Support » Plugin: NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall » How to uninstall NinjaFirewall (WP Edition)

  • Hello,

    I can’t get it right.

    The following files are in the root directory:

    .user.ini
    .htninja

    If I delete these files, there’ll be a 500-point error.

    How can I completely uninstall NinjaFirewall (WP Edition)?

    Best regards

    Torsten

Viewing 15 replies - 1 through 15 (of 20 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Deleting the .user.ini shouldn’t crash your site as it would unload the firewall.
    Deleting the .htninja shouldn’t crash it either unless there’s some weird code in it. Did you check its code?

    -Did you uninstall NinjaFirewall from the WordPress dashboard, first?
    -Do you have another instance of the firewall installed (e.g., in a parent or sub folder)?
    -Can you post here the PHP error log message?

    Thread Starter Torsten Bulk

    (@torstenbulk)

    Hello again,

    thanks for the answer.

    I could .user.ini delete. Just not .htninja?

    Here comes a 500 Error.

    <?php
    /*
    +====================================================================+
    | NinjaFirewall optional configuration file                          |
    |                                                                    |
    | See: https://nintechnet.com/ninjafirewall/wp-edition/help/?htninja |
    +====================================================================+
    */
    
    // Users of Cloudflare CDN:
    if (! empty($_SERVER["HTTP_CF_CONNECTING_IP"]) &&
     filter_var($_SERVER["HTTP_CF_CONNECTING_IP"],FILTER_VALIDATE_IP)) {
    	$_SERVER["REMOTE_ADDR"] = $_SERVER["HTTP_CF_CONNECTING_IP"];
    }
    
    Plugin Author nintechnet

    (@nintechnet)

    Make sure you uninstalled it from the WordPress “Plugins” page, that the best way to do it.
    You can remove the .user.ini file, because it has the firewall directive (if you uninstall from the WordPress dashboard, it will remove them for you automatically).

    Thread Starter Torsten Bulk

    (@torstenbulk)

    Thank you.

    The plugin and the .user.ini file are removed.

    But I can’t delete the .htninja file (with the cloudflare statement) without getting a 500 error! How do I get the file deleted. Is there still data somewhere else?

    Plugin Author nintechnet

    (@nintechnet)

    Do you have another website installed on this document root? It looks like there’s another installation on NinjaFirewall.

    Can you check the HTTP error log? You will see the error message and that will help us to understand the problem.

    You can also run the troubleshooter script:
    1. Rename this file to “wp-check.php”.
    2. Upload it into your WordPress root folder.
    3. Go to http://YOUR WEBSITE/wp-check.php
    4. Delete it afterwards.
    Paste the results here.

    Thread Starter Torsten Bulk

    (@torstenbulk)

    This is the result:

    
    NinjaFirewall (WP edition) troubleshooter
    
    HTTP server	:	nginx/1.16.1
    PHP version	:	7.4.9
    PHP SAPI	:	FPM-FCGI
     	 	 
    auto_prepend_file	:	/var/www/vhosts/bulk.de/bphome/.htninja
    Loader's path to firewall	:	Cannot find the path!
    wp-config.php	:	found in /var/www/vhosts/bulk.de/bphome/wp-config.php
    NinjaFirewall detection	:	NinjaFirewall is not loaded
     	 	 
    Loaded INI file	:	/opt/plesk/php/7.4/etc/php.ini
    user_ini.filename	:	.user.ini
    user_ini.cache_ttl	:	300 seconds
    User PHP INI	:	none found
     	 	 
    DOCUMENT_ROOT	:	/var/www/vhosts/bulk.de/bphome
    ABSPATH	:	/var/www/vhosts/bulk.de/bphome/
    WordPress version	:	5.5.1
    WP_CONTENT_DIR	:	/var/www/vhosts/bulk.de/bphome/wp-content
    Plugins directory	:	/var/www/vhosts/bulk.de/bphome/wp-content/plugins
    User Role	:	Unknown role (or user not logged in)
    User Capabilities	:	Error: missing manage_options capability - Error: missing unfiltered_html capability
    Make sure you are logged in to WordPress before running this script.
    Log dir permissions	:	/var/www/vhosts/bulk.de/bphome/wp-content/nfwlog dir is writable
    Cache dir permissions	:	/var/www/vhosts/bulk.de/bphome/wp-content/nfwlog/cache dir is writable
    
    Plugin Author nintechnet

    (@nintechnet)

    It looks fine.
    You need to check the HTTP and PHP error logs, there will be the reason why your server (or PHP) throws a 500 error. When you find the line in your log, post it here.

    Thread Starter Torsten Bulk

    (@torstenbulk)

    proxy_error_log

    
    2020/09/07 19:43:14 [error] 32228#0: *5839493 FastCGI sent in stderr: "PHP message: PHP Warning:  Unknown: failed to open stream: No such file or directory in Unknown on line 0PHP message: PHP Fatal error:  Unknown: Failed opening required '/var/www/vhosts/xxx.de/bphome/.htninja' (include_path='.:/opt/plesk/php/7.4/share/pear') in Unknown on line 0" while reading response header from upstream, client: 162.158.167.73, server: xxxnet, request: "GET /de/merkmal/fussbodenheizung/page/5 HTTP/1.1", upstream: "fastcgi://unix:///var/www/vhosts/system/xxx/php-fpm.sock:", host: „xxx.net"
    

    error_log

    
    35.242.232.68:43474] AH01630: client denied by server configuration: /var/www/vhosts/xxx.de/bp_net/server-status
    [Mon Sep 07 18:51:43.459992 2020] [authz_core:error] [pid 3089] [client 35.242.232.68:44184] AH01630: client denied by server configuration: /var/www/vhosts/xxx.de/bp_net/server-status
    

    proxy_access_ssl_log

    108.162.216.47 - - [07/Sep/2020:13:37:45 +0200] "GET /bphome/.htninja HTTP/1.1" 404 36035 "https://xxx.net/bphome/.htninja" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36"

    php_error_log

    
    2020-09-07 19:42:43	Warning	162.158.89.234		32228#0: *5839452 FastCGI sent in stderr: "PHP message: PHP Warning: Unknown: failed to open stream: No such file or directory in Unknown on line 0PHP message: PHP Fatal error: Unknown: Failed opening required '/var/www/vhosts/xxx.de/bphome/.htninja' (include_path='.:/opt/plesk/php/7.4/share/pear') in Unknown on line 0" while reading response header from upstream				nginx-Fehler
    
    Plugin Author nintechnet

    (@nintechnet)

    As you can see, you have a file that is loading the .htninja.
    But the log reads “in Unknown on line 0” which isn’t very helpful.
    Nevermind, you should be able to find it by adding this code to the .htninja:

    $foo = debug_backtrace();
    file_put_contents( 'ninjadebug.txt', print_r( $foo[0], true) );
    

    Visit the site, and check the content of the “ninjadebug.txt” filecreated in the same folder: it should display the full path and line number of the script that loads the .htninja.

    Don’t forget to remove the above code from the .htninja.

    Thread Starter Torsten Bulk

    (@torstenbulk)

    The file ninjadebug.txt is created. But it remains empty.

    Plugin Author nintechnet

    (@nintechnet)

    Then, that means the .htninja is not loaded from a PHP script.
    That’s really weird.
    Maybe you have a proxy or HTTP cache that still caches and loads it?

    Thread Starter Torsten Bulk

    (@torstenbulk)

    All very strange. I can’t find anything that causes this.

    The site runs on a nginx server, via Cloudflare, as caching plugin runs WP Fastest Cache.

    But even if everything is deactivated nothing changes.

    • This reply was modified 1 year, 8 months ago by Torsten Bulk.
    Plugin Author nintechnet

    (@nintechnet)

    Maybe an opcode cache? Can you try to reload your PHP-FPM process?

    Thread Starter Torsten Bulk

    (@torstenbulk)

    I deactivated the opcode and also deleted it. I changed PHP-FPM to 7.2 and 7.3.

    All without any change. I am at a loss.

    Plugin Author nintechnet

    (@nintechnet)

    Search for ‘.htninja’ in your document root:

    $ grep -r '.htninja' /full/path/to/your/blog/ --color=always
    

    If you have root access, try your luck with the Linux kernel’s audit system. Unlike inotify, auditd will give you information about the process that accessed the file. But I’ve no idea if that will work in your case.
    You must install it. In Debian:

    apt install auditd audispd-plugins
    

    Start the service:

    service auditd start
    

    Set up a watch:

    auditctl -w /full/path/to/.htninja -p war -k foobar
    

    Restart your HTTP server, your PHP server, access your blog etc.
    Then check if it caught something:

    ausearch -f /full/path/to/.htninja
    

    The audit log is in /var/log/audit/audit.log.

    To remove the watch:

    auditctl -W /full/path/to/.htninja -p war -k foobar
    
Viewing 15 replies - 1 through 15 (of 20 total)
  • The topic ‘How to uninstall NinjaFirewall (WP Edition)’ is closed to new replies.