Support » Plugin: NinjaFirewall (WP Edition) - Advanced Security » 503 error on log out, then cannot log in

  • Resolved barnez

    (@pidengmor)


    Hi,

    Took me a little while to track this down to the NinjFirewall, but I am getting a 503 error on logout and login while the firewall is activated, with the occasional login captcha page from NF. This is what happens:

    Disable NinjaFirewall >> login/out of the site no problem.

    Enable NinjaFirewall >> logout sends to “Something went wrong” in browser tab + “You are attempting to log out of {the site} Do you really want to log out?”
    Logout is then successful.
    Next login attempt triggers 503 error OR captcha (as per settings) > back to login page > next login attempt triggers

    503
    Service Unavailable
    The server is temporarily busy, try again later!

    Rename .user.ini doesn’t help
    The only way to remove the error from the login page (front-end site is never affected) is to rename the ninjafirewall directory (not recommended I know).

    Debugging mode produces same error.
    Protection is disabled for now
    Site recently migrated to PHP 7.2 #
    Nothing in the error log
    NF firewall logs this as a brute force attack from my IP
    In the NF firewall policies “Add the Administrator to the whitelist (default)” is selected.

    Any ideas?

    The page I need help with: [log in to see the link]

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author nintechnet

    (@nintechnet)

    I cannot reproduce it. The error message (Something went wrong…) is related to WordPress’ nonce: https://core.trac.wordpress.org/browser/tags/4.9.8/src/wp-includes/functions.php#L2596

    Can you check your browser console for errors (JS and security): CTRL + Shift + J

    At the Something went wrong stage, the console tab shows 1 error:
    Failed to load resource: the server responded with a status of 403 ()
    No problems listed under the security tab

    When the browser then returns the 503 error after logout there are no issues or warnings listed under the console or security tabs.

    Plugin Author nintechnet

    (@nintechnet)

    Did you check the HTTP server error log? The 503 seems to come from it, not the PHP interpreter.
    Did you check your PHP session folder and make sure that after your PHP 7.2 migration its ownership and permissions are correct?
    Also, what is your “Login Protection” settings?

    barnez

    (@pidengmor)

    Sorry for the delay in getting back.

    These are the server logs when I enable the firewall and try to logout/login

    
    xx.xx.xx.xx - - [18/Oct/2018:16:10:55 +0100] "GET /wp-login.php?action=logout&_wpnonce=bccdff2b3f HTTP/1.1" 403 1109 "https://www.site.com/wp-admin/admin.php?page=nfsubloginprot" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"
    xx.xx.xx.xx - - [18/Oct/2018:16:10:55 +0100] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 0 "https://www.site.com/wp-admin/admin.php?page=nfsubloginprot" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"
    xx.xx.xx.xx - - [18/Oct/2018:16:10:58 +0100] "GET /wp-login.php?action=logout&_wpnonce=1b48c5c43f HTTP/1.1" 503 629 "https://www.site.com/wp-login.php?action=logout&_wpnonce=bccdff2b3f" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"
    xx.xx.xx.xx - - [18/Oct/2018:16:11:03 +0100] "GET /wp-login.php? HTTP/1.1" 200 1009 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"
    xx.xx.xx.xx - - [18/Oct/2018:16:11:06 +0100] "POST /wp-login.php HTTP/1.1" 503 629 "https://www.site.com/wp-login.php?" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"
    

    Regarding the PHP migration, I am using shared hosting so would probably need to ask the hosts about that. But as there are two other sites hosted on the same cPanel setup, and both of those have NinjaFirewall running without any problems, would this not rule out any issue with the migration?

    Here are the login protection settings:

    • Enable brute force attack protection: Yes, if under attack
    • Type of protection: Captcha
    • Enable protection: For 30 minutes, if more than 2 POST requests within 99 seconds.
    • XML-RPC API: Apply the protection to the xmlrpc.php script as well.
    • Bot protection: Enable bot protection (applies to wp-login.php only.)

    If I disable brute force protection (under Login Protection) the 503 is still triggered.
    If I disable Firewall protection (under Firewall Options) the issue is resolved.

    Again, nothing shows in the Firewall log if I trigger the issue.

    • This reply was modified 1 year ago by  barnez. Reason: Added more info on how the error is triggered
    Plugin Author nintechnet

    (@nintechnet)

    Can you try to change the “if more than 2 POST requests” to “if more than 5 POST requests” for instance?

    But as there are two other sites hosted on the same cPanel setup, and both of those have NinjaFirewall running without any problems, would this not rule out any issue with the migration?

    Yes, it’s unlikely the problem.

    Do you use a .htninja file?

    barnez

    (@pidengmor)

    Thanks for the suggestions.

    I tried increasing to more 5 and then 10 POST requests, but no change.
    There is an .htninja file, but it has no active rules outside of the commented out header. I tried renaming the file just to see, but no change.

    Plugin Author nintechnet

    (@nintechnet)

    Do you get the same issue if you change “captcha” to “password”?

    Do you have an HTTP error log? The access log you posted show the error but not the reason: Login into your cPanel, and go to Metrics > Errors.

    barnez

    (@pidengmor)

    Hi,

    I contacted my host, who have fixed the problem by downgrading to php 7.1 on this domain. Odd, as NF is working fine on 3 other sites on the same hosting plan but with php 7.2 and of course different theme/plugin configurations.

    I asked them to check the server logs and they said there are no issues logged against wp-plugins.

    So, the issue is resolved, but I can’t give you any further information regarding the error I’m afraid.

    Thanks for your help.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘503 error on log out, then cannot log in’ is closed to new replies.