Lots of cron errors in the Security Log

Home Forums BulletProof Security Pro Lots of cron errors in the Security Log

This topic contains 8 replies, has 2 voices, and was last updated by  AITpro Admin 5 years, 1 month ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #5385

    Dennis
    Participant

    Greetings – I’ve got a few WP 3.5.1 sites running BPS Pro 5.8.1, and each one is generating a cron error every few minutes. Any ‘best practice’ for eliminating the cron error messages? Thanks. For example:

    >>>>>>>>>>> 403 GET or Other Request Error Logged - May 6, 2013 - 12:42 am <<<<<<<<<<<
    REMOTE_ADDR: 555.555.555.555
    Host Name: gator5555.hostgator.com
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-cron.php?doing_wp_cron=1367815335.3883531093597415555555
    QUERY_STRING:
    HTTP_USER_AGENT: WordPress/3.5.1; http: //www.areallyneatwebsite.com
    #5391

    AITpro Admin
    Keymaster

    Looks like there might be a cron conflict of some kind going on or you have an alternate cron constant in your wp-config.php file or another plugin is forcing an alternate cron.
    http://codex.wordpress.org/Editing_wp-config.php#Alternative_Cron

    Please list all the plugins that are running crons on your site. or another possibility is that you have a cron job setup in your control panel that is being blocked.  Do you have any cron jobs setup in your control panel?

    #5423

    Dennis
    Participant

    I searched for ‘cron’ in wp-config.php and came up empty, Admin. I do have 2 cron jobs running in cPanel however: I’m more that willing to try to jump through any hoops you may suggest, but don’t count on me for any scathingly brilliant ideas – most of what I’m wading through here is over my head. Thanks much.

    Minute Hour Day Month Weekday Command
    11 3 * * * /usr/local/bin/perl /usr/local/cpanel/3rdparty/quickinstall/scripts/checkupdates.pl
    */20 * * * * php -q -d safe_mode=Off /home/hydroace/public_html/IWPAdminPanel/cron.php >/dev/null 2>&1
    The first cron was setup by ??, and the second cron was set up by InfiniteWP.
    
    Using Cron View (a WordPress plugin), I get the following scheduled cron jobs:
    Next due (GMT/UTC) Schedule Hook Arguments
    May 5, 2013 @ 18:16 (1367777801) Once Hourly bpsPro_security_log_check
    May 5, 2013 @ 18:26 (1367778378) Once Hourly bpsPro_email_log_files
    May 5, 2013 @ 18:41 (1367779312) Once Hourly wp_cache_gc_watcher
    May 5, 2013 @ 18:57 (1367780252) Once Hourly bpsPro_php_elog_check
    May 5, 2013 @ 19:44 (1367783054) Once Daily wp_scheduled_delete
    May 5, 2013 @ 20:31 (1367785868) Twice Daily wp_session_garbage_collection
    May 6, 2013 @ 0:00 (1367798400) Once Hourly wp_cache_gc
    May 6, 2013 @ 2:15 (1367806510) Once Daily bpsPro_update_check
    May 6, 2013 @ 2:37 (1367807830) Once Daily akismet_scheduled_delete
    May 6, 2013 @ 15:37 (1367854657) Once Daily yoast_tracking
    May 6, 2013 @ 16:32 (1367857979) Twice Daily wp_version_check
    May 6, 2013 @ 16:32 (1367857979) Twice Daily wp_update_plugins
    May 6, 2013 @ 16:32 (1367857979) Twice Daily wp_update_themes
    May 6, 2013 @ 16:59 (1367859597) Once every 15 minutes bpsPro_AutoRestore_check
    #5425

    AITpro Admin
    Keymaster

    One of the crons appears to be perl based.   I do not see that these are wget crons, but here are the things you need to try first. Edit your root .htaccess file and look for this .htaccess code that you will find in your root .htaccess file.

    RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
    
    RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]

    Remove/delete both libwww-perl| and wget| from the security filter above.  Your modified root .htaccess file code should look like this below.

    RewriteCond %{HTTP_USER_AGENT} (havij|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
    
    RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    #5442

    Dennis
    Participant

    As promised, over my head. I turned off ARQ, unlocked .htaccess (& made sure I was looking at the root .htaccess), edited the file to exclude libwww-perl|wget| in the two specified places, updated the file, cleared the security log and reset the last time modified in db to remove the warning message. I got more errors in the security log, and went back to the root .htaccess file to see if I’d screwed up (ARQ still off, root .htaccess still unlocked). The edits I’d made were undone – “libwww-perl|wget|” had returned. I figured I’d fouled up the edit somehow, and tried it again, but got the same results.

    Clues? Thanks for the followup.

    #5445

    AITpro Admin
    Keymaster

    Do only these troubleshooting steps and test again.  If the issue is related to BPS then the only possible factors would be the root .htaccess file, the wp-admin .htaccess file or the plugins folder .htaccess file.

    1. On the Security Modes page, click the Root Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.
    2. On the Security Modes page, click the wp-admin Folder BulletProof Mode Deactivate button.  See Custom Code Note if doing this step works.
    3. On the Security Modes page, click the Plugin Firewall BulletProof Mode Deactivate button.

    Test at this point and let me know if the security log errors are still occurring.

    #5450

    Dennis
    Participant

    Going back to a vanilla security setup did eliminate the errors (and the Security Log)… but I’m trying to get BPS Pro to protect the site while maintaining its functionality.
    I restored the BPS Pro .htaccess files and deleted “libwww-perl|wget|” again, then immediately locked .htaccess. The deleted code did not reappear (thankfully), but the cron errors did. Most recently:

    >>>>>>>>>>> 403 GET or Other Request Error Logged - May 7, 2013 - 12:13 pm <<<<<<<<<<<
    REMOTE_ADDR: 555.555.555.555
    Host Name: gator5555.hostgator.com
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR: 555.555.555.555
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-cron.php?doing_wp_cron=1367943236.7683210372924804687500
    QUERY_STRING:
    HTTP_USER_AGENT: WordPress/3.5.1; http: //www.areallyneatsite.com 

    Edit: I removed any code in .htaccess which was not generated by BPS Pro – even WP Super Cache’s.
    Any other tricks up your sleeve? Much appreciated.

    #5454

    AITpro Admin
    Keymaster

    Ok send me a temporary WordPress Admin login to this site so I can figure this out.  Send that login info directly to edward at ait-pro dot com.

    #5482

    AITpro Admin
    Keymaster

    Hmm well the Cron errors are not occurring anymore and the Plugin Firewall has been activated for a while now.  Maybe the Server Reboot was all that was needed.

    FYI – BPS Pro has a Cron Checker located in Pro-Tools >>> Scheduled Crons

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.