WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] 500 errors efter installing Bulletproof Security (10 posts)

  1. aztekk
    Member
    Posted 1 year ago #

    Hi
    I've tried to get this plugin working this whole evening, but I really can't do it ..

    When ever I try to install the secure .htaccess files, I always end up with 500 errors. Can't figure out why.

    My WP install is 3.4.2 and the BPS version is the latest (.47.4)

    I'm running this WP-install on a private sub-domain.
    -> blog.site.com
    I've tried using all the automagic buttons with no success, always 500 errors after installing.

    What am I doing wrong?
    /A

    PS.
    When I edit the .htaccess files with vim, via SSH, I can see a lot of ^M at the end of almost every line. What's that about?

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    When I edit the .htaccess files with vim, via SSH, I can see a lot of ^M at the end of almost every line. What's that about?

    This is probably the cause of the problem if you have a MAC based Server - BSD or Mountain Lion, etc. The Control M line breaks are a Windows based Line Break. The last save of the BPS plugin files was done in Windows CR LF Code Format. This was a mistake and should have been LF UNIX Code Format. This is corrected in BPS .47.5, which will be released in a couple of days. You will need to strip out the the ^M line breaks.

    Other things that can cause 500 errors are:

    Using and .htaccess file on Windows Hosting. BPS is designed for Apache Linux Hosting.

    Comment out the Options -Indexes line below with a # sign in your root .htaccess file as shown below.

    # DO NOT SHOW DIRECTORY LISTING
    # If you are getting 500 Errors when activating BPS then comment out Options -Indexes
    # by adding a # sign in front of it. If there is a typo anywhere in this file you will also see 500 errors.
    #Options -Indexes

    BPS and BPS Pro are compatible with 1,000′s of Web Hosts, but are not compatible with these 3 Web Hosting Companies (Landis Holdings, NTT Communications & DreamHost – Due to Custom Server Configurations)

    Hostingzoom (Landis Holdings)
    Resellerzoom (Landis Holdings)
    Modvps (Landis Holdings)
    WowVPS.com (Landis Holdings)
    JaguarPC (Landis Holdings)
    Verio (NTT Communications)
    NTT America (NTT Communications)
    NTT Europe (NTT Communications)
    DreamHost

    The Broken cPanel HotLink Protection Tool problem.
    http://wordpress.org/support/topic/plugin-bulletproof-security-broken-cpanel-hotlink-tool-404-errors-unable-to-edit-htaccess-files?replies=7

    Some web hosts only allow 644 file permissions. change the root .htaccess file permissions to 644.

  3. aztekk
    Member
    Posted 1 year ago #

    This is all done on a VPS running Ubuntu Server 12.04 LTS hosted by Inception Hosting, so I don't think that it's a webhost cPanel issue.

    The thing is that I manually removed all ^M entries but still no go.
    I use en_US.ISO-8859-1 as locale on the server, if that matters ..

    I'm thinking it maybe has something to do with my vhost for this WP-installation?

    <VirtualHost *:80>
            ServerName blog.site.com
            ServerAlias blog.site.com
            DocumentRoot /var/www/blog/html/
    
            ErrorLog ${APACHE_LOG_DIR}/blog.site.error.log
            # Possible values include: debug, info, notice, warn, error, crit,
            # alert, emerg.
            LogLevel warn
    
            CustomLog ${APACHE_LOG_DIR}/blog.site.access.log combined
    
            <Directory /var/www/blog/html>
                    Options FollowSymlinks
                    AllowOverride FileInfo
            </Directory>
    </VirtualHost>
  4. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Have you tried using a default regular WordPress .htaccess file? Does it work or do you still get 500 errors? Open your root .htaccess and look at the formatting. Is there formatting with line breaks or is the code all one big block of code without line breaks?

    I'm not real familiar with LogLevel WARN and use RewriteLogLevel for .htaccess debugging.

    "The RewriteLogLevel directive sets the verbosity level of the rewriting logfile. The default level 0 means no logging, while 9 or more means that practically all actions are logged.

    To disable the logging of rewriting actions simply set Level to 0. This disables all rewrite action logs.

    Using a high value for Level will slow down your Apache server dramatically! Use the rewriting logfile at a Level greater than 2 only for debugging!"

    # Log to a file:
    RewriteLog "/usr/local/var/apache/logs/rewrite.log"
    # 2 is recommended for Production sites
    RewriteLogLevel 2

  5. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    hmm yeah aren't you supposed to have your paths in double quotes (probably either way is fine)? It is possible that it could be your httpd-vhosts.conf config, but i don't think the problem is actually going to be that "deep". Delete the root .htaccess file and then just resave your custom permalink structure to generate a new WordPress Default .htaccess file and let me know what happens at that point.

    NameVirtualHost *:80
    
    <VirtualHost example-site.local>
        ServerAdmin postmaster@localhost
        DocumentRoot "C:/xampp/htdocs/example-site"
        ServerName example-site.local
        ServerAlias example-site.local
        <Directory "C:/xampp/htdocs/example-site">
        	Options Indexes FollowSymLinks Includes ExecCGI
        	AllowOverride All
        	Order allow,deny
        	Allow from all
        </Directory>
    </VirtualHost>
  6. aztekk
    Member
    Posted 1 year ago #

    I stripped out the vhost-file and now it actually works!

    I just added this, to the Options statement.
    Indexes Includes ExecCGI

    Thanks for your support!

  7. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Awesome!!!
    thanks for confirming all is well. ;)

  8. Ipstenu-DH
    DreamHost Rep
    Posted 1 year ago #

    AITpro - What is it that we're doing here at DreamHost that won't let your plugin work? If you want to email me, hit me up at mepstein AT dreamhost.com :)

  9. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    In my experience, DreamHost has always had much more advanced config stuff available to hosted customers compared to a lot of other Hosts, which typically offer the standardized one size fits all hosting accounts. ;) And of course DreamHost actively does a lot more custom Server security config stuff to actively beef up security for customers and the Hosting Environment, which of course is awesome. ;)

    Ok so actually here is the issue. I have only had 1 person/DreamHost customer report a problem and at the time i was not able to contact other DreamHost customers using BPS so i had to post this until i could check with other DreamHost peeps to do follow-ups to ensure all was well with them. I was going to tackle that today. But it is looking like actually this is just an isolated issue so far.

    The person has the "My Happy Hosting" plan.
    These are the issues that were causing problems for only BPS Pro, but i had to post something to "freeze" everything until i had time to do full research.

    1. This user's WordPress installation/version is automatically updated so what happens is if BPS Pro AutoRestore/Quarantine is turned on while the upgrade occurs then all WordPress Core files are AutoRestored and sent to Quarantine by BPS Pro.

    2. This user is not getting the BPS Pro upgrade notification within the WP Dashboard so i assume that this is being actively blocked - i did not have to dig further into why this was, but most likely Remote API GET HTTP connections are being actively blocked.

    3. The ZipArchive Class appears to be disabled on this user's Server.

    All of things add/increase security for this particular user, but also cause the user problems so what i need to determine is if this is just done on his particular hosting account type or if these are new sitewide policies, etc. And i think that the active approach that DreamHost takes to protect their customers if very admirable so i am definitely not knocking DH in any way shape or form. ;)

    So give me a day or two to dig deeper into these things and contact other DH customers and most likely i can remove this "freeze" posting that was posted as a CYA post LOL ;) At this point since i have not heard from any other DreamHost customers then it should be able to remove that post today or tomorrow once i can contact them to confirm all is well.

  10. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    @Mika - ok i have checked in with several folks who have VPS and Shared Hosting on DreamHost and they are not having any problems whatsoever with BPS so this was apparently just an isolated incident. Thanks.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic