pcvcadmin

Thanks for the work you put into this plugin Tobias. I’m glad that the cause was finally determined. All the best.

After further working with Dreamhost support the issue is resolved in that the Server Internal Error no longer occurs. In terms of what support needed to do to resolve it he indicated “Actually the Mod Security was tampering with that process, so I added the exceptions so you can continue with it.”

In any case I’m not sure if it is an issue to Dreamhost but I’m recording the resolution in case anyone else encounters the same issue.

• This reply was modified 1 year, 9 months ago by pcvcadmin.

So I got access to the error log. Here is the tail entries.

[Tue Feb 28 14:29:52.864399 2023] [:error] [pid 29256:tid 123752810501888] [client 72.140.29.6:54841] [client 72.140.29.6] ModSecurity: Warning. Pattern match "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+(?:\\\\/|\\\\w)[^\\\\s]*(?:\\\\s+http\\\\/\\\\d|[\\\\r\\\\n])" at ARGS:options[custom_css]. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "53"] [id "921110"] [msg "HTTP Request Smuggling Attack"] [data "Matched Data: head th,\\x0d found within ARGS:options[custom_css]: .tablepress thead th,\\x0d\\x0a.tablepress tfoot th {\\x0d\\x0a\\x09background-color: #ff0000;\\x0d\\x0a}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/33"] [hostname "www.smm.pcvc.ca"] [uri "/wp-admin/admin-post.php"] [unique_id "Y-6AYEN9834hG8B754itQAAAAAE"], referer: https://www.smm.pcvc.ca/wp-admin/admin.php?page=tablepress_options
[Tue Feb 28 14:29:52.875071 2023] [:error] [pid 29256:tid 123752810501888] [client 72.140.29.6:54841] [client 72.140.29.6] ModSecurity: Warning. Pattern match "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+(?:\\\\/|\\\\w)[^\\\\s]*(?:\\\\s+http\\\\/\\\\d|[\\\\r\\\\n])" at REQUEST_BODY. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "53"] [id "921110"] [msg "HTTP Request Smuggling Attack"] [data "Matched Data: head th,\\x0d found within REQUEST_BODY: closedpostboxesnonce=5ce4d1eeb6&meta-box-order-nonce=4ddad14f16&_wpnonce=931def2a8d&_wp_http_referer=/wp-admin/admin.php?page=tablepress_options&action=tablepress_options&options[use_custom_css]=true&options[custom_css]=.tablepress thead th,\\x0d\\x0a.tablepress tfoot th {\\x0d\\x0a\\x09background-color: #ff0000;\\x0d\\x0a}&options[admin_menu_parent_page]=middle"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/33"] [hostname "www.smm.pcvc.ca"] [uri "/wp-admin/admin-post.php"] [unique_id "Y-6AYEN9834hG8B754itQAAAAAE"], referer: https://www.smm.pcvc.ca/wp-admin/admin.php?page=tablepress_options
[Tue Feb 28 14:29:52.895065 2023] [:error] [pid 29256:tid 123752810501888] [client 72.140.29.6:54841] [client 72.140.29.6] ModSecurity: Access denied with code 418 (phase 2). Operator GE matched 7 at TX:anomaly_score. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.smm.pcvc.ca"] [uri "/wp-admin/admin-post.php"] [unique_id "Y-6AYEN9834hG8B754itQAAAAAE"], referer: https://www.smm.pcvc.ca/wp-admin/admin.php?page=tablepress_options
[Tue Feb 28 14:30:07.337055 2023] [:error] [pid 29256:tid 123752810501888] [client 72.140.29.6:54846] [client 72.140.29.6] ModSecurity: Warning. Pattern match "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+(?:\\\\/|\\\\w)[^\\\\s]*(?:\\\\s+http\\\\/\\\\d|[\\\\r\\\\n])" at ARGS:options[custom_css]. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "53"] [id "921110"] [msg "HTTP Request Smuggling Attack"] [data "Matched Data: head th,\\x0d found within ARGS:options[custom_css]: .tablepress thead th,\\x0d\\x0a.tablepress tfoot th {\\x0d\\x0a\\x09background-color: #ff0000;\\x0d\\x0a}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/33"] [hostname "www.smm.pcvc.ca"] [uri "/wp-admin/admin-post.php"] [unique_id "Y-6Ab0N9834hG8B754itQwAAAAE"], referer: https://www.smm.pcvc.ca/wp-admin/admin.php?page=tablepress_options
[Tue Feb 28 14:30:07.337342 2023] [:error] [pid 29256:tid 123752810501888] [client 72.140.29.6:54846] [client 72.140.29.6] ModSecurity: Warning. Pattern match "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+(?:\\\\/|\\\\w)[^\\\\s]*(?:\\\\s+http\\\\/\\\\d|[\\\\r\\\\n])" at REQUEST_BODY. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "53"] [id "921110"] [msg "HTTP Request Smuggling Attack"] [data "Matched Data: head th,\\x0d found within REQUEST_BODY: closedpostboxesnonce=5ce4d1eeb6&meta-box-order-nonce=4ddad14f16&_wpnonce=931def2a8d&_wp_http_referer=/wp-admin/admin.php?page=tablepress_options&action=tablepress_options&options[use_custom_css]=true&options[custom_css]=.tablepress thead th,\\x0d\\x0a.tablepress tfoot th {\\x0d\\x0a\\x09background-color: #ff0000;\\x0d\\x0a}&options[admin_menu_parent_page]=middle"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/33"] [hostname "www.smm.pcvc.ca"] [uri "/wp-admin/admin-post.php"] [unique_id "Y-6Ab0N9834hG8B754itQwAAAAE"], referer: https://www.smm.pcvc.ca/wp-admin/admin.php?page=tablepress_options
[Tue Feb 28 14:30:07.358285 2023] [:error] [pid 29256:tid 123752810501888] [client 72.140.29.6:54846] [client 72.140.29.6] ModSecurity: Access denied with code 418 (phase 2). Operator GE matched 7 at TX:anomaly_score. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.smm.pcvc.ca"] [uri "/wp-admin/admin-post.php"] [unique_id "Y-6Ab0N9834hG8B754itQwAAAAE"], referer: https://www.smm.pcvc.ca/wp-admin/admin.php?page=tablepress_options

Thanks Tobias, although resolution on this is not critical for me, I’m happy to help debug as much as I can.

I have turned on php logging and WP_DEBUG. The only messages in the WordPress log are messages about deprecatd PHP calls and do not seem to have anything to do with Tablepress. Unfortunately I can’t find any php error log generated as a result of the error. I am contacting support on this.

I have done a couple of changes to see if it would affect the problem. I have increased the php max_execution_time = 500 and max_input_time = 0 and also tried PHP 8.0 and 8.2. The error still occurs.

My site is also on Dreamhost. I was not previously getting the rules update. As of this morning (5th April, 2019) updates are now working again. Whatever was done seems to have fixed the issue.

Hi @savvasha,

Thanks! I can’t tell from your description if the new functionality will address the issue I raised, but I’m fine to wait until the new version comes out and try it to see if it does.

Thanks,

pcvcadmin

Thanks for the response. That is unfortunate that a player list would need to be created for each team. If I continue to use Squad Number to sort, can you explain what order the players with the same squad number are displayed in? Is it random? Does it depend upon the order the players are created?

Thanks,

@brian: Thanks. I have updated so that the short name now contains what was previously in Abbreviation and the League Tables work as needed. Thanks for your help.

OK. I was able to figure it out. My CSS was not correct. It is all good now. Thanks for the help.

Hi @roah,

Yes it did suppress the column header on that page. I tried to use the same techniques for a page with multiple lists and I couldn’t get it to work. this is my CSS code:

.page-id-14713 .data-name.sorting {
	display: none;
}
.page-id-14721 .data-name.sorting { 
	display: none;
}

As you may notice the page in the original link has the header suppressed. However for this page Team Rosters the header is still visible.

I’m not sure if the issue is that I have the wrong pageid. If you can tell me how I should get the right page id or what I may be doing wrong, it would be appreciated.

Thanks,

Sure. Here is an example of the player list. I would like to suppress the top row (ie Player) in the list. Play List Sample

Thank you both for responding. I have played around a bit with it and here is what I found.

1. The suggestion by @gator8 hides the label but still displays the header row.
2. I have tried this code:

.sp-player-list .data-name.sorting {
display: none;
}

This does suppress both the header row and the column label. (I only have one column). The actual effect is that it momentarily displays the row and label then hides it. Not perfect but manageable.
3. The bigger issue for me is I need to target a specific set of player list. @roch can you please post the css code to do that?

Also, it would be great if the player_list shortcode could have a filter element based upon team. Currently a player_list must be created for each team.

Thanks

• This reply was modified 6 years, 7 months ago by pcvcadmin.

Excellent. Thank You. I will try it. QQ. Does this code suppress it for all player lists? Is there any way to do it for a specific player list?

I guess there is no resolution on this?

Hi @savvasha, unfortunately it did not fix the issue. The displayed list in Team 4 still shows the old team. I replaced the player-list.php file with the modified one. Let me know if there are additional files which needed to be replaced.

Also of concern: Clearly the association between the player (Steve) and his old team (Team 12) is being stored somewhere. That association should be deleted but it is not. That means even if the code is fixed to properly display his new team, there is still orphaned data in the database associating Steve with his old team. Over time there will be more and more of this orphaned data in the database without the ability to clean up the associations.