502 Bad Gateway
-
Hi I’m getting a 502 error on the Malware Scan page but none of the others. I have just installed the plugin. Can you help please? Thanks
-
A “502 Bad Gateway” error message indicates an issue with the communication between two network points, in this case a connection issue between the server where your website is being hosted and one of the Sucuri servers.
To fix this or to provide an insightful solution I would need to have access to your server to find the root of the problem. The only solution that I can offer you now is to use the external service SiteCheck [1] to scan your site, considering that the “Malware Scan” page is basically a tool to communicate with SiteCheck, so instead of use the plugin to run a scan just use SiteCheck directly, it is the same thing.
Thank you – that has run : https://sitecheck.sucuri.net/results/northhantsmum.co.uk
I am getting several errors like this:
Internal Server Error 500-error?v1 http://countymums.co.uk/wp-signup.php?new=northhantsmum.co.uk ( View Payload ) Site error detected. Details: http://labs.sucuri.net/db/malware/500-error?v1 HTTP/1.1 500 Internal Server ErrorAre these related to the 502 error or are they to do with something the Sucuri plugin has installed, or is it finding a real threat in those files? Thanks
I should probably say that we have had a threat which may have been editing .htaccess, which the host couldn’t find in a scan but has currently been stopped by turning off all the plugins. I’ve installed this to try and find the source.
Those “500 Internal Server Error” messages that are being reported by SiteCheck are not related with the “502 Bad Gateway” errors, nor with anything installed by the plugin.
These errors are being flagged by SiteCheck because a 500 error generally indicates a problem with the server that is being used to host the website. But I think this is related with an user authentication requirement that you or your web developer added to that site. When I try to load the main website I get redirected to another one, and displays a message that says:
You do not have the appropriate group permissions to access this page. Please try logging in or contact an administrator for assistance.
And when I send a HEAD request I get this:
$ curl --head 'http://DOMAIN1/' --location HTTP/1.1 302 Moved Temporarily Date: Tue, 14 Jul 2015 15:05:49 GMT Content-Type: text/html Connection: keep-alive Server: nginx/1.4.4 Location: http://DOMAIN2/wp-signup.php?new=DOMAIN1 X-Varnish: 484369079 484369043 X-Cacheable: YES Via: 1.1 varnish magicmarker: 1 Age: 11 HTTP/1.1 500 Internal Server Error Server: nginx/1.4.4 Date: Tue, 14 Jul 2015 15:05:51 GMT Content-Type: text/html; charset=utf-8 Connection: keep-alive X-Pingback: http://DOMAIN2/xmlrpc.php Cache-Control: no-cache, must-revalidate, max-age=0 Pragma: no-cache X-Cacheable: NO: beresp.status X-Cacheable-status: 500 Accept-Ranges: bytes X-Varnish: 484369083 Age: 0 Via: 1.1 varnish
To me it seems that whoever made this website tried to restrict its access to specific IP addresses or to users with a previously registered account. But instead of respond with a “403 Forbidden” HTTP status he/she decided to throw a “500 Internal Server Error” who knows why.
Note. I decided to hide the real URL in the “Location” and “X-Pingback” values for brevity.
Something is not right here, when I try to access this domain [1] I get redirected to a page associated with this domain [2], but if I add a “www” before the first domain the site loads just fine. The issue with the “500 Internal Server Error” messages that is being reported by SiteCheck is associated with the second site, the first site seems to be fine [3] I just see a warning related with an outdated version of the Nginx web server.
[1] northhantsmum.co.uk
[2] countymums.co.uk
[3] https://sitecheck.sucuri.net/results/www.northhantsmum.co.ukIt’s a multisite install with countymums as the base site. The public side of the base site is hidden from users who aren’t logged in, so that’s all ok I think.
The www redirect needed to be added manually to .htaccess so it worked on mobile browsers (desktop ones do it automatically it seems) but that got taken out by my host’s support team when they were trying to fix our problem and not replaced.
We have just had multiple attempts to log in as our admin user from various blacklisted IP addresses round the world, so I have deleted the user now.
Okay, if that is the case then you do not need to worry about the errors, they are being reported by SiteCheck because the redirection, the errors are associated with the main site of the multisite network and not with this individual domain, but with the site with the user restriction.
Considering this I recommend you to use a server side scanner or a server antivirus, SiteCheck will not work because it relies in web visibility, if the site is not publicly visible (like in this case with the user restriction) then the scanner will not be able to work correctly. A server side scanner [1] on the other hand will check the content of the files inside the project and remove the malicious code automatically (if there is any).
By the way, the “www” redirection only works if the web browser cached it already. In my case I always browse with cache disabled and I had to explicitly type “www” before the domain name to load the site, otherwise I get redirected to the other domain with the user restriction.
northhantsmum is publicly visible, it’s just the countymums which is protected. The www bit seems to be a bug with multisite when you specify seperate domains.
It’s a community site so we don’t have funds to purchase additional security unfortunately, but thanks for the link, and thanks for the info and reassurance π
Considering that, I recommend you to use ClamAV [1] it is the best open-source antivirus and malware scanner that I know. Most hosting companies have this program already installed and you just need to configure it properly to match your needs.
And there are other security plugins in the WordPress marketplace that are pretty good [2], search one with a built-in firewall or something like that.
Let me know if you need more information.
[1] http://www.clamav.net/index.html
[2] https://ww.wp.xz.cn/plugins/search.php?q=securityThank you so much for the advice – I will look into those.
With the help of sucuri and wordfence I have traced the issue down to the Sweet Captcha plugin which has been pulled from WP now.
Hopefully we can go live in a few days now π
The topic ‘502 Bad Gateway’ is closed to new replies.
