Can't Upload a Video. Changed PHP settings and other stuff but still can't post.

John johnny Posted in General Discussion 6 years ago

I tried a lot thing. Changed PHP settings(set maximum values to 32M and 16M), disabled mod security in cPanel and tried again(mod security disabled=no video but empty post instead/easily uploading photos. mod security enabled=no videos/photos with error message), modified .htacess, added php.ini in directory. Simply did whatever i could and consulted domain provider support but none of these worked. here is the screenshot of /ossninfo.

SCREENSHOT : https://cdn.filestackcontent.com/nKiElEUeRgKhKceKaijs

Please help me out. Thanks in Advance.

Replies
ge John johnny Replied 6 years ago

Thanks guys. I wrote to the provider and it has been solved.

German Michael Zülsdorff Replied 6 years ago

After all, I don't think that my suggested command would be of any relevance anymore. It was just an idea because in the beginning John told us:

> mod security enabled=no videos/photos with error message

Three days later things appeared totally different, though:

> I mean if you help me through i could enable Mod security and still be
> able to upload images larger than 0.5M

That is: John IS able to upload photos, only the upload size seems to be limited. Hence directory permissions are completely out of discussion. You either have the permission to write to a directory or you don't.

That's why I would forget about that ssh stuff, study the error_log again and ask the provider which special settings/restrictions are part of his modsecurity configuration.

gb Rishi B Replied 6 years ago

@John, nobody can tell you exactly how to access the SSH interface to your server, if your web host even provides it. It's going to be specific to whatever hosting company you are using. I have sometimes seen an SSH item somewhere on cPanel, so if that's what you have, search for SSH. SSH is essentially an interface that allows you to access the server from a command-line Linux interface. For this reason, it can be good for diagnosing issues, and for installing packages (such as FFmpeg, as needed for the Video component).

If I were you, I would try to find out from your web host if you have SSH access available to you.

ge John johnny Replied 6 years ago

Hey Z man, why you don't reply, you might be of help. I really don't get it, i mean it. You could guide me by posting screenshot on how to access that SSH or command shell. I don't really want to leave an open door for any kind of attack at the same time maintain the site performance. I mean if you help me through i could enable Mod security and still be able to upload images larger than 0.5M. Otherwise mod security doesn't allow me to do so. Thanks in Advance.

ge John johnny Replied 6 years ago

can you enlighten me a bit more. I am not much of a tech guy. Don't know these kind of stuff.

German Michael Zülsdorff Replied 6 years ago

I meant the command shell on your webserver.
You would need an SSH login to your server to access it.

ge John johnny Replied 6 years ago

By the way, do you know how can i restore "it is free and always be & by clicking these you agree out terms and conditions" line. I mean i tried to change it to turkish. but then noticed that there is also ossn.tr.php in public_html/locale but modifying these lines in ossn.tr.php turned them into
its:free and gdpr:confirm:signup. here is the screenshot.

ge John johnny Replied 6 years ago

Sorry but i didn't understand what you mean by command shell. I opened cmd prompt and windows powershell but they gave "invalid switch" message. Did you mean to find that in cPanel ? if so, i still don't understand how to find (-type d) or type it. Thanks in Advance

German Michael Zülsdorff Replied 6 years ago

I just had another look into your ossninfo and found that your data directory's permission are 755 in opposite to your installation directory which is set to 750.

In fact I remember a modsecurity that declined working on a site with too 'open' permissions.
So you may try to change the permissions of your data directory to 750 recursively like

find /home/geostude/ossndata -type d -exec chmod 750 {} \;

from your command shell and verify whether this makes a difference.

German Michael Zülsdorff Replied 6 years ago

As you have rightly pointed out, modsecurity provides an extra layer of additional security. But since this layer is not part of Ossn but part of your website hosting, you can only ask your provider or check your Cpanel to see if there is a way to customize any modsecurity settings.

Apart from that, from our point of view Ossn doesn't really need this additional layer because Ossn itself already has several built-in filters that prevent things like sql injection, etc.