Error 444 Script or Action Blocked

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
This is a new one for me, and I couldn't find anything about it online.
So after wasting 4 hours of rewrites, I'm afraid that I have to beg the
gurus for help!

This is a relatively simple script. It takes a variable from the
header, and compares it to a tab-delimited flat-text database. Once it
finds a match, it uses the other info in the database to show a dynamic

For instance, go to:

These are all in the order by which they are in the database. Scroll
down to "Diane Benesh Day Care Home," and click on the title to be
taken to a view.php page. This is where you'll see the error, but it
only happens with this one; all of the other names seem OK.

Has anyone seen this one before, or have any idea what it means?



The only real PHP code in the script is as follows:

// if there's no variable, send them to the intro page
if (!$_GET['id']) header("Location: index.php?error=true");

else {
  $found = FALSE;

  // if a single quote was in the name, PHP placed a \ in front
  //of it by default
  $_GET['id'] = str_replace("'", "'", $_GET['id']);

// get database info
$providers = FILE("$basepath/providers.xls");

foreach ($providers as $key) {

  // get rid of the \n at the end
  $key = rtrim($key);

  // $more_junk is here for your benefit; there are really about
  // 20 variables in the script
  // I actually don't use /t in the script, I use a real tab. I wasn't
  // sure if that would show up in the NG, though
  list ($facility, $more_junk) = explode("/t", $key);

  // if it's found, change the boolean and stop looking
  if ($_GET['id'] === $facility) {
    $found = TRUE;

if ($found) {
  // print HTML code

else header("Location: index.php?error=true");

Re: Error 444 Script or Action Blocked

Jason wrote:
Quoted text here. Click to load it
Try disabling SecurePHP.

My bet is that you're trying to access/write to a file that you should not
have permission to do so.  What does $basepath equal?


Carl Vondrick
To contact me, please use my website.

Re: Error 444 Script or Action Blocked

str_replace("\'", "'", $variable)

Gaurav Vaish

Re: Error 444 Script or Action Blocked

Carl, I don't think I have an option to disable SecurePHP. This is a
remote-hosted website, so I don't have full configuration ability.
Also, a search on Google for "disable securephp" came back with 0
results, and a search for "securephp" only came back with a few (most
pointing to a subdomain). Any idea on how to disable it?

$basepath is a variable pointing to the database directory, and it's
the same for all of the other variables:

$basepath = "/home/wilkessmartstart/data";

The code you see above is literally all of the PHP code; everything
after that is just HTML and plugging in the variables pulled from the
database. The only time a database is called is what you see above
(using FILE), and there are 2 include() commands (for the header and

MasterGaurav, I changed the \ to \ as you suggested, but that didn't
have any impact on this error. Thanks for catching that, though.

Re: Error 444 Script or Action Blocked

I hate to reply to myself, but I've made a discovery.

In this case, the variable $facility equals "Diane Benesh Day Care
Home." I found that if I change it in the database to "Diane Benesh,"
it works fine. But as soon as I make it a single character longer (ie,
"Diane Benesh D"), I get that error.

So I've left it as "Diane Benesh" for now, but that's not right and the
customer will complain before long.

Does "benesh" have a special meaning in PHP?

Re: Error 444 Script or Action Blocked

Jason wrote:
Quoted text here. Click to load it

Well, one of your problem is the URL Benesh

is invalid.  You can't have spaces in a URL. It should be

Browsers will try to correct for this, but it may be a problem when sending it  
back into the server.  Check out htmlentities() for how to convert the invalid  
space to %20.  It may not solve your problem, but it will fix another potential  
problem you can have with some browsers.

And as for "bensch" having a special meaning in PHP (another post), no, it  
doesn't.  Even if it did, you wouldn't be using it in PHP here.  It's strictly a  
string.  You could use any PHP reserved word here, also - or anything else, for  
that matter.

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Site Timeline