Lots of cron errors in the Security Log

Home Forums BulletProof Security Pro Lots of cron errors in the Security Log

Tagged: ,

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • May 5, 2013 at 9:56 pm #5385
    Dennis
    Participant

    Greetings – I’ve got a few WP 3.5.1 sites running BPS Pro 5.8.1, and each one is generating a cron error every few minutes. Any ‘best practice’ for eliminating the cron error messages? Thanks. For example:

    >>>>>>>>>>> 403 GET or Other Request Error Logged - May 6, 2013 - 12:42 am <<<<<<<<<<<
REMOTE_ADDR: 555.555.555.555
Host Name: gator5555.hostgator.com
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-cron.php?doing_wp_cron=1367815335.3883531093597415555555
QUERY_STRING:
HTTP_USER_AGENT: WordPress/3.5.1; http: //www.areallyneatwebsite.com
    May 5, 2013 at 10:27 pm #5391
    AITpro Admin
    Keymaster

    Looks like there might be a cron conflict of some kind going on or you have an alternate cron constant in your wp-config.php file or another plugin is forcing an alternate cron.
    http://codex.wordpress.org/Editing_wp-config.php#Alternative_Cron

    Please list all the plugins that are running crons on your site. or another possibility is that you have a cron job setup in your control panel that is being blocked.  Do you have any cron jobs setup in your control panel?

    May 6, 2013 at 10:10 am #5423
    Dennis
    Participant

    I searched for ‘cron’ in wp-config.php and came up empty, Admin. I do have 2 cron jobs running in cPanel however: I’m more that willing to try to jump through any hoops you may suggest, but don’t count on me for any scathingly brilliant ideas – most of what I’m wading through here is over my head. Thanks much.

    Minute Hour Day Month Weekday Command
11 3 * * * /usr/local/bin/perl /usr/local/cpanel/3rdparty/quickinstall/scripts/checkupdates.pl
*/20 * * * * php -q -d safe_mode=Off /home/hydroace/public_html/IWPAdminPanel/cron.php >/dev/null 2>&1
The first cron was setup by ??, and the second cron was set up by InfiniteWP.

Using Cron View (a WordPress plugin), I get the following scheduled cron jobs:
Next due (GMT/UTC) Schedule Hook Arguments
May 5, 2013 @ 18:16 (1367777801) Once Hourly bpsPro_security_log_check
May 5, 2013 @ 18:26 (1367778378) Once Hourly bpsPro_email_log_files
May 5, 2013 @ 18:41 (1367779312) Once Hourly wp_cache_gc_watcher
May 5, 2013 @ 18:57 (1367780252) Once Hourly bpsPro_php_elog_check
May 5, 2013 @ 19:44 (1367783054) Once Daily wp_scheduled_delete
May 5, 2013 @ 20:31 (1367785868) Twice Daily wp_session_garbage_collection
May 6, 2013 @ 0:00 (1367798400) Once Hourly wp_cache_gc
May 6, 2013 @ 2:15 (1367806510) Once Daily bpsPro_update_check
May 6, 2013 @ 2:37 (1367807830) Once Daily akismet_scheduled_delete
May 6, 2013 @ 15:37 (1367854657) Once Daily yoast_tracking
May 6, 2013 @ 16:32 (1367857979) Twice Daily wp_version_check
May 6, 2013 @ 16:32 (1367857979) Twice Daily wp_update_plugins
May 6, 2013 @ 16:32 (1367857979) Twice Daily wp_update_themes
May 6, 2013 @ 16:59 (1367859597) Once every 15 minutes bpsPro_AutoRestore_check
    May 6, 2013 at 11:44 am #5425
    AITpro Admin
    Keymaster

    One of the crons appears to be perl based.   I do not see that these are wget crons, but here are the things you need to try first. Edit your root .htaccess file and look for this .htaccess code that you will find in your root .htaccess file.

    RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]

RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]

    Remove/delete both libwww-perl| and wget| from the security filter above.  Your modified root .htaccess file code should look like this below.

    RewriteCond %{HTTP_USER_AGENT} (havij|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]

RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    May 7, 2013 at 7:28 am #5442
    Dennis
    Participant

    As promised, over my head. I turned off ARQ, unlocked .htaccess (& made sure I was looking at the root .htaccess), edited the file to exclude libwww-perl|wget| in the two specified places, updated the file, cleared the security log and reset the last time modified in db to remove the warning message. I got more errors in the security log, and went back to the root .htaccess file to see if I’d screwed up (ARQ still off, root .htaccess still unlocked). The edits I’d made were undone – “libwww-perl|wget|” had returned. I figured I’d fouled up the edit somehow, and tried it again, but got the same results.

    Clues? Thanks for the followup.

    May 7, 2013 at 8:14 am #5445
    AITpro Admin
    Keymaster

    Do only these troubleshooting steps and test again.  If the issue is related to BPS then the only possible factors would be the root .htaccess file, the wp-admin .htaccess file or the plugins folder .htaccess file.

    1. On the Security Modes page, click the Root Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.
    2. On the Security Modes page, click the wp-admin Folder BulletProof Mode Deactivate button.  See Custom Code Note if doing this step works.
    3. On the Security Modes page, click the Plugin Firewall BulletProof Mode Deactivate button.

    Test at this point and let me know if the security log errors are still occurring.

    May 7, 2013 at 9:18 am #5450
    Dennis
    Participant

    Going back to a vanilla security setup did eliminate the errors (and the Security Log)… but I’m trying to get BPS Pro to protect the site while maintaining its functionality.
    I restored the BPS Pro .htaccess files and deleted “libwww-perl|wget|” again, then immediately locked .htaccess. The deleted code did not reappear (thankfully), but the cron errors did. Most recently:

    >>>>>>>>>>> 403 GET or Other Request Error Logged - May 7, 2013 - 12:13 pm <<<<<<<<<<<
REMOTE_ADDR: 555.555.555.555
Host Name: gator5555.hostgator.com
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: 555.555.555.555
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-cron.php?doing_wp_cron=1367943236.7683210372924804687500
QUERY_STRING:
HTTP_USER_AGENT: WordPress/3.5.1; http: //www.areallyneatsite.com

    Edit: I removed any code in .htaccess which was not generated by BPS Pro – even WP Super Cache’s.
    Any other tricks up your sleeve? Much appreciated.

    May 7, 2013 at 10:02 am #5454
    AITpro Admin
    Keymaster

    Ok send me a temporary WordPress Admin login to this site so I can figure this out.  Send that login info directly to edward at ait-pro dot com.

    May 7, 2013 at 3:42 pm #5482
    AITpro Admin
    Keymaster

    Hmm well the Cron errors are not occurring anymore and the Plugin Firewall has been activated for a while now.  Maybe the Server Reboot was all that was needed.

    FYI – BPS Pro has a Cron Checker located in Pro-Tools >>> Scheduled Crons

  • Author
    Posts
Viewing 9 posts - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.