Home › Forums › BulletProof Security Pro › File Lock problem after Hosting Panel Update
- This topic has 10 replies, 2 voices, and was last updated 10 years, 6 months ago by AITpro Admin.
-
AuthorPosts
-
AndreParticipant
Hi,
a week ago or so my hoster made an update of the I-MSCP Hosting panel. All sites that were running either BPS free or Pro were having the file lock problem, that the server wasnt able to understand the 404 lock of the htaccess. We tried to figure it out a bit, but couldnt so far and would like to get your advise on this.
I observe the following behaviour:
As soon as I enter over FTP and put 644 as right the whole thing works again.I have read about the auto file lock then and as soon as I entered the the file lock page on backend the file is locked auto like on 404 again, I have no chance to change the file lock to DSO 644 File Permission, to try out that setting…
I mean ANYTIME I enter the page the file is locked to 404 again, which I also consider to be the auto file lock. But what setting could be done on the server? What should I tell my hoster?
Could some outdated settings of PHP be the cause? He suggested to set open base dir to off… Also, because I have problems with DB Manager, it couldnt read the path to the mysql path and Dump path. Could this also be responsible for the file lock problem?
Cheers.Thanks in advance ..
AndreAndreParticipantI forgot: The server notices a 403 error when the file is locked with 404
AndreParticipantBut because it happens also with the free versions, is it really a file lock problem only? I had a site this night, where I looked into the folder with FTP before starting updates. The htaccess was 644. And the site was offline… After the update of the webhosting panel last week, I just didnt remember to check it also. Just want to say.
AITpro AdminKeymasterYes, the F-Lock page is designed to automatically lock files just by accessing the page. If this host does not allow you to lock files then turn off locking for all files in F-Lock that your Host does not allow you to lock. If you are seeing alerts that files are not locked then go to S-Monitor and turn off F-Lock alerts.
I assume the problem with BPS free is that the root .htaccess file is locked in the BPS free version and your Host does not allow the root .htaccess file to be locked.
In general, file locking is no longer that important as a security measure. It was years ago, but it no longer adds that much additional security protection.
AITpro AdminKeymasterThe other possibility is the new Brute Force Login page protection code is causing a problem.
Remove this code shown in the link below from your root .htaccess file and test.
AndreParticipantOkay, only the htaccess file makes problems when locked. Secondly, as I can read the Brute Force Login code is not standard code and I dont use it in my root .htaccess… so…
AITpro AdminKeymasterSome web hosts do not allow you to lock your root .htaccess file. Go to the B-Core htaccess File Editor tab page and click the Turn Off AutoLock button. Also go to F-Lock and turn off checking and alerts for your root .htaccess file.
Yes, the Brute Force Login page protection code will no longer be standard BPS Pro code when BPS Pro 7.7 is released.
AndreParticipantAh, cool there is a auto lock button. You think about any occurrence… 🙂
Well, but my hoster WOULD like to do me the favor to add another layer of security ( I really like the idea anyway) so he never heard about it and would like to know how he could set it to “allow filelocking” for me….
Could You please tell me?
AITpro AdminKeymasterA Server Administrator would need to edit the Server’s httpd.conf or vhosts file to allow this on the Server. This is something only a Server Administrator can do. You do not have permissions to do this.
AndreParticipantI meant… my hoster WOULD like to do me the favor ….
He doesnt know how.How shoudl HE do it FOR ME?
😉AITpro AdminKeymasterI really can’t answer that because there are many different types of Servers and then there are many different modules installed and then there are many different Server environments and then there are about 100 or so other factors that could be involved. My suggestion is that your hoster should do some Google searches for how to do this on their specific Server type, environment, etc etc etc.
-
AuthorPosts
- You must be logged in to reply to this topic.