[SOLVED] A possible CSRF attempt was detected

120 Posts

rhyno Reply #1, 14 years, 10 months ago

Hi,
Well I some how managed to screwup my site.... Nothing new as I am a newb when it comes to MODX....

Anyway, I currently am getting the following message when I click on andthing in the manager window....
A possible CSRF attempt was detected. No referer was provided by the server.
This occures when I set the Validate HTTP_REFERER headers to Yes.... But now I can’t get back into reset this.... Please help.
In trying to resolve this issue I logged out... Now I get the same error when I try to log in. I know it was stupid of me to log out... I really don;t what to re-install my modx site....

The important thing is not to stop questioning. Curiosity has its own reason for existing. One cannot help but be in awe when he contemplates the mysteries of eternity, of life, of the marvelous structure of reality. It is enough if one tries merely to comprehend a little of this mystery every day. Never lose a holy curiosity.

-Albert Einstein (1879 - 1955)

Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635

1,336 Posts

shamblett Reply #2, 14 years, 10 months ago

There’s a column named ’validate_referer’ in your <prefix>_system_settings table(0.9.6.2 here), use phpMyAdmin or some such to see what this is set to in your database, if its ’1’ set it back to ’0’ and see if the problem persists.

Use MODx, or the cat gets it!

120 Posts

rhyno Reply #3, 14 years, 10 months ago

I am not seeing a ’validate_referer’ in my modx_system_settings table. When I search for validate on my system I get nothing. Please advice.

The important thing is not to stop questioning. Curiosity has its own reason for existing. One cannot help but be in awe when he contemplates the mysteries of eternity, of life, of the marvelous structure of reality. It is enough if one tries merely to comprehend a little of this mystery every day. Never lose a holy curiosity.

-Albert Einstein (1879 - 1955)

Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635

☆ A M B ☆
24,524 Posts

sottwell Reply #4, 14 years, 10 months ago

It’s there; it’s on the third and last page of results in my phpmyadmin table browse page.

Studying MODX in the desert - http://sottwell.com
Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
Join the Slack Community - http://modx.org

120 Posts

rhyno Reply #5, 14 years, 10 months ago

Sorry Susan you were right... It was there... Just on the second page.... lol

Set it to 0 it was set to 1. But Still no dice...

http://www.chrys-haefen.com/modx/modx-0.9.6.3/manager/

The important thing is not to stop questioning. Curiosity has its own reason for existing. One cannot help but be in awe when he contemplates the mysteries of eternity, of life, of the marvelous structure of reality. It is enough if one tries merely to comprehend a little of this mystery every day. Never lose a holy curiosity.

-Albert Einstein (1879 - 1955)

Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635

☆ A M B ☆
24,524 Posts

sottwell Reply #6, 14 years, 10 months ago

Try clearing your browser cookies and cache for your domain.

Studying MODX in the desert - http://sottwell.com
Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
Join the Slack Community - http://modx.org

120 Posts

rhyno Reply #7, 14 years, 10 months ago

Well we are getting closer.... It gave me the login page.... when I logged in I got the error ’A possible CSRF attempt was detected. No referer was provided by the server.’ Any other ideas?

The important thing is not to stop questioning. Curiosity has its own reason for existing. One cannot help but be in awe when he contemplates the mysteries of eternity, of life, of the marvelous structure of reality. It is enough if one tries merely to comprehend a little of this mystery every day. Never lose a holy curiosity.

-Albert Einstein (1879 - 1955)

Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635

☆ A M B ☆
24,524 Posts

sottwell Reply #8, 14 years, 10 months ago

Hm. Search the assets/cache/siteCache.idx.php file; I believe that the system settings are cached there, and it may be using it from there instead of from the database. It’s on line 77 in my siteCache file.

Studying MODX in the desert - http://sottwell.com
Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
Join the Slack Community - http://modx.org

120 Posts

rhyno Reply #9, 14 years, 10 months ago

That was it... Logged in and everything is going great. Thank you so much for helping me out...

The important thing is not to stop questioning. Curiosity has its own reason for existing. One cannot help but be in awe when he contemplates the mysteries of eternity, of life, of the marvelous structure of reality. It is enough if one tries merely to comprehend a little of this mystery every day. Never lose a holy curiosity.

-Albert Einstein (1879 - 1955)

Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635

☆ A M B ☆
237 Posts

mdsdesign Reply #10, 14 years, 5 months ago

Can you explain in a little more detail how you cleared this up? I’m having the same issue and was pointed to this thread from my post.

Michael Smull
http://www.bigpixelstudio.com
twitter: @mdsdesign