503 errors

Home Forums BulletProof Security Pro 503 errors

Viewing 15 posts - 1 through 15 (of 16 total)
1 2
  • Author
    Posts
  • September 13, 2017 at 5:58 am #34030
    Max
    Participant

    Dear Support, we have several 503 errors caused by BPS PRO on our hosting:

    “eg. I checked the case and I see a lot of execution of the following script:
    /wp-content/plugins/bulletproof-security/403.php
    This script has been executed 880 times for the last 24 hours.
    So for some reason the bulletproof-security plugin is executing 403.php more times than the actual visits of XXXX.ch.”

    What can I check? Regards, Matthias

    September 13, 2017 at 7:22 am #34031
    AITpro Admin
    Keymaster

    Post 3 of the 503 log entries so I can see them.

    September 13, 2017 at 7:30 am #34032
    Max
    Participant

    Dear Admin

    I don’t have those 503 logs as they were simply “told” to me by the VPShoster siteground. I will have to inquiry.

    But I think, I might have found a culprit: AIT PRO on http://www.willamcommunications.com has always had a “weird” installation, GUI bad, slow etc. that we had to fix together about a year ago.

    With 13.3 you started with MSCAN. I was never been able to finish Calculate or Start the scan on http://www.willamcommunications.com – I suspect that the CALCULATE or even the SCAN command was still active and running in the background. As of 10 minutes ago, I manually clicked on STOP – I hope that this has resolved my 503.

    Nevertheless, it’s still not ideal that this mscan script goes rogue but at least IF it was the script, my servers would be stable now.

    I will get back to you. Regards, Matthias

    BTW simply running about 8 visit cards wordpress on the VPS. CPU and RAM never go above 50%. FYI.

    September 13, 2017 at 7:50 am #34033
    AITpro Admin
    Keymaster

    MScan has a default maximum script execution time limit of 300 seconds / 5 minutes.  That means that if the script does not complete in 5 minutes then it will be automatically halted/stopped.  I don’t think MScan would be related to 503 errors, but if your server has problems that need to fixed then 503 errors can occur due to a bad PHP Build or other server problem.  HTTP Status 503 errors mean “Service Unavailable. The server is currently unable to handle the request due to a temporary overloading or maintenance of the server.”

    Typically the first thing you want to try to see if your PHP server build/installation is fubar is to switch your PHP server version in your control panel and by adding php/php.ini handler htaccess code in your root htaccess file (Only if your particular server requires that).

    September 13, 2017 at 7:59 am #34034
    AITpro Admin
    Keymaster

    Oops forgot to respond to your other question about BPS Pro plugin pages being broken by other plugins that you have installed > https://forum.ait-pro.com/forums/topic/bulletproof-security-menus-css-and-js-not-displaying-correctly/page/3/#post-30106.  We have figured out that adding the CSS “!important” property in BPS Pro CSS stylesheets for jQuery UI features does prevent other plugins from breaking BPS Pro CSS.  That new CSS code will be added in BPS Pro 13.4.  Unfortunately, this solution only works for visual stuff.  If other plugins are loading their js scripts in BPS Pro plugin pages and breaking BPS Pro js scripts then that problem would still exist until the plugin that is causing the problem for BPS Pro js is fixed/recoded/debugged.

    September 13, 2017 at 8:13 am #34035
    Max
    Participant

    Thank you for hinting the PHP Version. And I will try the jQuery fix.

    After a few hickups with 503 I went to http://www.willamcommunications.com and MSCAN and I think that the GUI was still telling me “running” or it looked simply DIFFERENT. When I pressed STOP, the GUI looked familiar again.

    I was migrating a few sites to PHP7 as suggested by the host (siteground) but this started in June. The 503 startet 2-3 days ago with the 13.3 update. Maybe it’s not related but you know how that things are. As the servers availability is supervised I will find out soon enough and I hope that it nevertheless was/is the MSCAN on WiCo.

    September 13, 2017 at 8:25 am #34036
    AITpro Admin
    Keymaster

    If a problem occurs somewhere then the GUI will look different depending on which phase of scanning where the problem occurred.  The MScan Stop Scan button is a reset button as well as a stop button to return MScan to it’s default “resting state”.  We have seen some common problems so far and have listed them on the MScan Guide forum topic > https://forum.ait-pro.com/forums/topic/mscan-malware-scanner-guide/   MScan is designed in a way that it allows someone to choose to scan an unlimited amount of folders and files to scan, which will obviously run into problems if a hosting account has 10,000+ files that are being scanned at one time.  On our particular hosting account MScan fails when we try to scan more than 20,000 files at one time.  Other server types especially VPS servers will obviously have a much lower maximum number of files that can be successfully scanned at one time due to the way VPS servers manage memory/resources/peak usage, etc.  What we will probably have to do is create some sort of limitations/restrictions or offer a way to scan X number of files in chunks/stages vs allowing MScan to have unlimited/unrestricted scanning capability.

    September 13, 2017 at 8:32 am #34037
    Max
    Participant

    WiCo is a small site with not many files. Simply WP with maybe 10 sites and of course a handfull of themes/plugins.

    I realized when entering mscan on WiCo, the “calculating time” never ended. It was like “building up” time from left to right. Then I though, I simply start the scan and again, this scan never stopped or ended properly (like on all other 6-7 AIT installations I have). I then simply left it alone. I understand that the script SHOULD timeout, but I also remember that somehow it simply doesn’t felt like behaving properly and doing erratic “percent bar drawing”. Well, just a feedback.

     

    September 13, 2017 at 8:33 am #34038
    AITpro Admin
    Keymaster

    One of the primary reasons we built ARQ IDPS years ago vs a standard Malware Scanner is because Malware scanners consume significantly more resources vs ARQ IDPS, which is far superior to any malware scanners and uses pretty much nothing in resources.  The decision to create a malware scanner was done because so many people requested that feature.  We believe malware scanners are a useful tool, but they are insignificant compared to BPS Pro ARQ IDPS. 😉

    September 13, 2017 at 8:36 am #34039
    AITpro Admin
    Keymaster

    The problem you are describing is this common problem > https://forum.ait-pro.com/forums/topic/mscan-malware-scanner-guide/ Since MScan is designed to allow unlimited/unrestricted folder/file scanning then it is up to each website owner to choose to scan less files at one time instead of trying to scan an entire hosting account at one time in one scan.

    Scan appeared to stop or do nothing (checking the MScan Log shows that the scan appears to have just stopped on its own):
    If you run a scan and it stops on its own for no reason then try to rerun the scan again. If the scan fails again then either you are trying to scan too files at one time or your web host does not allow whatever you are trying to do or your are scanning images files, which will cause the scan to stop on some web hosts or there is some other issue/problem occurring.  Post any issues, problems or questions in the forum topic link above.

    September 13, 2017 at 8:37 am #34040
    Max
    Participant

    I am still inquiring for the logfile at SiteGround:
    I checked the case and I see a lot of execution of the following script:
    http://rnrglatt.ch/wp-content/plugins/bulletproof-security/403.php
    This script has been executed 880 times for the last 24 hours.
    And the index page of rnrglatt.ch ( http://rnrglatt.ch/index.php ) was executed only 399 for the last 24 hours.
    So for some reason the bulletproof-security plugin is executing 403.php more times than the actual visits of rnrglatt.ch.

    September 13, 2017 at 8:41 am #34041
    AITpro Admin
    Keymaster

    I need to see your Security Log file in order to be able to provide any sort of answer.  On this forum site there are on average around 5,000 attacks per day against this forum site, which equals 5,000 security log entries, which means that BPS Pro 403.php logging template file is called 5,000 times per day to log those 5,000 Security Log entries.  880 log entries is actually fairly low in comparison to what this forum site gets daily/all day/everyday/til the end of time…

    It is important to note that we do not get 5,000 visitors per day to this forum site.  Attacks are not the same thing as a visit to a website and are obviously not counted as a visit to a website.  99% of the attacks are hackerbots and spambots.  Typically bots are not counted as visitors.

    September 13, 2017 at 10:22 am #34044
    Max
    Participant

    This log below isn’t helping. But I also thinkg that 880 hits in 24 is like 88 times in 160min is like 8 times in 16 min is like 1 x every two minutes but what can I say – this is what my support agent at siteground tells me.

    === Top 3 active domains =========================
Domain Type Hits GET POST OTHER Executions
----------- ---- ---- ---- ---- ----- ----------
rnrglatt.ch main 4545 4247 248 50 3277
--------------------------------------------------

=== Top 10 Executed Scripts =============================================================================================================================
Count Script Local Path
----- ------------------------------------------------------------------ ------------------------------------------------------------------------------
1946 http://rnrglatt.ch/wp-content/plugins/bulletproof-security/403.php /home/rnrglattchef/public_html/wp-content/plugins/bulletproof-security/403.php
906 http://rnrglatt.ch/index.php /home/rnrglattchef/public_html/index.php
316 http://rnrglatt.ch/wp-cron.php /home/rnrglattchef/public_html/wp-cron.php
42 http://rnrglatt.ch/wp-admin/load-scripts.php /home/rnrglattchef/public_html/wp-admin/load-scripts.php
21 http://rnrglatt.ch/wp-admin/load-styles.php /home/rnrglattchef/public_html/wp-admin/load-styles.php
20 http://rnrglatt.ch/wp-admin/admin.php /home/rnrglattchef/public_html/wp-admin/admin.php
7 http://rnrglatt.ch/wp-admin/admin-ajax.php /home/rnrglattchef/public_html/wp-admin/admin-ajax.php
6 http://rnrglatt.ch/xmlrpc.php /home/rnrglattchef/public_html/xmlrpc.php
6 http://rnrglatt.ch/wp-admin/index.php /home/rnrglattchef/public_html/wp-admin/index.php
4 http://rnrglatt.ch/wp-load.php /home/rnrglattchef/public_html/wp-load.ph

[Wed Sep 13 12:06:24 2017] [error] [client 37.60.238.134] client denied by server configuration: /home/rnrglattchef/public_html/wp-content/plugins/bulletproof-security/admin/mod-test/mod_access_compat-od-nc-denied.png, referer: http://www.rnrglatt.ch/wp-content/plugins/bulletproof-security/admin/mod-test/mod_access_compat-od-nc-denied.png
[Wed Sep 13 10:56:18 2017] [error] [client 37.60.238.134] client denied by server configuration: /home/rnrglattchef/public_html/wp-content/plugins/bulletproof-security/admin/mod-test/mod_access_compat-od-nc-denied.png, referer: http://www.rnrglatt.ch/wp-content/plugins/bulletproof-security/admin/mod-test/mod_access_compat-od-nc-denied.png
[Wed Sep 13 10:53:21 2017] [error] Execute of /home/rnrglattchef/public_html/index.php stopped because of load 40.69
[Wed Sep 13 10:53:21 2017] [error] Execute of /home/rnrglattchef/public_html/index.php stopped because of load 40.69
[Wed Sep 13 10:53:18 2017] [error] Execute of /home/rnrglattchef/public_html/index.php stopped because of load 40.69
[Wed Sep 13 10:53:18 2017] [error] Execute of /home/rnrglattchef/public_html/index.php stopped because of load 40.69
[Wed Sep 13 10:53:15 2017] [error] Execute of /home/rnrglattchef/public_html/index.php stopped because of load 42.45
[Wed Sep 13 10:53:15 2017] [error] Execute of /home/rnrglattchef/public_html/index.php stopped because of load 42.45
[Wed Sep 13 10:53:14 2017] [error] Execute of /home/rnrglattchef/public_html/index.php stopped because of load 42.45
[Wed Sep 13 10:53:14 2017] [error] Execute of /home/rnrglattchef/public_html/index.php stopped because of load 42.45
[Wed Sep 13 10:39:52 2017] [error] Execute of /home/rnrglattchef/public_html/wp-content/plugins/bulletproof-security/403.php stopped because of load 29.51
[Wed Sep 13 10:39:52 2017] [error] Execute of /home/rnrglattchef/public_html/wp-content/plugins/bulletproof-security/403.php stopped because of load 29.51
[Wed Sep 13 10:39:52 2017] [error] Execute of /home/rnrglattchef/public_html/wp-content/plugins/bulletproof-security/403.php stopped because of load 29.51
[Wed Sep 13 10:39:52 2017] [error] Execute of /home/rnrglattchef/public_html/wp-content/plugins/bulletproof-security/403.php stopped because of load 29.51
[Wed Sep 13 10:39:52 2017] [error] Execute of /home/rnrglattchef/public_html/wp-content/plugins/bulletproof-security/403.php stopped because of load 29.51
    September 13, 2017 at 10:38 am #34046
    AITpro Admin
    Keymaster

    Ok what I see is that you definitely have server problems.  Calling the wp index.php file or the BPS 403.php file should not cause your server to crap out.  So what you need to look at is what is wrong with the server and not the symptoms of the probem > index.php and 403.php reported as causing a “load” problem and the server crapping out.  In other words, the BPS 403.php file could be called 1,000,000 times in a very short period of time and the resource usage should/would be barely noticeable or measurable.

    September 13, 2017 at 10:45 am #34049
    Max
    Participant

    I understand. No I will try to tell siteground support that it’s not a BPS AIT problem or wordpress problem but a siteground problem. Wish me good luck.

  • Author
    Posts
Viewing 15 posts - 1 through 15 (of 16 total)
1 2
  • You must be logged in to reply to this topic.