demon_ru
Forum Replies Created
-
Forum: Plugins
In reply to: [mosparo Integration] SQL transaction Deadlock in logsUpdated three hours ago. There are no error logs (including deadlock) yet.
Thank you so much for your attentive attitude to the requests and the fastest possible response to them.
- This reply was modified 5 months, 2 weeks ago by demon_ru.
Forum: Plugins
In reply to: [mosparo Integration] Invisible spam protection (simple)You can set everything to read-only except the following paths:
- config/env.mosparo.php
This is not an entirely true statement. You don’t need write permissions on the file. config/env.mosparo.php , and to the config/ directory.
The reason is that the code does not write immediately to a file, but to a file in /tmp, and then moves the file to the config/ directory.- This reply was modified 5 months, 2 weeks ago by demon_ru.
Forum: Plugins
In reply to: [mosparo Integration] SQL transaction Deadlock in logsAll values on the Security tab are set by default and have not changed.
Request delaying Enabled, IP lockout Disabled.
GeoIP2 disabled
MariaDB server doing a lot work, has other large databases. Although I don’t notice any performance drawdowns or problems with locks on other databases (sites).Guess I have not configure any special performance values for PHP FPM.
Forum: Plugins
In reply to: [mosparo Integration] SQL transaction Deadlock in logsI examined access.log by the time of the last CRITICAL entry in the log.
1. I don’t see many requests to the server
2. It doesn’t really look like they were robots (but it’s possible).
3. It’s clear that one request received an error of 50080.85.xxx.xxx - - [16/Dec/2025:05:03:08 +0300] "POST /api/v1/frontend/check-form-data HTTP/2.0" 200 93 "https://www.domain.com/" "\x22Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36\x22"
80.85.xxx.xxx - - [16/Dec/2025:05:03:12 +0300] "POST /api/v1/frontend/check-form-data HTTP/2.0" 200 93 "https://www.domain.com/" "\x22Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36\x22"
80.85.xxx.xxx - - [16/Dec/2025:05:03:12 +0300] "POST /api/v1/frontend/check-form-data HTTP/2.0" 500 1017 "https://www.domain.com/" "\x22Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36\x22"
80.85.xxx.xxx - - [16/Dec/2025:05:03:14 +0300] "POST /api/v1/frontend/check-form-data HTTP/2.0" 200 93 "https://www.domain.com/" "\x22Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36\x22"If I understand correctly… It’s not just a lock timeout, it’s a deadlock. And it can only be if there is a simultaneous change in one transaction in two places of two records in a different sequence.
And the increased load on the server only increases the likelihood of this.Thanks for your attention to this issue (с) Trump.
I hope you will find the source and solution to this problem. Thank you very muchForum: Plugins
In reply to: [mosparo Integration] SQL transaction Deadlock in logs*/15 * * * * /usr/bin/php /var/www/captcha/bin/console mosparo:cleanup-database
I’m not sure if the reason is the cron. And the timings do not confirm this version.
[2025-12-15T03:21:40.420412+03:00]
[2025-12-15T03:22:02.429761+03:00]
[2025-12-15T13:15:09.920308+03:00]
[2025-12-15T13:16:25.019714+03:00]
[2025-12-15T13:18:15.135119+03:00]
[2025-12-15T13:18:43.237138+03:00]
[2025-12-15T13:18:46.107563+03:00]
[2025-12-15T17:52:12.316441+03:00]
[2025-12-15T17:53:15.113371+03:00]
[2025-12-15T17:54:23.095406+03:00]
[2025-12-15T17:54:29.090746+03:00]
[2025-12-15T17:56:27.173976+03:00]
[2025-12-15T17:56:57.089768+03:00]
[2025-12-15T17:57:16.262044+03:00]
[2025-12-15T21:20:08.886769+03:00]Mosparo works using nginx+php-fpm on one dedicated server (ubuntu server). On a separate website. It has several (couple dozen) projects configured for individual sites. No any nodes, dockers, kubernetes…
Each such line of the log is necessarily surrounded by other “INFO”
[2025-12-15T13:18:46.085405+03:00] request.INFO: Matched route "frontend_api_check_form_data". {"route":"frontend_api_check_form_data","route_parameters":{"_route":"frontend_api_check_form_data","_controller":"Mosparo\Controller\Api\V1\Frontend\FrontendApiController::checkFormData"},"request_uri":"https://captcha.domain.org/api/v1/frontend/check-form-data","method":"POST"} [][]
[2025-12-15T13:18:46.094523+03:00] deprecation.INFO: Deprecated: Creation of dynamic property Mosparo\Helper\RuleTesterHelper::$ruleTesters is deprecated {"exception":"[object] (ErrorException(code: 0): Deprecated: Creation of dynamic property Mosparo\Helper\RuleTesterHelper::$ruleTesters is deprecated at /var/www/captcha/src/Helper/RuleTesterHelper.php:274)"} []
[2025-12-15T13:18:46.107563+03:00] request.CRITICAL: Uncaught PHP Exception Doctrine\DBAL\Exception\DeadlockException: "An exception occurred while executing a query: SQLSTATE[40001]: Serialization failure: XXXX
[2025-12-15T13:18:46.122280+03:00] deprecation.INFO: User Deprecated: Since nelmio/security-bundle 3.4.0: The "Nelmio\SecurityBundle\EventListener\XssProtectionListener" class is deprecated, use Content Security Policy without allowing "unsafe-inline" scripts instead. {"exception":"[object] (ErrorException(code: 0): User Deprecated: Since nelmio/security-bundle 3.4.0: The \"Nelmio\SecurityBundle\EventListener\XssProtectionListener\" class is deprecated, use Content Security Policy without allowing \"unsafe-inline\" scripts instead. at /var/www/captcha/vendor/nelmio/security-bundle/src/EventListener/XssProtectionListener.php:35)"}Forum: Plugins
In reply to: [mosparo Integration] Invisible spam protection (simple)Hello.
I’ll write an answer instead of @sparrowjulia.
There is no such file. Even the /public/resources directory is not on the disk. There are only build and bundles (as in .a zip file mosparo-stable-v1.4.7.zip ).
I’ll explain. In the installation directory, all files and directories (except /config and /var) are not writable. Is this wrong? There are no errors related to this in the logs.
P.S. When I changed the rights to /public, the error disappeared. An idle question: is it worth creating such resources in the /var directory?- This reply was modified 5 months, 3 weeks ago by demon_ru.
This is good news!
My hack will work for a while. Can you tell me when it is planned to release a version with a fix?
Thank you.It’ ok.
Thank you.- This reply was modified 7 years, 4 months ago by demon_ru.
I was waiting for the release of the plugin to update it on production. Version 7.9.7 was released today.
After looking at the code, I didn’t notice any changes that were made to prevent the problem from happening again.
Please tell me what edit in the code (you can link to the revision in SVN) should solve this problem.
Thanks.Forum: Plugins
In reply to: [WP Cerber Security, Anti-spam & Malware Scan] Heavy Database LoadAfter switch “Use 404 template from active theme” off i have not any erros in error.log.
But.. it will be better to make it on.
ThanksYes, last message was after dev version installed.
I can’t understand it get better or not.
I guess all errors now from case of page 404. And my settings “Use 404 template from active theme”
In themes/suffusion/404.php where is get_footer() and so on.2017/09/29 10:53:08 [error] 4465#4465: *876878 FastCGI sent in stderr: “PHP message: База данных WordPress возвратила ошибку You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the r
ight syntax to use near ‘WHERE action != ” AND action != ‘last_activity’ ORDER BY component ASC’ at line 1 в ответ на запрос SELECT DISTINCT component FROM WHERE action != ” AND action != ‘last_activity’ ORDER BY component ASC, выполненный require(‘wp-load.php’), require_once(‘wp-config.php’), require_once(‘wp-settings.php’), do_action(‘init’), WP_Hook->do_action, WP_Hook->apply_filters, cerber_access_control, cerber_404_page, include(‘/themes/suffusion/404.php’), get_footer, locate_template, load_template, require_once(‘/themes/suffusion/footer.php’), suffusion_before_end_container, do_action(‘suffusion_before_end_container’), WP_Hook->do_action, WP_Hook->apply_filters, suffusion_print_right_sidebars, suffusion_print_sidebar, dynamic_sidebar, WP_Widget->display_callback, BP_SWA_Widget->wid…ones more:
2017/09/28 23:46:07 [error] 16251#16251: *827646 FastCGI sent in stderr: “PHP message: База данных WordPress возвратила ошибку You have an error in your SQL syntax; check the manual that correspond
s to your MariaDB server version for the right syntax to use near ‘WHERE action != ” AND action != ‘last_activity’ ORDER BY component ASC’ at line 1 в ответ на запрос SELECT DISTINCT component FRO
M WHERE action != ” AND action != ‘last_activity’ ORDER BY component ASC, выполненный require(‘wp-load.php’), require_once(‘wp-config.php’), require_once(‘wp-settings.php’), do_action(‘init’), WP
_Hook->do_action, WP_Hook->apply_filters, cerber_access_control, cerber_404_page, include(‘/themes/suffusion/404.php’), get_footer, locate_template, load_template, require_once(‘/themes/suffusion/f
ooter.php’), suffusion_before_end_container, do_action(‘suffusion_before_end_container’), WP_Hook->do_action, WP_Hook->apply_filters, suffusion_print_right_sidebars, suffusion_print_sidebar, dynami
c_sidebar, WP_Widget->display_callback, BP_SWA_Widget->wid…
PHP message: База данных WordPress возвратила ошибку You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘WHE” while reading upstream, client: 155.94.xx.xx, server: example.com, request: “GET /wp-login.php HTTP/1.1”Forum: Plugins
In reply to: [BuddyPress Avatar Bubble] SQL InjectionIt’s BUG in buddypress: BP_XProfile_ProfileData::get_value_byid
where is no “wp_parse_id_list” and esc_sql