Set-up Wizard generates 503 error, auto updates problem with WP-Cron, & Litespeed htaccess code

[Iris]

Hi BP Security Pro Forum,

I have been getting frequent ARQ Cron FailSafe Shutdown Notices with the request to run the Pre-Installation & Setup Wizard again.

I have noticed that Astra auto updates say: “Automatic update overdue by 3 weeks. There may be a problem with WP-Cron.” Today same with the auto update for Perfmatters, it is ‘overdue by 3 weeks, may be a problem with WP-Cron’. Please can you advise what is causing this?

Another problem today is that I now can’t get the Setup Wizard to work. I get a 503 error on every attempt at the first step – the pre-install. In addition I get a BPS message that the Litespeed Cache plugin htaccess code was not found in my Root htaccess file.

So I cannot update the Litespeed plugin to ver 6.2.0.1.

The ARC Pending Status says to re-run the Setup Wizard but as explained above I am unable to do so, and so cannot update Litespeed Cache.

The below entry in the Security Log file has occurred:

[16-Apr-2024 23:32:40 UTC] PHP Warning: Undefined variable $bps_version in /home/willshub/public_html/wp-content/plugins/bulletproof-security/403.php on line 168.

I would greatly appreciate any assistance as I have no idea.
Thank you for your time in advance.

 

[AITpro Admin]

It sounds like your web host server is having problems.  A 503 error could mean that your web host server is out of resources or having connectivity problems right now.  Check with your web host support folks.  The cron problems could also be caused by web host server problems.

The HyperText Transfer Protocol (HTTP) 503 Service Unavailable server error response code indicates that the server is not ready to handle the request. Common causes are a server that is down for maintenance or that is overloaded.

[Iris]

Thank you for your prompt responses.  I will contact my web host about the 503.

However in the BPS Pro htaccess Protected Secure PHP Error Log there are multiple successive entries of the following occuring:

[28-Apr-2024 00:30:06 UTC] PHP Warning:  Undefined variable $bps_version in /home/mysite/public_html/wp-content/plugins/bulletproof-security/403.php on line 168

What might be triggering this and how do I fix it?

Thank you for your time again in advance.

[AITpro Admin]

Were you seeing these php errors before your web host server started having problems?

[Iris]

Hi,

Thank you for your reply. My web host server is not having problems.  They said that the reason I was getting the 503 error was due to my resource usage reaching its limit in the past 24 hours.

However that time period has elapsed and I am still getting multiple  successive entries of the below in my BPS Pro htaccess Protected Secure PHP Error Log.

[28-Apr-2024 22:29:51 UTC] PHP Warning:  Undefined variable $bps_version in /home/mysite/public_html/wp-content/plugins/bulletproof-security/403.php on line 168

It would appear to me that there is some error in the above file?  How can I fix this ‘undefined variable $bps_version in the above and so stop this?

Thank you in advance,

Kind regards

 

[AITpro Admin]

Web host support techs are instructed to never say to a customer that there is a problem with the servers unless there is absolutely no way to deny that.  That is industry standard. Saying that your website reached its resource limit is just another way of saying that your host server was overloaded.

That php error means that somehow you have a 403.php file for the BPS free plugin and not a 403.php file for the BPS Pro plugin.  To fix this reinstall BPS Pro using the BPS Pro built in upload zip installer.

https://forum.ait-pro.com/forums/topic/bulletproof-security-pro-bps-pro-upgrade-installation-methods/

Upgrading an existing BulletProof Security Pro Installation (Using the BPS Pro Built-in Upload Zip Installer)
Download the bulletproof-security.zip file from the AITpro.com Secure Download Area.  Under the BPS Pro Setup Main menu, click the Upload Zip Install submenu link.  Click the Choose File button, navigate to where you downloaded the bulletproof-security.zip file on your computer (Note:  the zip file MUST be named bulletproof-security.zip) and click the Install Zip Now button.

[Iris]

Thank you for your reply.

I downloaded and re-installed BPS-Pro successfully all to the final step to activate the Setup Wizard.  On clicking that I got a 503 error. Also there were Errors in red that the htaccess file was not found in the plugins folder nor in the wp-admin folder.

I don’t understand why the 503 because cpanel shows my Current Usage is way below the limits although in the past 24hours it says the limits were exceeded.  I have gone back to my host.

Meantime any assistance on next steps would be greatly appreciated.  Thank you for your time.

[AITpro Admin]

A 503 error can also be caused by ModSecurity CRS.  Ask your web host support folks if the recently added or changed ModSecurity CRS.

[Iris]

Hello,

Thank you, I have not had a reply yet as to any changes to ModSecurity CRS.  I am still getting random 503 occurrences.

Also am seeing the below errors occurring in the php error log file with public_html/.

What might these mean and how can I fix?  Also I noticed the disc allocation usage for my public_html/ is full.

[02-May-2024 04:10:48 UTC] PHP Warning:  Undefined variable $status_code12 in /home/mysite/public_html/wp-content/plugins/bulletproof-security/includes/inpage-functions.php on line 1798

[02-May-2024 04:10:48 UTC] PHP Warning:  Undefined variable $status_code13 in /home/mysite/public_html/wp-content/plugins/bulletproof-security/includes/inpage-functions.php on line 1798

[02-May-2024 04:10:53 UTC] PHP Warning:  Undefined variable $status_code2 in /home/mysite/public_html/wp-content/plugins/bulletproof-security/includes/inpage-functions.php on line 1750

[02-May-2024 04:10:53 UTC] PHP Warning:  Undefined variable $status_code12 in /home/mysite/public_html/wp-content/plugins/bulletproof-security/includes/inpage-functions.php on line 1798

[02-May-2024 04:10:48 UTC] PHP Warning:  Undefined variable $status_code12 in /home/willshub/public_html/wp-content/plugins/bulletproof-security/includes/inpage-functions.php on line 1798

[02-May-2024 04:10:48 UTC] PHP Warning:  Undefined variable $status_code13 in /home/willshub/public_html/wp-content/plugins/bulletproof-security/includes/inpage-functions.php on line 1798

[02-May-2024 06:40:01 UTC] PHP Parse error: Unclosed '(' on line 2 in /home/mysite/public_html/wp-content/bps-backup/plugin-hashes/plugin-hashes.php on line 3233
[02-May-2024 06:40:01 UTC] PHP Parse error: Unclosed '(' on line 2 in /home/mysite/public_html/wp-content/bps-backup/plugin-hashes/plugin-hashes.php on line 4233

Thank you for your help and I look forward to your comments when convenient.

[AITpro Admin]

If you have any large website backup files then download them to your computer instead of storing them on your hosting account to free up disk space.  If you don’t have any large backup files then you will need to contact your web host to increase your disk space allocation.

To fix this php error > PHP Parse error: Unclosed ‘(‘ on line 2... go to BPS Pro MScan > click the Delete File Hashes Tool button.

These php errors > PHP Warning: Undefined variable $status_code12.... Are occurring when you access the Setup Wizard page. It appears that either this is being caused by the problem on your web host server with running the BPS Pro Setup Wizard on your host server or you have some kind of backend caching problem. If you are using CloudFlare then exclude the wp-admin backend area from being cached. If you are using any caching plugins then clear/delete plugin cache and also delete your Browser cache. Most likely this is related to the problems you are experiencing with your web host server itself. It could be a problem with your PHP server version in your web host control panel and switching to a different PHP server version would fix things.

[Iris]

Hi,

Thank you for your prompt reply.

So far all looks ok; the notification to re-run the setup wizard has disappeared at last.

My host said they increased the values of some PHP variable setup on the PHP 8.1 in cPanel which should resolve the 503’s and confirmed no mod security rules were triggered from my ip.

I keep backups on my computer. My problem was/is with full I/O and physical memory.  I may need increase that.

My host reported a high number of hits from bots, such as feed and go-http-client. They said “feed” possibly includes search engine bots like Googlebot, Bingbot, or Yahoo Slurp and others which contribute to the resource usage.  The message being I think I need to better use resources.  Is there anything I can do from BPS-Pro to deal with this?  Additional code or settings I may not have implemented?

Thanks again for your help, much appreciated.

[AITpro Admin]

Glad to hear your web host got things sorted out for your server/website.  I’ve been doing this stuff a long time and recognize when the problem is with the host server itself.  I’ve had similar experiences with my web host over the years and I report the problem and wait for them to fix it.  Usually gets sorted out in 2-3 days.  So there is nothing else you need to do and nothing on your website that needs to be changed.

[Iris]

Thank you for your comments, very helpful.

Unfortunately things were shortlived and I have to go back to them.  Meantime I would appreciate your comments on the following.

Today I updated the latest Spectra update, no apparent issues but in Cpanel this generated spikes in Physical memory usage, Input/Output Usage and a fault: PMemF, which I see is some kind of a memory failure.

Some minutes later the BPS Pro run Setup Wizard message appeared. The first step triggered a 503 error and a red BPS message that “Litespeed Cache Plugin htaccess code was not found in Root htaccess file” (it wasn’t). I have had LiteSpeed for awhile without issues.  Htaccess is unlocked.

In the BPS PHP errors I saw:  PHP Warning:  Cannot modify header information – headers already sent in /home/mysite/public_html/wp-includes/load.php on line 386.  That line says: header( ‘Retry-After: 600’ );

I read somewhere that this means my site is outputting data too early and this is then breaking something, eg a redirection?

Or might there be some kind of plugin conflict going on here?

At the time I had the Really Simple SSL free plugin installed.  I subsequently deleted as don’t think it adds, cleared cache etc but the above still occurred when using the Wizard.  The PHP warning error above did not occur on using the Wizard after this plugin deletion but got the below error.

Any comments would be appreciated, thank you for your time.  I re-install a backup as a work-around for the missing code.

[403 GET Request: 4 May 2024 - 3:17 pm]
BPS Pro: xx
WP: xxxx
Event Code: UAEGWR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
REMOTE_ADDR: host ip
Host Name: my host
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: 
HTTP_FORWARDED: 
HTTP_X_FORWARDED_FOR: 
HTTP_X_CLUSTER_CLIENT_IP: 
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /wp-content/uploads/code-execution.php
QUERY_STRING: 
HTTP_USER_AGENT: WordPress/xxx; https://mysite

[AITpro Admin]

The problem is that if you are trying to fix things individually when the actual root problem is with your web host server then these problems will go away by themselves once your web host fixes the host server problem.

The 503 error is a problem with your host server.
The cannot modify header information php error is also most likely a problem with your host server.  The cannot modify header information php error could also be caused by the WP_DEBUG constant in your wp-config.php file if the value is set to true (debugging On) instead of false (debugging Off).

The Security Log entry is a fixable issue that is not being caused by your web host server problems, but before you create a whitelist rule in the UAEG htaccess code/file I would like to see what code is in this file to make sure it is legitimate > /wp-content/uploads/code-execution.php.  Send that file to:  info@ait-pro.com.  UAEG htaccess file whitelisting methods > https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/

[Iris]

Hello,

Thank you for your reply and advice.

WP_DEBUG is set to false in the wp.config.php file.

I cannot find the /wp-content/uploads/code-execution.php file now after all that, says file not found, my apologies.  I am not sure of the exact timing of that error appearing in the log to when I deleted the Really Simple SSL free plugin.

From searching on wordpress.org I see that this plugin apparently uses an “uploads/code-execution.php” file.  So I presume it was related to that.

I am waiting for a response from my host.

Thanks again for your time.

[Author]

Posts