Search Forums
Forums
Kiwitrees on Twitter
    Tags

    Histo, delete, order, login failure, simpl_pages, data errors, Export/Import, tabs, FAQ, individual resource, Relationship, mail, Add a wife, folder, HTML block, admin, cookie, transifex, future, design, MYSQL, source, new feature, fixing errors, name, 500, road map, logs, descendant, 3.2.0, 2.0.2, help, json, inactive, googlemap, relationships, mystyle, google, age, lists, gender change, colors, defacto, Favourites 3.0.0, re-order, updates, spam, html, block, add, research tasks, dead, Support/Bug Reporting, ASSO, fatal error, prefix, partner, configure, resources, default individual

    Topic:   Odd Edit Error  

    This topic contains 12 replies, has 2 voices, and was last updated by kiwi kiwi 4 months, 3 weeks ago.

    Viewing 13 posts - 1 through 13 (of 13 total)
    • Author
      Posts
    • #7828
      clandav
      clandav
      Participant

      121 posts

      I have just encountered an odd problem that I am having difficulty in explaining. When attempting to edit the content of a Notes entry for an individual. I receive the following message:

      {Forbidden

      You don’t have permission to access /webtrees/edit_interface.php on this server.
      Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.}

      I have tried editing various facts and events for the same individual, with no problem, tried editing Notes for other individuals without a problem, and tried adding new notes for this individual, again without problem. So it seems to be a function of the content of this note. It actually contains a number of odd special characters, which must have come about at some stage in the past when a GEDCOM was converted/imported – this is why I was trying to edit the note, but I find it difficult to believe that this could be the cause of the error.

      Here’s the individual record (click the Notes tab to see what i was trying to edit:
      http://www.clan-davies.org/webtrees/individual.php?pid=I5740

      Any suggestions?

      Ron

      Ron in France
      Website: http://www.clan-davies.org/webtrees/
      kiwitrees 3.3.0; PHP 7.0.18; MySQL 5.6.35 ;

      #7840
      clandav
      clandav
      Participant

      121 posts

      A further comment on this – I have tried making changes to the same Notes entry by way of editing the raw GEDCOM record and I receive the same error message when i attempt to save the changes.

      Ron in France
      Website: http://www.clan-davies.org/webtrees/
      kiwitrees 3.3.0; PHP 7.0.18; MySQL 5.6.35 ;

      #7841
      kiwi
      kiwi
      Keymaster

      1431 posts

      Ron

      It will most likely be related to the “odd” characters, but probably only one. Somewhere there will be a forbidden (i.e. otherwise normally used as a “special character”) in code.

      The best solution is to use Raw GEDCOM edit as you have tried, but in a slow, methodical way.

      1 – Remove it all except perhaps a couple of innocuous words at the start. Save.
      2 – Repeat adding a sentence or two at a time until the error re-appears, then back track and repeat using that last block of text but in smaller pieces.
      3 – Continue to reduce the size of the block of text until it becomes clear which particular character(s) are causing the issue and remove them or replace with something better.

      If finding the exact cause is not that important to you, the alternative is to transfer the text, which is anyway rather long for a note, into a PDF file and upload that instead.

      Nigel

      My personal kiwitrees site is www.our-families.info

      #7842
      clandav
      clandav
      Participant

      121 posts

      A further development….

      This may or may not be connected to the problem I have just described… but coming at the same time suggests to me that it is.

      In admin-users-manage users I just received a warning message I have not seen before:

      Data Tables warning. table id=list Ajax error.

      Leaving the page and trying to return to the individual I had been working on I had an ERR_CONNECTION_TIMED-OUT Site can’t be reached error. However, I can still access the site via my phone over the phone network, so seems to be IP address related. Contacted my hosting service and they confirmed that my ip address had been white-listed in the server firewall. They unblocked it and i just tried the same again – first attempted the edit referred to above on the same individual record – had the same ‘Forbidden’ message as before, then went into admin- users-manage users – same message as above. Then access to site lost again.

      Is this a kiwitrees issue or a server software issue??

      Ron in France
      Website: http://www.clan-davies.org/webtrees/
      kiwitrees 3.3.0; PHP 7.0.18; MySQL 5.6.35 ;

      #7843
      kiwi
      kiwi
      Keymaster

      1431 posts

      Is this a kiwitrees issue or a server software issue??

      Hard to answer at this stage. Possibly a combination of the two. Also probable that the NOTE error is the cause of the time-out, which in turn caused the site to go off-line.

      Can you or your server support techs see anything in the logs to indicate what specifically caused the time-out?

      Nigel

      My personal kiwitrees site is www.our-families.info

      #7844
      clandav
      clandav
      Participant

      121 posts

      Whilst waiting for my hosting service to unblock my ip address again and to get back to me re suspect log entries, let me respond to your previous suggestions re editing the raw GEDCOM Nigel.

      Before receiving your post, I had already tried changing a few suspicious characters in the text, but got the same forbidden error message, so copied the entire text into Notepad and edited it to be sure there was nothing offensive left, then tried to replace the entire text of the NOTE with my revised version – but got the same forbidden message. So tried doing NOTHING in the Edit – i.e.selected Edit raw Gedcom, and as soon as it opened the window clicked SAVE – same ‘Forbidden’ message! So I guess that only leaves two options – either I reload the GEDCOM to the site having modified the content off-line or I delete the entire individual entry and re-enter it (I favour this approach as I can key it in pretty quickly and can copy and paste the lengthy NOTE text – provide, of course, it allows me to DELETE!.

      But it doesn’t answer the question of why it happens, or exactly what causes it, so I’d like to pursue it a little further – and I don’t like the consequence being that my ip address gets blocked. That’s probably something I can get the hosting guys to think about – the LAST ip address that should be blocked from accessing my site is MINE!

      Ron in France
      Website: http://www.clan-davies.org/webtrees/
      kiwitrees 3.3.0; PHP 7.0.18; MySQL 5.6.35 ;

      #7845
      clandav
      clandav
      Participant

      121 posts

      OK – I have managed to DELETE the NOTE in its entirety (using my phone) so as soon as I get the site access back on the PC, I’ll put the text of the note I edited in Notepad into a pdf file and upload it as you suggested Nigel.
      So my problem is over – I think – but do you think it would be a good idea to have a tool to check for invalid characters in NOTES given the rather severe impact of hitting one – if indeed this was the cause?

      Ron in France
      Website: http://www.clan-davies.org/webtrees/
      kiwitrees 3.3.0; PHP 7.0.18; MySQL 5.6.35 ;

      #7846
      kiwi
      kiwi
      Keymaster

      1431 posts

      So my problem is over – I think – but do you think it would be a good idea to have a tool to check for invalid characters in NOTES given the rather severe impact of hitting one – if indeed this was the cause?

      We do, which is why I would like to look further into the cause of this problem. It is possible it is server settings (security related) rather than kiwitrees.

      Do you have a copy of the original NOTE you can email to me for testing?

      Nigel

      My personal kiwitrees site is www.our-families.info

      #7847
      clandav
      clandav
      Participant

      121 posts

      do you think it would be a good idea to have a tool to check for invalid characters in NOTES ….. We do

      Sorry Nigel – I should have known/guessed!

      Do you have a copy of the original NOTE you can email to me for testing?

      Yes – I’ll send it to right now.

      Thanks for your help.

      Ron

      Ron in France
      Website: http://www.clan-davies.org/webtrees/
      kiwitrees 3.3.0; PHP 7.0.18; MySQL 5.6.35 ;

      #7848
      kiwi
      kiwi
      Keymaster

      1431 posts

      Ron

      Bad news I’m afraid.

      • I added your note to my local test site (running kiwitrees 3.2.3, same as you) using raw GEDCOM edit – no problem at all.
      • I tried editing it as raw GEDCOM – no problem at all.
      • I tried a normal edit of the note – no problem at all.

      I then repeated each of those steps on my live site (Our families) with the same result.

      So my conclusion is that this is a server error. Hopefully your server techs will be able to pin-point the cause. My “best guess” would be security protection that needs “tweaking” slightly to allow whatever it doesn’t like about that note to get through.

      Nigel

      My personal kiwitrees site is www.our-families.info

      #7853
      clandav
      clandav
      Participant

      121 posts

      Thanks very much for going to ll that trouble for me Nigel – I’ll take it up with the hosting service guys and hopefully, with that help from you, they’ll be able to pin-point the cause. Do you think I should assume that the

      Data Tables warning. table id=list Ajax error.

      I had in admin-users-manage users was all part of the same problem?

      Ron in France
      Website: http://www.clan-davies.org/webtrees/
      kiwitrees 3.3.0; PHP 7.0.18; MySQL 5.6.35 ;

      #7856
      clandav
      clandav
      Participant

      121 posts

      Problem finally resolved – although I can’t say I fully understand what caused it!

      For information:
      1. Having deleted the NOTE which resulted in the ‘Forbidden’ error when I tried to edit it, and replaced it as suggested by Nigel by a PDF file, I then tried to recreate the problem by attempting to edit other NOTES which I found on the database with similar odd characters – but failed to generate the same error message.
      2. I then went into admin-users-manage users and again received the

      Data Tables warning. table id=list Ajax error

      and was unable to display the contents of the users table. This was immediately followed by my being unable to access the site again. Checking via my smartphone, however, it was again clear that the site was not down, but only my IP address was blocked.. I contacted the hosting service support guys and asked them to check it out.
      3. HS support said:

      your IP xxx.xx.xx.xxx is being blocked by “SQLmap attack” mod-security rules in the server

      4. I asked them if they could disable that security rule for my domain, which they did and I can now access admin-users-manage users without the error message and can display table contents and make changes as usual. Everything else on the site now seems OK too, so I’m happy!

      As far as I can see, there were two separate problems, but probably both linked in some way to my hosting service security rules settings, and nothing to do with kiwitrees. Many thanks to Nigel for getting involved, nevertheless, and thereby helping to speed resolution of the problem.

      Ron in France
      Website: http://www.clan-davies.org/webtrees/
      kiwitrees 3.3.0; PHP 7.0.18; MySQL 5.6.35 ;

      #7857
      kiwi
      kiwi
      Keymaster

      1431 posts

      Ron, glad that’s fixed.

      I then tried to recreate the problem by attempting to edit other NOTES which I found on the database with similar odd characters – but failed to generate the same error message.

      That probably means that the issue is in the actual words used rather than any “odd” characters.

      Mod_security is a valuable tool for server management, in the fight against hackers, but like any such tool it relies on recognising patters, of characters, words, phrases, actions etc.. So it is not that hard to run foul of one of it’s rules once in a while. But I’ve always found it slightly surprising that it doesn’t report, at least to the web host, the precise text etc that it rejected. That way you might avoid switching off the whole rule, but instead just tweak it slightly. It’s a bit like a very sophisticated spell-checker – mostly helpful, but really annoying some times 🙂

      …nothing to do with kiwitrees

      Kind-of true. It is to do with kiwitrees in as much as we do need to have extensive interactions with SQ; much more than an average web site; and often through the use of form data that transmits from php to sql via headers, cookies, urls etc. The code does have extensive protection against hacking attempts via code-injection the (use of those transfer techniques to inject malware code into the system) but we do have to be constantly vigilant. The nature of kiwitrees does make the problem a “necessary evil” we can only guard against, not ever eliminate.

      Nigel

      My personal kiwitrees site is www.our-families.info

    Viewing 13 posts - 1 through 13 (of 13 total)

    You must be logged in to reply to this topic.