I got hacked the other week - and while it was fairly easy to get the rest of the site back up to speed, the web forms appear to have taken a bigger hit.
I now can't go back in and edit any old forms or I get this message:
I can create new forms to get around this - but if I try to create new database tables based on these forms, I get the same error message. I really need to get a couple of new competition forms up this week so would appreciate any quick help you can give me! Thanks!
I now can't go back in and edit any old forms or I get this message:
Not Acceptable
An appropriate representation of the requested resource /administrator/index2.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
I can create new forms to get around this - but if I try to create new database tables based on these forms, I get the same error message. I really need to get a couple of new competition forms up this week so would appreciate any quick help you can give me! Thanks!
Hi,
Sorry to hear about the hack.
The 406 Error is a very rare error with modern browsers. Most browsers actually accept any kind of page (MIME, Charset, Encoding, Language, etc), so servers should not have any issues serving a PHP-document to these.
However, on Apache web servers, there's a "feature" called mod_security, which allows the web server admin to add pattern matching rules. These test each request made to the server, and looks for "odd" things that might indicate a malicious hacker being in play. If triggered, these rules may throw a 403, 406, 412, etc error.
If your admin did a poor job setting up these rules (or simply used a predefined package of "standard rules", without adjusting them for the intended use), this could very easily break an otherwise well-working site.
ChronoForm tends to suffer greatly to these "rush-jobs", as the forms in the backend are supposed to submit javascripts, php-code, the ampersand (&) character, and similar (obviously needed, as this is how we create our forms).
This is hard to work around, since admins generally don't like users removing security features (working or not). Your best bet though, is to get in touch with your server admin, and ask them to either re-work their mod_security rules, or disable the module for your admin-site.
You might also want to check this site: http://urbangiraffe.com/2005/08/20/mysterious-406-error/
/Fredrik
Sorry to hear about the hack.
The 406 Error is a very rare error with modern browsers. Most browsers actually accept any kind of page (MIME, Charset, Encoding, Language, etc), so servers should not have any issues serving a PHP-document to these.
However, on Apache web servers, there's a "feature" called mod_security, which allows the web server admin to add pattern matching rules. These test each request made to the server, and looks for "odd" things that might indicate a malicious hacker being in play. If triggered, these rules may throw a 403, 406, 412, etc error.
If your admin did a poor job setting up these rules (or simply used a predefined package of "standard rules", without adjusting them for the intended use), this could very easily break an otherwise well-working site.
ChronoForm tends to suffer greatly to these "rush-jobs", as the forms in the backend are supposed to submit javascripts, php-code, the ampersand (&) character, and similar (obviously needed, as this is how we create our forms).
This is hard to work around, since admins generally don't like users removing security features (working or not). Your best bet though, is to get in touch with your server admin, and ask them to either re-work their mod_security rules, or disable the module for your admin-site.
You might also want to check this site: http://urbangiraffe.com/2005/08/20/mysterious-406-error/
/Fredrik
This topic is locked and no more replies can be posted.
