but saw this post. My guess is your host has definitely changed something. It looks like adding - in the query string of any page requests causes a 403 error. See this example:
http://www.ispreview.co.uk/review/top10.php?-

Can you try adding ?- on any other pages or websites you have with the same host and let us know the outcome?

Thanks!
Dave Edis - Senior Developer
interactivetools.com

Re: [Dave] All CMS Builder Links suddenly return Error 403 - Forbidden

By affinitymc - May 10, 2012

Hi Dave,

I spoke with a service rep with the hosting company (1and1), and he confirmed that it is a problem at their end that they are already aware of and are working on it...they should have it fixed by tomorrow morning.

Thanks.

Re: [affinitymc] All CMS Builder Links suddenly return Error 403 - Forbidden

By affinitymc - May 11, 2012

The problem was resolved this morning by the hosting company.

Thanks!

Re: [affinitymc] All CMS Builder Links suddenly return Error 403 - Forbidden

By Steve99 - May 14, 2012

This is an important note to all affected by this issue. I experienced the same issue and traced it back to a modified htaccess file which was done by hackers that utilized critical PHP vulnerabilities that are currently being worked on. It is my understanding that hosting providers have been taking some mitigation steps during this time frame while the PHP developers FULLY rectify the known issues.

In brief - what had occurred was the hackers had taken advantage of the PHP exploit, altered site files to include malicious code and created PHP files with back doors. Additionally, the hackers modified the htaccess file with rules to disallow part of the exploit they had taken advantage of so their code can remain until discovered. The malicious code was trying to throw trojans at users visiting said sites.

Please note that it is only under certain configurations that this can occur. If you would like to read more into it, the CVE numbers can be found on the php.net website. There is simply too much information regarding this for me to regurgitate.

I recommend utilizing exploit scanners such as the one offered by Interactive Tools.

Good Luck.