Thread

This question may be related to a resolved thread.

For some reason my member login pages have broken on my EE site. They worked fine months ago when I first set it up. Perhaps something happened during an update?

As brought up in the related post I have changed profile word to something _other_ than member - I don’t even use EE’s member forms. I created my own and use Solspace User Module to accomplish everything member related.

Why would this have broken and how can I fix it?

This question may be related to a resolved thread.

For some reason my member login pages have broken on my EE site. They worked fine months ago when I first set it up. Perhaps something happened during an update?

As brought up in the related post I have changed profile word to something _other_ than member - I don’t even use EE’s member forms. I created my own and use Solspace User Module to accomplish everything member related.

Why would this have broken and how can I fix it?

Hi J. Hull,

What version of ExpressionEngine are you using? Has your server recently upgraded to a newer version of php? if so then your version of EE 1.x might be incompatible - I would strongly recommend upgrading to 1.7.2 and if possible 2.4.

Since you are using the Solspace User Module I would also recommend talking to them about what might be causing the issue and upgrading their add-on if there is a new version available.

Sean

Hi J. Hull,

I’m sorry you are experiencing this problem. However since you are using a third party module to achieve this functionality we are unable to provide support. I recommend that you contact Solspace for support on this issue. Is there anything else I can assist you with?

Sean

We are seeing this same behavior with 1.7.0 and we are on Engine Hosting. Just came up out of the blue. Is there a way to see if Engine Hosting was upgraded? Do you know if 1.7.2 absolutely fixes this? We are not ready to move to 2.4 in the immediate term.

I tried changing the Membership Preferences > General Configuration > Profile Triggering Word value as suggested in the other thread and it did not correct the issue.

Thanks,
Chuck

I’m in contact with Solspace but as there is someone else experiencing the same issue (and also on EngineHosting as well) I suspect it is on your end. Also, I’m running on 2.1. You can fold this into the other post I have in the EE2 Tech Support thread.

As posted in the EE 1 Tech Support thread, as there is someone else experiencing this same problem ALSO on EngineHosting I would imagine that is the problem (as he is not using the User module). I’m in contact with Solspace, but can you confirm that there wasn’t anything changed on the EngineHosting side?

Hello J. Hull,

We have heard from other users that EngineHosting has taken some extra security steps.

See below.

Recently EngineHosting implemented a new Intrusion Protection System rule that filters out access to any URI containing /member/ in efforts to keep spammers and bots from abusing unprotected ExpressionEngine CMS installs.  Meaning if any of their EE sites had links to the member profile area, etc. using “member” as the trigger word, visitors to those links would get a 403 error.

Can you try switching your keyword and see if that fixes it?

Cheers,

Wow, WTF EngineHosting?

You’d think making a change like this would warrant an email to customers.

I contacted EngineHosting and was told this:

If you log into the Enginehosting.com Control Panel where we post all server news (uses sFTP username and password) You’ll find the following information related to your troubles:

(Original - 02/24/2012) Our IPS (Intrusion Protection System) signatures are including something new for performance protection of site, and is now implemented for shared accounts (shared IP addresses) only. It is filtering out requests for any URI that starts with /member/ (This will not affect your site if you have not removed index.php from the URL, so anything with /index.php/member/ still works.)
ExpressionEngine sites with member registration activated need to change the default Profile Triggering Word setting from member to something else (http://ellislab.com/expressionengine/user-guide/cp/members/membership_preferences.html). This should be a common anti-spam practice for sites anyway.
This rule improves the performance for all shared hosting clients by filtering out a highly abused URI, here and across the Web and in the end benefits the vast majority of clients which is always the priority in a shared hosting environment.
This rule is not implemented on private IPs (for people with SSL certificates) in shared hosting, and does not affect IP addresses of VPS or private/dedicated cluster clients either unless they are finding abuse towards that URI type is adding traffic or load to their site then we can also include them also.

I can’t disagree with their decisions but I’m a little disappointed that they thought it was sufficient to post the update on a controlpanel that most users never have reason to visit.

Very uncharacteristic of EngineHosting support, which is usually top-notch. Hope they’re not starting to slip…

Hey everyone, I’m sure this is frustrating. Sorry to see you all experiencing this. Since it’s not a tech support issue with ExpressionEngine, however, I’m going to move it over to the Community Help forum. If you have any questions or concerns about this, please feel free to contact me.

Did we miss a notification of this change?