Chat messages with certain string getting dropped

[xss]

Hello all,

today, with a fresh install of PFC, I noticed a really strange behavior:

Almost all chat messages that somehow contain the string 'rm' at the end of a word, like in the word 'term' or 'harm', and some other text after that in the same line, get dropped. Possibly also others.

You can try it out yourself here, try with something like 'no harm done' or 'long term relationship'.

This is the original index.php, nothing changed.

I can't reproduce the issue, though. I copied the whole folder as it is to another server, and there the issue does not happen (at least not with this string, didn't test for much more), and neither it happens with the demos here on this site.

What could be the problem here? It seems to be server related, but I cannot really imagine what and why...

Volunteers?
xss


EDIT: Added the parts in italics to make the issue clearer and reproducible...

[re*s.t.a.r.s.*2]

Hi,
went there, seems to work fine.

regards.

[xss]

For anyone who simply tried typing 'harm': Try 'harm done' or anything else after the 'rm'. With a quote character or another letter (as in 'harms') right after the 'rm' it seems to work. With a space not.

Thank you for trying.

[charlesbrown678]

I have not tried yet but i think it will definitely an interesting thing

[xss]

So what, the issue still persists. Anyone still interested in this?

I have not tried yet but i think it will definitely an interesting thing

As interesting as this is, from a programmer's point of view; for chatting this is actually quite disruptive, when lines with random content get dropped...

It seems to be somewhat server related, too:
- I copied the whole PFC folder as is (downloaded from my original host, uploaded somewhere else) to two other hosts, but could not reproduce this (exact) issue on any of those other servers (haven't tested with real chatting, so it may be that other strings get dropped now...).
- But I also copied (re-uploaded) the whole folder to another directory within my web space (so, same server), that is even the root for another one of my domains, and there the '*rm *' issue appears to be the exact same.

Please, anyone with a bit of insight? A piece of advice? Any ideas? Where could I look for any hints?

xss

[re*s.t.a.r.s.*2]

Hi,

Xss, I have gone there again and made a test after your properly described how to duplicate the issue.
I've receiver a 403 forbidden in firebug, and I think I seen this issue before, there is something called mod_security that is currently running in some server, try to talk to your admin IT and tell him to white-list your chat url or to turn this feature off in your account...

that's as much i can tell you..

kind regards.

[xss]

Hello re*s.t.a.r.s.*2,

thank you for testing again and for your reply.

It never occurred to me to look at the firebug console. I'll look into the mod_security thing, that's at least a point to start. Though, I still don't really understand how/why a normal string of a word in a chat could cause such trouble.

Kind regards,
xss

[xss]

Hello,

by now I know a bit more. Indeed mod_security is somehow the cause as it checks any post in the chat for forbidden words (well, strings of words, actually) that could be used in server-side shell commands, such as „rm “, „kill “, „perl “, „links “, „php “, „echo “ and many more.

I contacted the server admin; I hope they know a way... :/

Thanks again for the hint, re*s.t.a.r.s.*2, muchas gracias, y que tengas una buena noche.

Kind regards/saludos,
xss