TP-Docs
HTML5 Icon HTML5 Icon HTML5 Icon
TP on Social Media

Recent

Welcome to TinyPortal. Please login or sign up.

March 28, 2024, 08:22:37 AM

Login with username, password and session length
Members
Stats
  • Total Posts: 195,104
  • Total Topics: 21,212
  • Online today: 152
  • Online ever: 3,540 (September 03, 2022, 01:38:54 AM)
Users Online
  • Users: 1
  • Guests: 164
  • Total: 165
  • tino

Front Page

Started by marzi, March 04, 2021, 04:21:52 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

lurkalot

Thanks tino, yes I had wondered if it was a caching issue while I was looking at those settings on marzi's website, although it was set to level one (Recommended) I tried no caching, that made no difference.

The mod security was just something I wanted to rule out because I know it can cause weird stuff to happen, and while I agree it should be fine if set up correctly it very often isn't  depending on hosting used. I used to have nightmares with this on HostGator for example.

The issue I'm seeing on that site is the toggles for Sticky, Locked, Show on front page, Featured, won't stay set and return to their previous state when you refresh the page.

tino

If you inspect the element and look at the network tab you can see if a 404 or similar error is returned.

Is that both on the list page and from within the article itself?

lurkalot

tino, I can't check to confirm that now as it appears marzi has removed the site as per 

Quote from: marzi on March 05, 2021, 10:00:49 PM
Modsecurity is turned on on the shared server I am hosted on. It can be whitelisted but that is all. I am not sure I would want that security feature disabled on my server or that it is the reason, since I have not seen any error messages implicating Modsecurity. I am going to do a clean reinstall. I downloaded Tiny Portal from tinyportal.net and the SMF software from simplemachines.org
Thank you for all your very professional efforts after the clean reinstall I will post a followup message as to how the ship is navigating.

But yes I'm pretty sure I did check those toggles in both the article list page and the article itself, and in both cases they wouldn't stick and just reverted on page refresh. 

marzi

The same issue persisted after I uninstalled Tiny Portal and did a clean reinstall of it with a newly downloaded Package from tinyportal.net.
Because I have a fully functioning earlier version of a SMF/Tiny Portal web site on the same server I have decided that I will retain Modsrcurity on my domain and pass on the new version but thank you for so much professional effort and interest.
Even with technology, sometimes-as they say in the hills of Kentucky-"when the old a-be-a-gone the best a-be-a-gone".

lurkalot

Quote from: marzi on March 06, 2021, 01:33:44 PM
The same issue persisted after I uninstalled Tiny Portal and did a clean reinstall of it with a newly downloaded Package from tinyportal.net.
Because I have a fully functioning earlier version of a SMF/Tiny Portal web site on the same server I have decided that I will retain Modsrcurity on my domain and pass on the new version but thank you for so much professional effort and interest.
Even with technology, sometimes-as they say in the hills of Kentucky-"when the old a-be-a-gone the best a-be-a-gone".

marzi, pretty sure what ever the issue is it's related to ether mod security (that's my bet) or some other server config thing, as I can't replicate your issue. 

If you're worried about turning off mod security you're already at risk anyway as your running SMF 1.1 RC3 and TinyPortal v0.9.6beta (Now there's a blast from the past) lol..

tino

I'd like to know if there are error's being returned when you try and set them, could you PM me a login / password to investigate?

TinyPortal 0.9.6 has some security issues logged against it, as does SMF 1.1 so I would strongly recommend updating it.

lurkalot

Quote from: tino on March 06, 2021, 02:43:29 PM
I'd like to know if there are error's being returned when you try and set them, could you PM me a login / password to investigate?

TinyPortal 0.9.6 has some security issues logged against it, as does SMF 1.1 so I would strongly recommend updating it.

Pretty sure the site has gone in the bin tino.  I have a test login but as you can see from the link below, only the old main site is still there.  I didn't have a chance to inspect those elements in the network tab, the site was gone when I went back to it, but there was no errors generated in the SMF error log I can say.

Quote from: marzi on March 05, 2021, 06:03:03 PM
Thanks.
https://www.marscafe.com/smf/index.php

Edited: to remove login details from public view.


marzi

inyPortal 0.9.6 has some security issues logged against it, as does SMF 1.1 so I would strongly recommend updating it.

I m aware of that and that is a reason I want to continue running Modsecurity on my domain. Additionally, the amount of work it would take to upgrade is enormous as I recall all the page change code I had to insert  for all the packages I have added on. When I retire I will probably do that upgrade as I will have the time needed. I agree with you that the fundamental problem is server related, but The author(s) of Tiny Portal should be able to re-code or re-engineer entirely how the article system, is structured. I am sure that is a lot,lot less complicated than messing with a web server's software. I only mention that because the link you sent me to visit on these forums indicates mine issue of "toggling" is far from an isolated one. Everyone related with Tiny Portal have always be excellent and you can see I go way-way back as a user of it.

tino

If you could provide me with a link and login so I can investigate I might be able to resolve it. I can't here with mod_security enabled and configured correctly.

I can't fix something which I can't find out why it's broken.

Also enabling mod_security won't stop people using the exploits which are shown to exist against 0.9.6. It doesn't actually help in anyway against those.

Separately 'messing' with a web servers software is trivial in comparison with the code. I can create a whole web stack within 30minutes (mainly waiting for things to happen), coding would take me longer, although if I don't know the actual cause then I'd be there forever. 

tino

Also

QuoteShould I use mod_security?
If uncertain, consult your developer before enabling!

Now, this is difficult question. *IF* you are able to confirm that your rulesets do not interfere with your websites functionality, there is no reason not to use mod_security. However, if your website requires numerous, custom POST requests, it's most likely mod_security will interfere with your websites' core functionality and should be avoided.

My advice is to allow the get and post requests that TinyPortal makes for tpadmin and not block those as they are not a security threat.

That's if it is causing the issue, which I don't know atm.