File Lock problem after Hosting Panel Update

Home Forums BulletProof Security Pro File Lock problem after Hosting Panel Update

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • October 27, 2013 at 6:37 pm #10693
    Andre
    Participant

    Hi,

    a week ago or so my hoster made an update of the I-MSCP Hosting panel. All sites that were running either BPS free or Pro were having the file lock problem, that the server wasnt able to understand the 404 lock of the htaccess. We tried to figure it out a bit, but couldnt so far and would like to get your advise on this.

    I observe the following behaviour:
    As soon as I enter over FTP and put 644 as right the whole thing works again.

    I have read about the auto file lock then and as soon as I entered the the file lock page on backend the file is locked auto like on 404 again, I have no chance to change the file lock to DSO 644 File Permission, to try out that setting…

    I mean ANYTIME I enter the page the file is locked to 404 again, which I also consider to be the auto file lock. But what setting could be done on the server? What should I tell my hoster?

    Could some outdated settings of PHP be the cause? He suggested to set open base dir to off… Also, because I have problems with DB Manager, it couldnt read the path to the mysql path and Dump path. Could this also be responsible for the file lock problem?

    Cheers.Thanks in advance ..
    Andre

    October 27, 2013 at 7:48 pm #10694
    Andre
    Participant

    I forgot: The server notices a 403 error when the file is locked with 404

    October 28, 2013 at 5:15 am #10696
    Andre
    Participant

    But because it happens also with the free versions, is it really a file lock problem only? I had a site this night, where I looked into the folder with FTP before starting updates. The htaccess was 644. And the site was offline… After the update of the webhosting panel last week, I just didnt remember to check it also. Just want to say.

    October 28, 2013 at 9:20 am #10701
    AITpro Admin
    Keymaster

    Yes, the F-Lock page is designed to automatically lock files just by accessing the page.  If this host does not allow you to lock files then turn off locking for all files in F-Lock that your Host does not allow you to lock.  If you are seeing alerts that files are not locked then go to S-Monitor and turn off F-Lock alerts.

    I assume the problem with BPS free is that the root .htaccess file is locked in the BPS free version and your Host does not allow the root .htaccess file to be locked.

    In general, file locking is no longer that important as a security measure.  It was years ago, but it no longer adds that much additional security protection.

    October 28, 2013 at 9:22 am #10703
    AITpro Admin
    Keymaster

    The other possibility is the new Brute Force Login page protection code is causing a problem.

    Remove this code shown in the link below from your root .htaccess file and test.

    http://forum.ait-pro.com/forums/topic/you-dont-have-permission-to-access-wp-login-php-on-this-server/#post-10686

     

    October 30, 2013 at 8:13 am #10780
    Andre
    Participant

    Okay, only the htaccess file makes problems when locked. Secondly, as I can read the Brute Force Login code is not standard code and I dont use it in my root .htaccess… so…

    October 30, 2013 at 8:31 am #10783
    AITpro Admin
    Keymaster

    Some web hosts do not allow you to lock your root .htaccess file.  Go to the B-Core htaccess File Editor tab page and click the Turn Off AutoLock button.  Also go to F-Lock and turn off checking and alerts for your root .htaccess file.

    Yes, the Brute Force Login page protection code will no longer be standard BPS Pro code when BPS Pro 7.7 is released.

    October 30, 2013 at 10:54 am #10792
    Andre
    Participant

    Ah, cool there is a auto lock button. You think about any occurrence… 🙂

    Well, but my hoster WOULD like to do me the favor to add another layer of security ( I really like the idea anyway) so he never heard about it and would like to know how he could set it to “allow filelocking” for me….

    Could You please tell me?

    October 30, 2013 at 11:00 am #10794
    AITpro Admin
    Keymaster

    A Server Administrator would need to edit the Server’s httpd.conf or vhosts file to allow this on the Server.  This is something only a Server Administrator can do.  You do not have permissions to do this.

    October 30, 2013 at 11:18 am #10795
    Andre
    Participant

    I meant… my hoster WOULD like to do me the favor ….

    He doesnt know how.How shoudl HE do it FOR ME?
    😉

    October 30, 2013 at 11:21 am #10797
    AITpro Admin
    Keymaster

    I really can’t answer that because there are many different types of Servers and then there are many different modules installed and then there are many different Server environments and then there are about 100 or so other factors that could be involved.  My suggestion is that your hoster should do some Google searches for how to do this on their specific Server type, environment, etc etc etc.

  • Author
    Posts
Viewing 11 posts - 1 through 11 (of 11 total)
  • You must be logged in to reply to this topic.