Security Log – errors not logged, log file empty, log file blank

Home Forums BulletProof Security Free Security Log – errors not logged, log file empty, log file blank

Viewing 15 posts - 1 through 15 (of 20 total)
  • Author
    Posts
  • #3452
    silas88
    Participant

    First of all thanks for a great plugin, it certainly simplifies secure .htaccess file building. I have a strange problem with the security log which I have been trying to resolve so far without success. The log itself is basically empty apart from three lines of text in it – the title and 2 underlines. Above the log is.. File Open and Write test successful! Your Security Log file is writable.  However, when I reload the page I see this… Error: Unable to turn Error Logging On. Either the root .htaccess file is not writable or it does not exist. Check that the root .htaccess file exists and that file permissions allow writing. Now I have checked the root .htaccess files, it’s permissions are 644. All the rest of my status screen is green. I am running on WP 3.5.2 alpha, PHP 5.4. My server info is

    Server Type: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.35
    Operating System: Linux
    Server API: cgi-fcgi - Your Host Server is using CGI.
    cURL: cURL Extension is Loaded
    Zend Engine Version: 2.4.0
    Zend Guard/Optimizer: A Zend Extension is Not Loaded
    ionCube Loader: ionCube Loader Extension is Loaded Version: 40202
    Suhosin: Suhosin is Not Installed/Loaded
    APC: APC Extension is Not Loaded
    eAccelerator: eAccelerator Extension is Not Loaded
    XCache: XCache Extension is Loaded but Not Enabled
    Varnish: Varnish Extension is Not Loaded
    Memcache: Memcache Extension is Not Loaded
    Memcached: Memcached Extension is Not Loaded
    
    Additional active plugins are...
    Cookillian
    Fast Secure Contact Form
    Google XML Sitemaps
    Hotfix
    Limit Login Attempts
    Press This Reloaded
    WordPress Beta Tester
    WordPress Dashboard Twitter
    WordPress Database Backup
    WP to Twitter

    What do you suggest that I do to track & fix the issue?

    Thanks.

    #3460
    AITpro Admin
    Keymaster

    Go to the BPS htaccess File Editor page, click on the “Your Current Root htaccess File” tab, look at the contents of your root .htaccess file. Do you see this code below in your Root .htaccess file? If not, then activate Root BulletProof Mode again. You should now see the ErrorDocument .htaccess code in your Root .htaccess file. The Security Log error check message needs to include – “…or the ErrorDocument code does not exist in your Root .htaccess file…”

    ErrorDocument 400 /wp-content/plugins/bulletproof-security/400.php
    ErrorDocument 401 default
    ErrorDocument 403 /wp-content/plugins/bulletproof-security/403.php
    ErrorDocument 404 /404.php
    #3466
    silas88
    Participant

    That was strange – when I went to the site I got a 500 error. I am not sure where the page came from. I went in via FTP and commented out Options -Indexes and then I was able to get back in. That line hasn’t been a problem for me before. I had been looking at the Error Page option in cpanel – perhaps that automatically activates those pages for use. Anyways, to answer your question I DO have those ErrorDocument lines in my domain root .htaccess.

    #3467
    AITpro Admin
    Keymaster

    If your Web Host makes changes on their Servers then they will of course affect your website.  .htaccess files are Server configuration files (distributed configuration files), but your Server has the final say on what is and is not allowed.  Example:   If your Host decides to not allow the .htaccess Options directive in .htaccess files then yes you would see a 500 Error if you try to use that directive in an .htaccess file. Since you do have the ErrorDocument directives/code in your root .htaccess file can you turn error logging on and off? Test this and then check your root .htaccess file. When you turn off error logging the .htaccess code / ErrorDocument directives should be commented out with pound signs # in your Root .htaccess file as shown below. It is possible that a setting in cPanel or something on your Server itself or another plugin is overriding BPS error logging. You should check with your web host and ask them about this first.

    #ErrorDocument 400 /wp-content/plugins/bulletproof-security/400.php
    #ErrorDocument 401 default
    #ErrorDocument 403 /wp-content/plugins/bulletproof-security/403.php
    #ErrorDocument 404 /404.php
    #3472
    silas88
    Participant

    I thought I had found the cause of the problem there. I deactivated Cookillian which is a cookie opt-out plugin but while I can turn logging on and off and get the green confirmation notices, if I reload the page I get Error: Unable to turn Error Logging On. Either the root .htaccess file is not writable or it does not exist. Check that the root .htaccess file exists and that file permissions allow writing. Deactivating and Activating logging does comment / uncomment the ErrorDocument lines. Sometimes I may have to reload the page 2 or 3 times to get the error message above.

    #3473
    AITpro Admin
    Keymaster

    Then this is another issue/problem.  You actually should not refresh your Browser if you just performed/processed a Form function.  This causes your Browser to repeat the Form processing again/submit the Form again.  You should instead click on any other Menu link in your WP Dashboard and then click back on the link to whatever page you were on.  This will reload the page instead of processing the Form code again.

    So let’s get back to why your error log is not logging errors.

    It is possible that a setting in cPanel or something on your Server itself or another plugin is overriding BPS error logging. You should check with your web host and ask them about this first.

    #3474
    AITpro Admin
    Keymaster

    Another possibility is that either a caching plugin has cached a corrupt cache file or your Browser has corrupt cache.  Try clearing/deleting all cached files.

    #3475
    AITpro Admin
    Keymaster

    And I just remembered this problem.  Are you using the Sucuri plugin and have enabled wp-content folder hardening?
    http://forum.ait-pro.com/forums/topic/security-log-no-log-entries-security-log-is-not-logging-errors/

    #3477
    silas88
    Participant

    I listed the plugins that I am using in my first post. I am not using Sucuri. I have W3 Total Cache and WP Super Cache Installed but not Activated.  I am using the Twenty Twelve theme (with a simple child).  I read the thread in your last post and I tried the domain.com/;union test – I did get a 404 page although it’s not at all obvious with this theme. I had to view the source in the page to confirm that.  There were no new entries in the security log, this is all I have

    BPS SECURITY / HTTP ERROR LOG
    ==============================
    ==============================

    #3478
    silas88
    Participant

    I cleared the cache, and deactived But still nothing in the logs when I get 404. Could my php.ini settings affect how this functionality works?
    Cookillian
    Fast Secure Contact Form
    Limit Login Attempts
    Press This Reloaded

    #3480
    AITpro Admin
    Keymaster

    If you are seeing a 404 error instead of a 403 error this means 99% that your Host is overriding the ErrorDocument directive in .htaccess files and is generating generic error messages/pages or the only other possibility is that you are not using a Custom Permalink Structure.  You MUST be using a Custom Permalink Structure in order for BPS Pro to work correctly. See the BPS Forum Read Me first Topic link: http://forum.ait-pro.com/forums/topic/read-me-first-free/

    #3494
    silas88
    Participant

    OK, I’ll raise a ticket with my host.  By the way I am using Custom Permalinks.

    WP Permalink Structure: /%postname%/
    Custom Permalinks: √ Custom Permalinks are in use

    Thanks for you help with this. I’ll let you know what happens.

    #3517
    silas88
    Participant

    Update – I am still waiting for a useful response from my Host. They first suggested I should use the error page section in cpanel which is exactly what I don’t want to do. It’s not clear to me what that cpanel section actually does in terms of change files / settings. I have asked again, more explicitly, if they are doing anything which might overide the error page handling.

    In the meantime if you can think of any other tests that I could do let me know.

    #15221
    silas88
    Participant

    Topic was merged to this existing relevant Topic

    I noticed that I don’t have any 403 errors logged since late January. If I provoke an error by trying to access .htaccess via the browser I still don’t get a logged entry. I checked my htaccess and it looks correct, and the 403.php is present. Any thoughts?

    ErrorDocument 403 /wp-content/plugins/bulletproof-security/403.php

    Also, on a completely separate topic there is some kind of a bot messing up site analytics. It seems to be unfriendly and quite possibly malicious – there are various comments online re it’s spoofed origins and possible Ukrainian roots. I am blocking it using

    # BLOCK BOT / SPAMMER DOMAINS
    SetEnvIfNoCase Referer semalt.com spammer=yes
    Order allow,deny
    Allow from all
    Deny from env=spammer
    #15224
    AITpro Admin
    Keymaster

    If your Host does not allow BPS to handle logging then BPS will not log anything.  A Host can control this in the Server httpd.conf file.  If you are using mod_security then mod_security will handle logging.  Check with your Host and ask them if you can use an htaccess file with the ErrorDocument directive to handle error logging or if they do not allow that.

    Yes, semalt.com is a known domain used in a Referer stats phishing scam.
    http://wordpress.org/support/topic/advise-1/page/2#post-5129764

    If you have a stat counter plugin that is still logging the semalt.com domain in your stats you can wrap your stats counter code in this conditional wrap so that the semalt.com Referer will no longer be logged in your stats.

    <?php if ( !preg_match('/semalt\.com/', $_SERVER['HTTP_REFERER']) ) { ?>
    // your statcounter code goes here
    <?php } ?>
Viewing 15 posts - 1 through 15 (of 20 total)
  • You must be logged in to reply to this topic.