Hi!
I made a fresh install of SuiteCRM using Softaculous on WHM (LAMP). After the clean instal, login will not work. Password retrieve will not work. I checked all the preconditions in the server for SuiteCRM to work, they are ok except ZLIB. Check text in red below:
Recommended installation pre-requisites
PHP: ok, php7.0
JSON: As of PHP 5.2.0, the JSON extension is bundled and compiled into PHP by default. http://www.php.net/manual/en/json.installation.php
XML Parsing: yes, extension=php_xmlrpc.dll and extension=php_domxml.dll are listed and uncommented (without “;”) at php.ini
MB Strings Module: php-mbstring enabled on php7.0.
Writable SugarCRM Configuration File (config.php): which file permission code? 755?
Writeable Custom Directory: which folder permission code? 755?
Writable Modules Sub-Directories and Files: yes,
Writable Upload Directory
Writable Data Sub-Directories
Writable Cache Sub-Directories
PHP Memory Limit (at least 128M): yes on php.ini.
ZLIB Compression Module: cannot enable it in Apache 2.4, not allowed.
ZIP Handling Module: enabled on php7.0
PCRE Library: installed PCRE version 7.8 2008-09-05
IMAP Module: enabled on php7.0
cURL Module: enabled on php7.0
Upload File Size: enabled on php7.0
Sprite Support: yes, php-devel + php-gd enabled on php7.0 https://stackoverflow.com/questions/9024946/centos-enabling-gd-support-in-php-installation
Apache 2.4 and PHP 7.0 restarted.
Still, login will not work. On requesting help with my hosting provider, they say the login issue is related to SuiteCRM coding, which is blocked by Comodo WAF. Comodo WAF thinks this is a Blind SQL Injection. They supplied me with this from error log:
[Sun May 21 11:36:01.619314 2017] [:error] [pid 3640] [client 220.225.193.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match “(?i:\\b(?:t(?:able_name\\b|extpos[^a-zA-Z0-9_]{1,}\\()|(?:a(?:ll_objects|tt(?:rel|typ)id)|column_(?:id|name)|mb_users|object_(?:id|(?:nam|typ)e)|pg_(?:attribute|class)|rownum|s(?:ubstr(?:ing){0,1}|ys(?:c(?:at|o(?:lumn|nstraint)s)|dba|ibm|(?:filegroup|o …” at ARGS_NAMES:user_password. [file “/var/cpanel/cwaf/rules/24_SQL_SQLi.conf”] [line “18”] [id “211540”] [rev “9”] [msg [color=#880000]“COMODO WAF: Blind SQL Injection Attack[/color]||mydomain.com|F|2”] [data "Matched Data: use
r_password found within ARGS_NAMES:user_password: user_password"] [severity “CRITICAL”] [tag “CWAF”] [tag “SQLi”] [hostname “mydomain.com”] [uri “/stcr/index.php”] [unique_id “xxx”]
Hide full text
Request:
POST /stcr/index.php
Action Description:
Access denied with code 403 (phase 2).
Justification:
Pattern match “(?i:\b(?:t(?:able_name\b|extpos[^a-zA-Z0-9_]{1,}\()|(?:a(?:ll_objects|tt(?:rel|typ)id)|column_(?:id|name)|mb_users|object_(?:id|(?:nam|typ)e)|pg_(?:attribute|class)|rownum|s(?:ubstr(?:ing){0,1}|ys(?:c(?:at|o(?:lumn|nstraint)s)|dba|ibm|(?:filegroup|o …” at ARGS_NAMES:user_password
tailf /usr/local/apache/logs/error_log
Please, any advice to solve this SuiteCRM security issue and let me login is welcome.
Looking forward to your reply,
Rgs
IM