You are not logged in. Please login or register.
PunBB Forums → PunBB 1.2 troubleshooting → HELP!!!
When i try to add a new user to the admin list via their profile, it says
Not Acceptable
An appropriate representation of the requested resource /forums/profile.php could not be found on this server.
I tried modifying the chmod of the file, and that only made it IMPOSSIBLE to go into their profile, so i set it back to 644. Please help!
From previous threads on this (and my memory) I bet your host is using a set of mod_security rules that includes a rule that completely disables administration functionality via profiles (it says it prevents an old security issue, but it doesn't, other than that it makes it completely impossible to change usergroups). Talk to your host
http://punbb.org/forums/viewtopic.php?id=9266
The rules, as I said, were here
#PunBB version <= 1.2.2 auth bypass exploit
SecFilterSelective REQUEST_URI "profile\.php\?section=admin\&id=.*\&action=foo"
That's the bad rule: I don't even think it fixes a real bug
Edit: And indeed, I was right
This was the real bug
http://dev.punbb.org/changeset/123
All that rule does is mess with PunBB
Thank you for the report. Putting out a new release now that should fix this. Please let me know if its still false alarming for you.
While it looks to me like all they did is add the correct rule (and didn't remove the bad one) I can't really judge (since I know little about mod_security). So, talk to your host, see if they'll update, and if it still doesn't work I'll fire off another email
PunBB Forums → PunBB 1.2 troubleshooting → HELP!!!
Powered by PunBB, supported by Informer Technologies, Inc.