Support

 I run a membership site and a member began having problems posting in Kunena. Admin tools showed his Brazilian IP as a SQLi violation. I talked with him and he uses a Mac with Firefox browser. Another member had the same problem today who I suspect also uses a Mac. This is all new, I've never had this problem reported before. It all began within the last couple days, and it's probably happening to others who haven't reported it yet.
Recent changes I've made on the site were the Akeeba updates (admin and backup) and I installed JChatSocial for the first time to replace Comet Chat. I had JChatSocial integrating with Kunena, then turned that plugin off in case it was related to the problem.
Any ideas of what I can do or check for?

All my best,
Bob Hembree
writersvillage.com

Hello Bob,

in the Exception log you should see the blocked URL, could you please paste it here?

https://writersvillage.com/members/forum

I also received this message from the member since last night:

Hi Bob,



I finally got it to work. I had to retype my post directly into the message window, but it worked. I think there must have been something wrong with the text I was trying to copy from my word processor and paste into the message window. It is a little strange. I usually type in a word processor and paste into the window and it always worked before. I tried again with a different piece of text and that worked fine. So, it was just this specific piece of text that I couldn't paste into the window. Not sure why. I'll try to figure out what I did and let you know.



Thanks!

I suppose you have an editor in your forum, right?
Sadly when posting data from a word processor (ie Microsoft Office Word) it carries all the markup, usually in the form of XML entities. I suspect such code style triggered the security exception.
The only solution is to avoid copy/pasting from word processors, since they will include a lot of cruft

This a writer community, so thousands of posts are copied and pasted from words processors..It seems a handful of Mac users have the most problems with this. I've pasted from Word (PC) almost daily for many years and never had a problem.
What has me scratching my head is these same highly-active members hadn't had this problem until the last few days. Something changed.
I'll see what else I can learn about the differences between Mac and PC copy and paste.
Thanks.

We tightened the SQL injection rules, that's why you are getting some false positives.
Could you please attach the text of a blocked post? I'd need the raw text, containing the markup style.

I'm not exactly sure how to get the raw text second hand. Should I get the original document as an attachment, have it pasted in an email or put the users IP on a temporary do not block list and ask him to try to post on the forum?. I'm afraid copying and pasting will strip the formating.

Try to whitelist the user IP and ask him to post in the forum.
Then you'll have to see the HTML code of that text, paste inside a document, zip it and attach it here (otherwise it will trigger security exceptions)

After putting user's IP on the whitelist, he was able to post, duplicating what he had done to get the 403 error previously. In edit mode, all that's visible is basic BBcode for italics. There is one potential sequence of characters that might be worth looking at. I've highlighted it in the screenshot..
I remember a few years ago I had trouble posting something. It had something to do with the word/punctuation combination.

Could you please attach the whole text, so I can test it?

Attached is the text requested..

It seems this is a false positive. The words INSERT IN TO (I had to write them separated or I would trigger the same exception here) are raising Admin Tools SQL shield.
I'll try to find a workaround for that.

The only option is to create a WAF exception: in this way you will be turning off Admin Tools WAF only for a specific component/view

Forum access is only available to logged on members, so this may work for us.
I want to make sure I understand this correctly.
To prevent false positives on Kunena forum posts, I create a New WAF Exception and enter "com_kunena" into the Component text box, then save?

Yes, that's right.

This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.