XF 2.1 Forum layout is broken

[dhormigo]

Hello Xenforo community, I have had a forum for 5 years and nothing similar has ever happened. Curiously, it has also happened in another forum (with both licenses)

 

[Sumanta0018]

Same issue here. Using A2hosting

check css file permission,
ask your Hosting provider to fix permission issue

 

[nodle]

I had to turn off my board from being active, since the whole index is broken now.

 

[Blatchy]

check css file permission,
ask your Hosting provider to fix permission issue

unfortunately that probably will be a temporary fix.

I had to turn off my board from being active, since the whole index is broken now.

ftp in and change css file to 644 and see if that helps.

 

[nodle]

This is happening to many Xenforo websites with all different hosts to be a coincidence, can we get an official word from staff on why this is happening? Has Xenforo been compromised? Should we submit tickets?

 

[eL_]

Guys my suggestion is that to speak with your hosting provider. I am sure it is a setup from them.
It happen to me today and they solve my problem.

 

[ArtG]

unfortunately that probably will be a temporary fix.

ftp in and change css file to 644 and see if that helps.

Mine was already 644. No change.

 

[ArtG]

Would appreciate it if someone gets the fix from a provider and posts it here so we can rely to other providers. Thanks!

 

[nodle]

Check your mod security logs, mine are filled with errors like these:

[Tue Nov 01 11:21:52.059192 2022] [error] [client 2603:8081:2600:8264::1009] ModSecurity: Access denied with code 403, [Rule: 'ARGS:k' '@eq bf0b1ced7505c16f7a921ef36c780a6e'] [id "77350134"] [msg "IM360 WAF: Block malware interaction||SC:/home/mysite/public_html/css.php||T:LITESPEED||"] [severity "CRITICAL"] [tag "service_i360"] [hostname "www.mysite.com"] [uri "/css.php?css=public%3Anotices.less%2Cpublic%3Aextra.less&s=3&l=1&d=1666978256&k=bdedae78c41ab6270086e81a2ea4bb5255be0d39"], referer: https://www.mysite.com/

Has Xenforo been compromised? Or what does this mean?

EDIT*
I wonder if this is an update to mod security rules (Rule: 'ARGS:k') that don't play nice with Xenforo?

 

[Mr Lucky]

These all 2.1 sites?

2.2.11 here

 

[ArtG]

2.2.09 here

 

[nodle]

Check your mod security guys, I think i have pinpointed it down to it, I just went and disabled it and re-enabled it and it brought my site back up. I don't recommend disabling it, but for a test see if it fixes your site, maybe we can narrow it down until we hear an official word from Xenforo on this.

 

[MattW]

It's a mod_sec rule. I've already reported it as a false positive and it's affecting css.php

77318027

 

[nodle]

It's a mod_sec rule. I've already reported it as a false positive and it's affecting css.php

77318027

Awesome @MattW I thought it had something to do with it.

 

[MattW]

I've added a link to this thread to my ticket with Imunify360.

 

[Mr Lucky]

Yes, @MattW was very quick off the mark with this.

 

[modified]

I had the same issue causing a false positive and had to add the following exceptions to .htaccess for a temporary fix.

<LocationMatch "/">
SecRuleRemoveById 77317957
SecRuleRemoveById 77350134
SecRuleRemoveById 77316797
</LocationMatch>

 

[Roka]

temporary fix:
In .htaccess

<IfModule mod_security2.c>
SecRuleRemoveByID 77318027
SecRuleRemoveByID 77350134
</IfModule>

 

[Sumanta0018]

unfortunately that probably will be a temporary fix.

then? how to fix this permanently? and what is the main reason behind this problem

 

[ArtG]

I get an internal server error every time I add the fix to .htaccess

 

[nodle]

then? how to fix this permanently? and what is the main reason behind this problem

I think we will have to wait for mod security to push out an update to fix the false positive, correct me if I am wrong?