Problems saving emails with word 'select' in the content

Hello all,

I’ve been using Mautic for years without any issues at all saving emails on Mautic.
That was working with emails in Spanish (I’m based in Madrid).

I started to work with a new customer with emails in ENGLISH language and I started to have problems saving emails in Mautic. The system freeze or hanged when saving.

I was very skeptikal as I never saw that problem before and the only emails failing on saving where in English.

Today I found that ANY email with html code, even inside p paragraphs had the words “select” or “selected”, the emails failed.
Just removing that word from HTML solved the issue, so I assume that is being caused by any kind of security configuration or SQL injection related issue.

That problem is happening to me with LiquidWeb USA hosting and all the Mautic instances under their hosts.
I’m also working with Siteground hosting in Europe and that problem did not appear, so I see this issue more related to SQL configuration / hardening / PHP version more that something inside the Mautic code.

Cheers,

Alejandro.-

At the moment, looks like ModSecurity is causing this issue.
When I create a new email, Mautic freezes and hangs. At the same time, a CRITICAL alert appears in the ModSecurity console called 300016 Generic SQL injection protection.
I’m asking my hosting company Liquidweb to enable a tool called
CMC, Configserver’s ModSec Control plugin

I’ll keep you posted.

Cheers,

Hello,

Finally I reached the solution.
Installed / Configured ConfigServer ModSecurity Control - cmc v3.02 and whitelisted alert 300016 Generic SQL injection protection in WHM for that cPanel instance.
The copy / paste of HTML emails in the Mautic email code editor now saves correctly and does not hang or freezes anymore.
Cheers,

This is that I saw in the WHM Modsecurity console:

2020-04-14_10-38-501435×39 11.1 KB

false positive1363×165 66.1 KB