Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    App not responding

    WordPress (Developer)
    wordpress
    4
    14
    135
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jdaviescoates
      jdaviescoates last edited by

      Getting this error in the logs:

      Jun 08 11:52:20 [Mon Jun 08 10:52:20.106441 2020] [access_compat:error] [pid 69] [client 172.18.0.1:58994] AH01797: client denied by server configuration: /app/data/public/wp-includes/version.php
      

      version.php is a core WP file so not sure what the issue is?

      I have another WordPress (Unmanaged) app that is still running fine.

      1 Reply Last reply Reply Quote 0
      • girish
        girish Staff last edited by

        Some of the WP security plugins overwrite htaccess and the like to prevent some of these files from being access from outside. Could that be the case here?

        jdaviescoates 1 Reply Last reply Reply Quote 0
        • jdaviescoates
          jdaviescoates @girish last edited by jdaviescoates

          @girish said in App not responding:

          Could that be the case here?

          No, there are no security plugins installed.

          Also, it's a strangely intermittent issue. Right now the app is responding (well, I can get to https://uniteddiversity.org no problem, it still says no responding in my Cloudron dashboard). However, I get a 403 when trying to access https://uniteddiversity.org/wp-admin/ ๐Ÿค”

          Thankfully it's not actually a production site, was just using it a staging site (and I think I just copied this app over to https://uniteddiversity.coop which has been running fine ever since).

          FYI, these redirect rules are the only thing in .htaccess at present:

          <IfModule mod_rewrite.c>
          Options +FollowSymLinks
          RewriteEngine on
          RewriteRule ^.*/(\d+)/$ customero/index\.php?id=$1&%{QUERY_STRING} [L]
          RewriteRule ^.*-(\d+)/$ customero/index\.php?cat=$1&%{QUERY_STRING} [L]
          
          RewriteBase /
          </IfModule>
          
          jdaviescoates 1 Reply Last reply Reply Quote 0
          • jdaviescoates
            jdaviescoates @jdaviescoates last edited by

            I also see this in my logs:

            Jun 20 08:44:28 box:scheduler runTask: skipped task wpcron because app uniteddiversity.org has state installed / running
            
            1 Reply Last reply Reply Quote 0
            • girish
              girish Staff last edited by

              @jdaviescoates The unmanaged WP app will try to access https://uniteddiversity.org/wp-includes/version.php for health checks and indeed it returns a 403. I am not sure why, because the default installation does return 200 . I have to go back to my original question - Do you have any plugins installed? (I know you said no, but can you double check?) And indeed wp-admin also as you said returns 403. We need to figure why.

              (The cronjob tasks of WP are skipped because the health check is failing. The error message needs to be improved).

              jdaviescoates 1 Reply Last reply Reply Quote 0
              • jdaviescoates
                jdaviescoates @girish last edited by

                @girish said in App not responding:

                Do you have any plugins installed? (I know you said no, but can you double check?)

                You asked about security plugins before, which I don't have.

                I do have others plugins installed... I need to check but I think I'm using exactly the same plugins at https://uniteddiversity.coop without issue...

                girish 1 Reply Last reply Reply Quote 0
                • girish
                  girish Staff @jdaviescoates last edited by

                  @jdaviescoates said in App not responding:

                  I do have others plugins installed... I need to check but I think I'm using exactly the same plugins at https://uniteddiversity.coop without issue...

                  I am wondering why there is no issue. Atleast, https://uniteddiversity.org/wp-includes/version.php returns a 404 here. What about for you? Since it returns 404, I expect the Cloudron dashboard to show "Not responding". Is that not the case?

                  jdaviescoates 1 Reply Last reply Reply Quote 0
                  • jdaviescoates
                    jdaviescoates @girish last edited by jdaviescoates

                    @girish said in App not responding:

                    I am wondering why there is no issue. Atleast, https://uniteddiversity.org/wp-includes/version.php returns a 404 here. What about for you? Since it returns 404, I expect the Cloudron dashboard to show "Not responding". Is that not the case?

                    Note that I'm talking about very similar but different domains here - one is .org the other .coop

                    https://uniteddiversity.org - is indeed shown as not responding in the Cloudron dashboard. But if you got to https://uniteddiversity.org it appear to actually be running. But yes, I get 403 forbidden for https://uniteddiversity.org/wp-includes/version.php and https://uniteddiversity.org/wp-admin/

                    https://uniteddiversity.coop - is exactly the same (I think I literally used the .org as a staging site whilst importing over from my shared hosting) but is running totally fine.

                    However, I just checked and it does look like there are differences in the plugins that are installed, so I guess that might be it...

                    Here were the plugins in .org

                    ud.org_plugins.png
                    ud.org_plugins_2.png

                    And here are the ones that were in .coop

                    ud.coop_plugins.png
                    ud.coop_plugins_2.png

                    The one that jumps out as not belonging there is WPCoreSys (I definitely didn't install anything like that and it's not in the other one, so not Cloudron installed either) and a quick search would seems to suggest that is malware ๐Ÿ˜ž - I wonder if I never changed the default admin password and that let them in... (if so, perhaps as a small additional security measure default passwords should be something more random and harder to crack than changeme ? )

                    Anyway, I deleted that plugin (and the others that aren't also in .coop) and the problem persists, so I think I'll just delete the app (the only reason I hadn't already done so was to debug what was happening). Thankfully this wasn't ever a production app.

                    Annoyingly I also deleted all the plugins without first noting their dates etc. So before I do completely delete it all I wonder if there is anything in the logs that will show when this malicious plugin was installed/ or confirm that I never changed the default password?

                    girish scooke 2 Replies Last reply Reply Quote 1
                    • imc67
                      imc67 last edited by

                      Just a small advice: I use this (free) plug-in on all my Wordpress sites and even on two of them the premium version (but not really really really needed to have perfect defense):

                      https://wordpress.org/plugins/wordfence/

                      jdaviescoates 1 Reply Last reply Reply Quote 1
                      • jdaviescoates
                        jdaviescoates @imc67 last edited by

                        @imc67 yes, I'm a big fan of wordfence too! Pretty sure if I'd had that installed this wouldn't've happened.

                        1 Reply Last reply Reply Quote 0
                        • girish
                          girish Staff @jdaviescoates last edited by girish

                          @jdaviescoates said in App not responding:

                          perhaps as a small additional security measure default passwords should be something more random and harder to crack than changeme ?

                          Yeah, I agree with this. I think it would be best if we can generate a password at install time and somehow give it to the user instead of the current approach of hardcoding passwords like changeme. It's happened a few times that people forget to change the password immediately.

                          I have created https://git.cloudron.io/cloudron/box/-/issues/708

                          1 Reply Last reply Reply Quote 3
                          • scooke
                            scooke @jdaviescoates last edited by

                            @jdaviescoates FWIW, I also recently found a mysterious plugin in my WP installation, but no logins or anything. I determined it must have snuck in on a theme I installed for testing, even though it was from the built-in theme picker. So I deleted all the extra themes, the plugins (Sorry, I forget what they were called, there were two).

                            imc67 1 Reply Last reply Reply Quote 1
                            • imc67
                              imc67 @scooke last edited by

                              @scooke WPcoresys is malware:

                              https://sarn.phamornsuwana.com/2017/01/10/wpcoresys-dolly-hack/
                              https://sarn.phamornsuwana.com/2017/08/23/wpcoresys-dolly-hack-revisited/
                              https://www.slideshare.net/SucuriSecurity/sucuri-webinar-how-to-clean-hacked-wordpress-sites

                              @jdaviescoates I think it isnโ€™t sufficient to only delete the plugin. Sucuri site check mentioned that the SSL certificate is wrong and look at what Brave browser says:

                              35F6BE8C-A792-4300-9BB5-68BC9EED076A.jpeg

                              jdaviescoates 1 Reply Last reply Reply Quote 1
                              • jdaviescoates
                                jdaviescoates @imc67 last edited by

                                @imc67 thanks, it wasn't a production app and so I just completely deleted the whole thing. At present I don't have any app installed there so that might explain certificate thing

                                1 Reply Last reply Reply Quote 1
                                • First post
                                  Last post