IvanRF
Forum Replies Created
-
Forum: Plugins
In reply to: [UpdraftPlus: WP Backup & Migration Plugin] Backups deadlockI checked that but I forgot to mention it. The
error_logfiles had no errors related to this or at the time that backups failed.Forum: Plugins
In reply to: [UpdraftPlus: WP Backup & Migration Plugin] Backups deadlockI set in my settings daily DB backups and weekly file backups. Last night, it should have done both but database backup failed again.
The “uploads” and “others” zip backups were successfully made and upload to Google Drive. I don’t know what it’s happening with DB backups.
Information from the logs:
- First process started at 04:29:39
- Deleted old temporary files (from the unfinished backup of the day before)
- The last entry in the log was:
Table wp_revslider_sliders: Total expected rows (approximate): 0 - New process at 04:30:38
- Failed to gain semaphore lock
- New process at 04:31:27
- Failed to gain semaphore lock
- New process at 04:56:28
- Started files backup
- Stopped. Last log: “500 files added”
- Restarted at 05:08:38
- Stopped. Last log: “800 files added”
- Restarted at 05:11:35
- Restarted at 05:13:17
- Finished zip file
- Restarted at 05:19:29
- Stopped. Last log: “Googledrive chunked upload: 3.5 % uploaded”
- Restarted at 05:27:58
- Stopped. Last log: “Googledrive chunked upload: 56 % uploaded”
- Restarted at 05:29:53
- Stopped. Last log: “Googledrive chunked upload: 57.1 % uploaded”
- Restarted at 05:42:27
2883.310 (4) The backup apparently succeeded and is now complete
Forum: Plugins
In reply to: [UpdraftPlus: WP Backup & Migration Plugin] Backups deadlockThe first process ends at:
0123.619 (0) Table wp_wfReverseCache: Total rows added: 5 in 0.12 secondsForum: Plugins
In reply to: [UpdraftPlus: WP Backup & Migration Plugin] Backups deadlockNo, I hide my domain and server IP. Also, since the list of tables was big, I only left the first and the last one.
Forum: Plugins
In reply to: [UpdraftPlus: WP Backup & Migration Plugin] Backups deadlockOk, thanks for your help!
We do have a feature request open for blocking URL patterns including wildcards, so this type of blocking may be easier in a future version.
That feature plus .htaccess blocking would be awesome 🙂
WordPress may be treating them like 404’s, but there could be headers or content in the requests that you can’t see in the logs, causing WordPress itself to generate the “500” errors
I don’t like the idea that something can be included in a request and causes WordPress to throw “500” errors. Do you mean WordPress core?
If you know .htaccess well enough, you could try blocking those requests manually, using the filenames from your log.
Is it possible to use <Files> with wildcards in order to block anything containing an URL parameter like “abdullkarem=1”?
Edit: I found here that it’s possible to implement it with <If>.
The files in the attempts do not exist. They also use names like 1.php or 2.php.
In my case, I talked to my hosting and I have mod_security enabled. So, how could they exhaust resources? a bad implementation in the host?
Nevertheless, Google results show more examples that surely don’t have mod_security. Some show cached pages for the attempts’ results.
I must add that since I saw this reply from the Rename wp-login.php plugin author, I decided to give it a try and it works fine with Wordfence. The author said here:
I’m happy to receive pull requests and update this plugin. I actually check each new version of WordPress and see if there are any issues. I added “unmaintained” because I don’t have the time to read support tickets and fix network related issues etc. But again, I’m happy to look at any pull requests.
Nevertheless, I would like this feature in Wordfence 🙂
Nice, thanks for the info!
I just found this: Brute Force Amplification Attacks Against WordPress XMLRPC.
So, maybe the 500 errors on
POST /xmlrpc.phpthat I mentioned were actually exhausting my host.I wanted to share this new hack. Currently and luckily, I disabled everything related to XMLRPC.
Yes, without having a way to lock the file there is always room for issues.
When you said “the dev team is looking at this for other reasons as well”, did you refer to separate the functionality from Falcon Engine or to make it available for regular users?
Now that I realize, I think it is not hard to make sure that after a change to .htaccess the file is not broken.
Just a thought, you can do something like this:
- read the file
- insert your block code and save
- read the file again and compare it with the previous version, by removing your code in the new file
- if both versions are equal, you didn’t break it
Another option would be to save the contents in a temp file, then compare to the original and, if it OK, rename the temp file. I think a file rename should be faster than writing a file. So, less room for issues.
Surely you already know this, most of the plugins and WordPress use blocks like this
# BEGIN Wordfence ... # END WordfenceI use W3TC.
Is it possible to enable the .htaccess functionality by code, or is it mixed with Falcon Engine?
So, basically this is a WordPress issue, WordPress does not include any function to control the access to a file? (lock / synchronized)
Yes, I think we can say that this was related to the host and not to Wordfence. Thanks!