Support

Site Restoration

#36090 Kickstart triggering a ModSec rule with my host

Posted in ‘Site restoration’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

PHP version
n/a
CMS Type
Other
CMS Version
n/a
Backup Tool Version
n/a
Kickstart version
n/a

Latest post by on Thursday, 02 December 2021 20:17 CST

Tuesday, 02 November 2021 08:36 CDT

sandstorm871

I'm a long-time, confident & competent user of Akeeba Backup/Kickstart Pro and use it daily. 

It always works great, and I don't think I've ever had an issue - Until now :(

 

I'm trying to restore a backed-up copy of a test Joomla4 site [www.emdr.concom1.co.uk], using Akeeba Backup and Kickstart pro, in the same way I always do, on the same host I always use in the UK - guru.co.uk

These are great hosts, where I have 100's of Joomla 3/4 sites running well and used by many other Joomlers in the UK too.

With this restoration, once completed, I get a 403 error.

After deleting and restoring again, testing further, and speaking with the host, they have told me that a ModSec rule is triggered by kickstart.php. So I changed the filename to ksp.php, retired again with the same ModSec rule being triggered.

 

This is the ModSec Rule being triggered.

The rule is to protect from Information disclosure vulnerability in Eclipse Jetty before 9.2.9.v20150224 (CVE-2015-2080)

As above, I've used Akeeba Back up & kickstart 100's of times and never ran into an issue like this, so I tested another Joomla 4.0.3 backup on another/different guru server/account I have and am running into the same problem.

 

Tested with kickstart core & pro 7.1.0, but don't have any older versions to test and cant see a Kickstart Archive.

 

Any ideas would be appreciated, and I'm happy to test further.

My host's solution was to ask for support from you and/or disable the rule for this specific domain?

 

Thanks in advance,

Andy Connell

Tuesday, 02 November 2021 11:15 CDT

tampe125

Hello,

while performing the extraction, Kickstart saves the whole application state and sends it in the request, so it can continue the extraction from the previous step.

This means that in the request there's A LOT of serialized data, that could trigger some security rules. Sadly that's something we can't modify, since it's required by Kickstart to keep track of the work that is doing.

The only solution is to temporary disable mod_security rules until the extraction completes, or extract everything locally and then use FTP to upload your files to the new server.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 02 December 2021 20:17 CST

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
Edited by on 2021-12-02 20:17 CST

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!