Posted 12 months ago #
I just tried to upgrade to the latest version of YARPP (3.3.1) and it caused my Hostgator (shared) server to crash. I can't figure out if this is HG's problem or the plugin is causing the problem.
I just wanted you to know that both times I tried to upgrade I crashed the server. I've never had this happen before w. a WP plugin.
Posted 12 months ago #
Here’s the specific security error generated by my log:
Wed Jun 08 03:27:26 2011] [error] [client 223.204.134.118] ModSecurity: Access denied with code 403 (phase 2). Match of "rx (/wp-content/plugins/one-click-plugin-updater)|(www/delivery/ajs.php)|(www/admin/dashboard.php)|(/wp-content/(themes|uploads)(?:/(\\\\w+))*/(tim)?thumb.php|/pl/download\\\\?file=http|/index\\\\.php/admin/system_config/save/section/payment/|^/b/ss/mxmacromedi ..." against "REQUEST_FILENAME" required. [file "/opt/mod_security/hg_rules.conf"] [line "91"] [id "1234234"] [msg "JITP:1234234-RFI-REQUEST_FILENAME=cheapestlaptop.cheapandworth.com"] [hostname "www.richardsilverstein.com"] [uri "/tikun_olam/"] [unique_id "Te8ybkMSE@IAAGKbHmIAAABH"]
The cheapestlap.com filename looks absolutely weird. IS that spam or should that be called as part of the upgrade? It appears the error is being caused by the one-click plugin updater, which may not be related to your plugin specifically. But whatever it is this is one helluva strange set of behaviors.
Posted 12 months ago #
Just to clarify, as per our email correspondence, this issue was *not* due to YARPP and was your hosting company's misconfiguration of your server. Glad the issue was resolved! :)
Posted 12 months ago #
No, not a misconfiguration on the host's part. For some reason they set a security exception for scripts downloading files in the manner that the one-click plugin updater does because they had someone take down their server w. a script that operated in a similar way.
But they're trying to get my site whitelisted so this doesn't happen again.
And no, it wasn't the fault of YARPP.
You must log in to post.
