Hi,
I get this message when I go to edit a page or try to make a new page.

An appropriate representation of the requested resource /sohoadmin/program/modules/editor/pinEdit.php could not be found on this server.
THEN there is a line, followed by the following text -

Apache/1.3.37 Server at www.leprechaun-house.com.au Port 80

A pop up then reads "please wait" Nothing happens when I wait.

What does this mean? I have been using the program for 2+ months and never had a problem.

Thanks.
Tilly

Hi Tilly,

That doesn't look like one of our error messages...more like an apache error. My guess is that something recently changed about your server environment.

I did some quick Google-ing of that error message and from what I can tell it has to do with your host upgrading the version of Apache/PHP running on your server...and/or incurring some problems with the new php version upgrade related to the location of libraries. Not entirely sure what that means myself, but you may want to run it by your host.

Great post on this error here (http://wordpress.org/support/topic/3848).

Hi Mike,
OH dear... I am not very computer litterate, and the big words sooo confuse me, even when they are little ones!
I contacted Jumba, who is my web host, and got this email back.

Hello,

This relates to recent server security upgrades, details are at http://forums.jumba.com.au/showthread.php?t=2283

You'll need to contact authors of the software for a work around as we won't be changing security in place.

Kind regards,
Mick

Jumba Interactive Group Pty Ltd

What now?
regards,
Tilly

OK, found a possible workaround...

Create a file (using notepad, whatever) named ".htaccess.txt" and paste this code in it...

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

Then upload that file to the docroot folder of your website (i.e. public_html) via FTP. Then after you upload it, use your FTP client to rename (right-click, rename) the uploaded copy (as in, the one in your website's folder on the server...not the copy on your local PC) to just ".htaccess" without the ".txt".

In case you were wondering: you have to do the whole "upload then rename without .txt" thing because MS Windows won't let you save a file without some kind of name before the extension (as in, it would see ".htaccess" as a file with just and extension and no name).

See if that works.

And in case you or your host is interested, here's the thread I found this workaround on (http://www.vbulletin.com/forum/showthread.php?t=167121).

HI Mike,
I just got this off Jumba...
This must mean I have to find another program to run the webpage.. What a pain!!! I loved sololaunch!

Hi everyone,

Due to new mod_security rules in place, the application "SOHO Launch Pro Edition" in Fantastico no longer works.

We will go through and remove it from the available applications list in Fantastico over the weekend. This application is considered to be insecure, as even with the basic mod_security rules it fails to load.

I don't think many people actually used it, but we apologise to those who did. You will need to remove it and use another application to build your website.

Frustratedly
Tilly

Tilly,

I would love to hear what the reason is for them to say that its insecure. and what parts are insecure. thanks,

This is from their web Forum when I asked about alternatives.

If the developer of that application has not made it to run under what I would consider to be "common" mod_security rules (given that they are from a well known site), then the application shouldn't be trusted.

Tilly, we understand that you are frustrated with this, but imagine how annoyed with us you would be if your website was trashed because we didn't make any security changes and allowed applications like SOHO which have known exploits? You'd kill us! As would every other customer on the same server.

So, the only alternative to you not learning how use HTML or PHP (or even Frontpage or Dreamweaver), is to find a host that better suits your requirements. It's not that we don't want you as a customer, it's just that you want to run something that we can't support for you, that's all.

I have asked for specifics, and not got an answer. I have since been looking for an alternative web host in Australia that can support Soho, and now have 3 asking the same question, "Why does this host think that it isn't sercure?" but I have not got a reply from Jumba other than what is written above.

Tilly

Im sure there are enough hosts in Australia that will host Soholaunch for you Tilly, and i know the Soholaunch techs will do everything to keep things as secure as possible.

Ruben,
It is a great program, I love it - What I love best, is that as a seller on ebay I only have to make up one template when I want to advertise something and I can put it on the web site and also use the same on eBay, with the links to the website, making it a great tool for advertising the website.

It looks like I will have to find an alternative webhost... sigh!

Tilly

now have 3 asking the same question, "Why does this host think that it isn't sercure?"
I'd like to know the answer to this question too.

and i know the Soholaunch techs will do everything to keep things as secure as possible.
Ruben's absolutely right on this. For starters, Tilly -- if your site at Jumba is still up with soho, PM me the sohoadmin and FTP login details and we'll check it out. If that error is only showing up in one place and the product otherwise works properly there should be a fix for it.

Hi guys,

My name is Adam Ferguson, and I am from Jumba.

I stumbled across this thread because I was actually out looking for a solution to this problem.

Recently one of our servers was exploited via PHP, so we were advised to use the mod_security rulesets from www.gotroot.com

The rules we are using are:

http://www.gotroot.com/downloads/ftp/mod_security/exclude.conf
http://www.gotroot.com/downloads/ftp/mod_security/proxy.conf
http://www.gotroot.com/downloads/ftp/mod_security/rootkits.conf
http://www.gotroot.com/downloads/ftp/mod_security/rules.conf
http://www.gotroot.com/downloads/ftp/mod_security/useragents.conf

As you can see, these are the "basic" rules from the selection of rules available.

We just found a log entry which may assist:

mod_security-action: 406
mod_security-message: Access denied with code 406. Pattern match "\\.php(3|4|5)?(\\?|&).*=(ht|f)tps?:/.*(\\?|&)" at REQUEST_URI

By all means, if you can advise us of which rule it is and how we can work around it, we'll be happy to make those changes for Tilly and any other of our customers who use SOHO Launch.

Cheers,

Adam.

Thank you Adam for trying.
Tilly

Hi Adam,

Thanks for your post. Very helpful info. We'll be investigating this today on our end to see if we can find a good fix.

Will post back here as soon as we've got something. If you find/think of anything else, please post it.

Glad to see you're actually wanting to help solve the problem, Adam!

Seems to me like mod_security is filtering out a URI that contains something like http://www.mysite.com/soho/filename.php4?=http://www.google.com

If the above is true, there could probably be a workaround for this put into Soholaunch so that the URL gets put into base64.

I hope that made sense!


Cheers,

Andrew.

Hi Mike,

No problems mate, we would really like to help Tilly out. There are only about 3 or 4 people of the 8,000+ customers we have, who have emailed complaining about it, but that doesn't make it any less important for us to help them.

If Tilly gives me permission, I can paste you the entire audit string from the log which may make it easier for you to find a workaround.

Cheers,

Adam.

Of course you have my permission Adam, anything to get this sorted. I like Jumba but and Love Soholaunch. It would be fantastic if two great companies could work together on this.
Tilly

OK, made some progress. The .htaccess file thing that I suggested to Tilly earlier in this thread fixed the error.

Here's what I added to the .htaccess file...
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

Adam --- you're thoughts? Would it be cool to turn these settings off in the server config? If so, then it looks like we've got our solution. To this problem anyway.

The other problem I noticed on Tilly's site is that the Software Updates feature doesn't work because the public_html folder is not writeable by php so the product can technically connect to our server and read the update build file data, but it can't write it locally to public_html).

The public_html folder is not writeable because permissions on it are....
750 user.nobody

chmod'ing public_html to 775 should fix the problem, but I'm kinda curious as to how permissions got like that in the first place, especially since (I'm assuming) Tilly installed via Fantastico, which should have set correct permissions at install time.

Plus, it looks like Tilly has been able to update before successfully, since Fantastico installs v4.9 r14 (last I checked), and she's running r19.

...which makes me wonder if permissions changed somehow after install, and if so, how. Adam -- any possibility that your server security updates could have changed the permissions?

Hi Mike,

Tilly is welcome to use .htaccess to bypass the rules stopping the site from functioning.

The software updates probably don't run correctly because we don't run PHPSUEXEC (yet). Which means anything downloaded via Apache/PHP is owned by nobody.

I'm not sure how Tilly was able to update it prior though.

While I've got your attention, I'll private you something from another server which tried to happen before these rules were in place on another server.

Cheers,

Adam.

Mike it works for me! I have no idea what that jargon all means. I just hope the changes are acceptable to Jumba and that I can continue with them, the though of moving Hosts is mortifying.
I have not been able to update changes since I first joined up, which is obviously before the security measures were put in place. I didn't worry too much about that, as it was doing what I needed to do... though it would be nice to keep up with things. :)

Mike Thank you so much, I really do appreciate the effort you have gone to for me, and I will be bragging about Soho Launch to everyone who will listen.

Warmest HUGS,
Tilly

Oh.. and I can up date too!! Make new webpages and up date! WOW... what more could a girl need!
THANK GUYS SO MUCH.
Biggest hugs to all of you.

Tilly