Home › Forums › BulletProof Security Pro › How To Troubleshoot PHP Errors, php errors in your php error log
Tagged: PHP Error Log, php errors
- This topic has 258 replies, 43 voices, and was last updated 10 months, 1 week ago by Iris.
-
AuthorPosts
-
jenaParticipant
As they have mentioned:
At around 2:02 on the 7th i noticed your memory levels drop very low, the cause of this was due to many wp-cron.php scripts being ran, i have shown these below. Each one of these was using up around 70-90M of memory, which caused the server to start killing off processes. I recommend moving up a VPS level, reducing memory usage of your PHP scripts or disabling wp-cron.Does bps has AutoRestore Cron only or other cron also works? May be the cron increases resource usage that kills processes.
AITpro AdminKeymasterThe AutoRestore Cron runs all day long from morning to night – every 15 minutes. If the problem was the AutoRestore Cron then it would not be occurring only at 2:02 and would instead be a constant problem.
The AutoRestore Cron and AutoRestore itself use barely any memory/resources at all. We designed AutoRestore with performance/speed in mind. We threw away a lot of code for about 6 months until we acheived all goals – maximum website speed performance and 100% accuracy.
So to sum up everything – AutoRestore is not the root cause of this issue. What I do know from logging into your sites and your site architecture and how you are using it is this – your websites will continue to degrade/get slower as you add more sites. You should take the advice of the Host Support person because I believe that he/she is absolutely correct in his/her assessment. If your site is showing signs of resources being maxed out now the problem will only continue to get worse as you add more and more Network/Multisite subsites for your customers. For what you are doing with your Network/Multisite architecture you should have VPS or Dedicated hosting.
KrzysztofParticipantHello,
sometimes I get a php error pop up but when i click the clik here link the log is empty.AITpro AdminKeymasterDo you see any php errors in your php error log? Or is your php error log always empty / blank?
jenaParticipantWe have now upgraded vps. The new disk space is 165G
Used 56G
Available 110G
Percent Used 34%
But still get the server gone away errors.AITpro AdminKeymasterPlease ask your web host to assist you. php errors are not specific to or caused by BPS Pro and are general errors that BPS Pro logs. php errors can be caused by coding mistakes in other plugins or themes or Server side issues.
jenaParticipanthere is the latest reply I got-
Our diagnostic tools do not scan for corrupt scripts, but instead log various system activities. The most recent errors I found on your server occurred at 09:05 this morning, and were caused by the system running out of memory. Unfortunately, this was due to someone scanning for install scripts for CMS systems and utilities that don’t exist on your server. They scanned for at least 45 different install scripts at the same time, resulting in a large number of MySQL queries and PHP processes stacking up. Here is a list of remote IPs viewing pages at 09:05 this morning:
45 202.133.61.26 2 192.254.200.222 1 66.249.74.202 1 54.235.131.172 1 192.254.200.225 1 192.254.200.224 1 188.143.232.111
As you can see, the first IP is the one that was scanning your server. In this case, making changes to the MySQL timeout would not help (this can be changed in /etc/my.cnf), and upgrading would likely not help either (they’d just be able to load a few more pages before causing a problem). A more efficient solution may be to create a static 404 error page and use that on your sites: https://support.hostgator.com/articles/cpanel/custom-error-pages This will prevent all of the PHP processes and MySQL calls from happening when someone scans for files that don’t exist. I did go ahead and implement a more optimized MySQL configuration for you though.
So this is surely due to the attacks by bots etc. How to reduce/prevent these spam attacks through bps?
AITpro AdminKeymasterDisregard my last post. I actually do not think that 404 errors could be causing the problem. Maybe excessive scanning of your website could cause the problem? I think the root cause of this issue is not what was stated above and is actually still related to excessive MySQL queries somewhere (plugin, theme) on your website. What I recommend you do is hire a website developer or coder to figure out what the root of the problem is. We no longer offer any other services besides BPS Pro support.
jenaParticipantYes the excessive scanning could be due to attacks by hackers,spam bots. Today I found these kind of requests in security log in all multisites. So how to prevent this excessive usage by hackers?
REQUEST_URI: /wp-admin/images/wordpress-logo.svg and access to login pages HTTP_REFERER: http://findhopetoday.com/wp-login.php REQUEST_URI: /wp-login.php
AITpro AdminKeymasterYou can use this Brute Force Login page protection code below and follow the instructions in the link below for how to add the code to BPS Pro Custom Code. And enable JTC Anti-Spam, which adds Brute Force Login page protection. BPS Pro Login Security also adds Brute Force Login protection.
http://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/
# BRUTE FORCE LOGIN PAGE PROTECTION # Protects the Login page from SpamBots & Proxies # that use Server Protocol HTTP/1.0 or a blank User Agent RewriteCond %{REQUEST_URI} ^(/wp-login\.php|.*wp-login\.php.*)$ RewriteCond %{HTTP_USER_AGENT} ^$ [OR] RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR] RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$ RewriteRule ^(.*)$ - [F,L]
jenaParticipantThis code is already added.
AITpro AdminKeymasterOk then your site is already protected. Log entries in your Security log are hackers and spammers that are already being blocked. You do not need to do anything else when they are already being blocked. The Security log also logs HTTP errors for troubleshooting legitimate things that BPS Pro may be blocking, but most of what is logged in your Security Log file is blocked hackers, spammers, scrapers, miners, etc etc etc.
AITpro AdminKeymasterI doubt very seriously that the origin / source of the problem is hacker scanner or probes on your website. Our sites get around 500,000 scans / probes per month and they do not slow down or cause slowness or any other problems for our sites. The original issue on your sites is excessive MySQL queries so that is what you should be looking at / into. I recommend that you hire someone for a day to look over your site and find the root cause / origin / source of the real problem.
jenaParticipantHere another reply I got from hostgator
“What Rob was trying to explain is that configuring a custom 404 page would preempt WordPress and bypass PHP processing. Unfortunately, this would not work, since a properly configured WordPress site uses mod_rewrite nonexistent directories to index.php, which is then responsible for determining if a page exists or not. Raising execution time is possible, however this may actually make the problem worse because it would allow more PHP scripts to run simultaneously, which will use even more memory. One thing we can try is to disable wp-cron and then create a proper cron job set to execute every 15 minutes instead of on every page load. This should reduce the load on your server. Please let us know if you’d like us to make this change for you”
Bullet proof ARQ cron is set to run each 15 minutes on all multisites/networks.
is there any other cron runs by bullet proof?
What the support specified above can be done?AITpro AdminKeymasterIf they choose to disable wp-cron then you might as well not use AutoRestore/Quarantine and just turn it Off. It will not work in the way that they are proposing. BPS Pro is performance optimized. The cron may fire more frequently than every 15 minutes, but what this triggers is Directory Iterators and that is all. BPS Pro is specially designed not to cause performance problems. To someone who does not understand what BPS Pro is actually doing then they will assume things that are not correct – this happens all the time. On the surface the BPS Pro wp-cron issue looks like a possible cause of a problem, but it is not and never has been or never will be the cause of this type of problem.
I’m going to point this fact out again – 1,000’s of BPS Pro users are using AutoRestore/Quarantine on 1,000’s of web hosts Worldwide and they are not experiencing the problems that you are experiencing on your website – it is not BPS Pro that is causing these problems directly. It is possible that some other plugin is malfunctioning and involving BPS Pro in that problem, but BPS Pro is not the root cause of the issues you are experiencing on your website.
If you would like to test to see if their theory is correct then turn Off AutoRestore for a day or so.
There are 100’s of websites that are using BPS Pro on HostGator web hosting and none of them are experiencing the problems that are occurring on your website. Our HostGator testing website hosted on HostGator is not experiencing these problems.
-
AuthorPosts
- You must be logged in to reply to this topic.