On Mon, Aug 17, 2020 at 3:09 PM Tom Hutchison via MediaWiki-l mediawiki-l@lists.wikimedia.org wrote:

So, I'm just thinking out loud here to blow off steam. I've seen mod_security block MW edits and some other weird things on shared hosting.

Apparently, a shared host I admin for a project must have enabled some type of proactive scanning with ClamAV or more like a ClamAV Frankenstein and it is throwing false positive on RedirectSpecialPage.php. Trying to add it back manually, I can create the file but as soon as I add in the code. the host deletes it. I tried uploading it. Denied with message ->

"The file you uploaded, RedirectSpecialPage.php, contains a virus so the upload was canceled: YARA.blackhole_basic.UNOFFICIAL FOUND"

Obvious it is a false positive, but WOW. Posting just in case someone else is dealing with a stupid hosting provider who likes to flip switches and fails to poll then review the consequences before actually flipping the switches.

Yeah, mod_security does get a bit aggressive. The one annoys me is the horizontal rule I sometimes use as a break instead of a full blown heading, like H4 or H5:

-----

mod_security blocks that when the first two chars in a line are dash. I often have to turn off mod_security to submit the page.

Jeff