BackupBuddy Cron backups – BackupBuddy exec function

[AITpro Admin]

Email Question:

Hi Ed I’m still not able to do any backups, that 1gb thing is not accurate I only have around 300mb total of files. Still can’t get backupbuddy or BackUpWordpress to work… The last email I got from my host was:

Hi Mike,

You can enable the “exec” function from the VIP Control Panel >> Click on Manage Hosting Services >> Drop Down: select php.ini builder >> select custom. And remove disable_functions line.

Please let me know if you have any queries or concerns.

Regards,

xxxxxx
VentraIP Customer Care team

So yeah still issues…. I’m still guessing it’s bulletproof blocking it? Or something to do with the php.ini files? I have no idea but I’m scared to update my wordpress and bulletproof plugin without doing a backup.

Please help!

[AITpro Admin]

There are 2 known issues with BackupBuddy and BulletProof Security Pro.

1.  The php exec() function issue – blocks command line backup zips

BackupBuddy – Your server does not support command line Zip. Backups will be performed in Compatibility Mode – BPS Pro ONLY
The custom php.ini file that comes with BPS Pro has the exec() php function added to the disable_functions directive. BPS Pro has several overlapping layers of security protection so if you want to allow the exec() function to be used on your website then remove exec function from the disable_functions = system, exec, passthru, shell_exec, show_source, popen, pclose, pcntl_exec directive in your custom php.ini file. Your website will still be protected against Shell scripts because several other common php functions used in hackers Shell scripts are still blocked in your custom php.ini file.

To edit your custom php.ini file go to the P-Security >>> Php.ini File Editor Tab page and choose your custom php.ini file (the label/name that you gave your custom php.ini file in the Php.ini File Manager – All Purpose File Manager) from the dropdown select options and click the Select button to open your custom php.ini file.  If you have not added your custom php.ini file path the Php.ini File Manager yet then click the Diagnostic Checks/Recommendations Run Check button to get your custom php.ini file path (Loaded Configuration File: /xxxxx/public_html/php.ini) and copy that path into any empty text box in the Php.ini File Manager, add your Label – custom php.ini file – and click the Save Changes button.  You will now see your custom php.ini file Label name listed in the Php.ini File Editor dropdown select options.

If you do not have a custom php.ini file setup and would like to setup a custom php.ini file click Custom php.ini setup steps

2.  The wget Cron issue – blocks automated scheduled backups using the BackupBuddy wget Cron

How to add this solution below to BPS Custom Code to save it permanently: http://forum.ait-pro.com/forums/topic/backupbuddy-ping-waiting-for-server/#post-8430

Edit your Root .htaccess file and remove/delete wget| from the 2 BPS Pro security filters shown below in your Root .htaccess file.  Make sure you delete the pipe operator | as well as wget.

RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]

RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]

There is 1 known issue with BackUpWordPress

BackUpWordPress – WP-Cron 302 or 403 response/error 

The BackUpWordPress plugin makes a HEAD Request to verify that the site is up. The BPS Request Method nuisance filter will block that HEAD Request.

1. Copy this code below to this BPS Root Custom Code text box: CUSTOM CODE REQUEST METHODS FILTERED: 
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

BPS Pro 11.6+ & BPS free .53.2+
You may see this code or the 11.5+/.53.1+ code in your root htaccess file.  The code does the same exact thing and is whitelisted in the same exact way.

# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
#RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
#RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]

BPS Pro 11.5+ & BPS free .53.1+

# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
#RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
#RewriteRule ^(.*)$ - [R=405,L]

BPS Pro 11.4|BPS free .53 and lower versions

# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and
# remove/delete HEAD| from the Request Method filter.
# Example: RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
# The TRACE, DELETE, TRACK and DEBUG Request methods should never be removed.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]

[VADER]

Hey Ed

I have tried everything you suggested but still no luck. My hosts current response is…

Hi Mike,

Can you confirm you created the custom php.ini file? Please also consult faq.ventraip.com.au/questions/134/Why+is+my+web+based+offsite+backup+script+is+failing%3F

Please let me know if you have any queries or concerns.

Regards,

Aaron Winning
VentraIP Customer Care team

So I tried what they said and still no luck. It seems like it’s a problem with the custom php.ini? I know you helped me set that up but I have no idea what the issue would be…

[AITpro Admin]

Ok here is the first thing you need to do:  Forget everything anyone else is telling you and delete those emails.  So far they have you wandering around out in left field staring at blades of grass.  Actually that last email may actually be valid and useful information.  The previous emails they sent you definitely were not useful or valid.

The solutions above work so something must not have been done correctly or the problem is not related to BPS Pro at all.

Create a temporary WordPress Admin login account (WITH A SECURE PASSWORD:  EXAMPLE: e$@u84Pb!#yG73#!) and send it to info at ait-pro dot com. Thanks.

[VADER]

Ok thanks mate, email sent.

[AITpro Admin]

I changed the unsecure password that you sent to a secure password.  Please change the Role of this login account from Admininistrator to Subscriber.  I am logged out of your website.

You had an ancient version of BPS Pro installed so I installed the latest version BPS Pro 5.6.1 and setup the Plugin Firewall.  You are using a shopping cart plugin so I have whitelisted PayPal as well as other payment gateway providers.

– The exec function was already removed from your php.ini file.
– HEAD was already removed from the nuisance filter.
– wget was NOT removed from the User Agent security filter – it has now been removed/deleted.
It did not appear to me that you had any BackupBuddy scheduled Cron jobs setup, but if you did then they should work fine now after removing wget from the security filters.

Ok now this is what is causing your website to run so sluggishly and this could also be causing backups to fail.

You are using 46.56MB of memory when your website is doing nothing / just idling.  You ONLY have 64MB total allocated to this website.  I imagine when you start running a backup your memory is going to be somewhere around 64MB or in other words your website is maxed out on resources.  So let’s say you have 20 people visiting your website at the time you are running a backup – your backup will definitely FAIL.  Solution: Get your Host to increase your memory limit to 128M or 256M.  If they want to charge you a little more for this then that extra charge is well worth doing this.  They may just increase your memory at no additional cost to you.

PHP Version: 5.3.17
PHP Memory Usage: 46.56 MB
WordPress Admin Memory Limit: 64M
WordPress Base Memory Limit: 40M
PHP Actual Configuration Memory Limit: 64M

[AITpro Admin]

I checked your web hosts help pages and you are allowed to increase your PHP memory to 128M.

These are the steps to do that:
1.  Go to P-Security and open your custom php.ini file with the PHP.ini File Editor.  Scroll down in your custom php.ini file until you see this php.ini directive:  memory_limit = 64M and change it to memory_limit = 128M and save your changes.
2.  Go to the ini_set Options page and change your Memory Limit:  from 64M to 128M and click the 1. Save Options button and the 2. Enable Options button.

Your PHP memory limit for your website will now be 128M.

[Author]

Posts