Deleting the .user.ini shouldn’t crash your site as it would unload the firewall.
Deleting the .htninja shouldn’t crash it either unless there’s some weird code in it. Did you check its code?
-Did you uninstall NinjaFirewall from the WordPress dashboard, first?
-Do you have another instance of the firewall installed (e.g., in a parent or sub folder)?
-Can you post here the PHP error log message?
Hello again,
thanks for the answer.
I could .user.ini delete. Just not .htninja?
Here comes a 500 Error.
<?php
/*
+====================================================================+
| NinjaFirewall optional configuration file |
| |
| See: https://nintechnet.com/ninjafirewall/wp-edition/help/?htninja |
+====================================================================+
*/
// Users of Cloudflare CDN:
if (! empty($_SERVER["HTTP_CF_CONNECTING_IP"]) &&
filter_var($_SERVER["HTTP_CF_CONNECTING_IP"],FILTER_VALIDATE_IP)) {
$_SERVER["REMOTE_ADDR"] = $_SERVER["HTTP_CF_CONNECTING_IP"];
}
Make sure you uninstalled it from the WordPress “Plugins” page, that the best way to do it.
You can remove the .user.ini file, because it has the firewall directive (if you uninstall from the WordPress dashboard, it will remove them for you automatically).
Thank you.
The plugin and the .user.ini file are removed.
But I can’t delete the .htninja file (with the cloudflare statement) without getting a 500 error! How do I get the file deleted. Is there still data somewhere else?
Do you have another website installed on this document root? It looks like there’s another installation on NinjaFirewall.
Can you check the HTTP error log? You will see the error message and that will help us to understand the problem.
You can also run the troubleshooter script:
1. Rename this file to “wp-check.php”.
2. Upload it into your WordPress root folder.
3. Go to http://YOUR WEBSITE/wp-check.php
4. Delete it afterwards.
Paste the results here.
This is the result:
NinjaFirewall (WP edition) troubleshooter
HTTP server : nginx/1.16.1
PHP version : 7.4.9
PHP SAPI : FPM-FCGI
auto_prepend_file : /var/www/vhosts/bulk.de/bphome/.htninja
Loader's path to firewall : Cannot find the path!
wp-config.php : found in /var/www/vhosts/bulk.de/bphome/wp-config.php
NinjaFirewall detection : NinjaFirewall is not loaded
Loaded INI file : /opt/plesk/php/7.4/etc/php.ini
user_ini.filename : .user.ini
user_ini.cache_ttl : 300 seconds
User PHP INI : none found
DOCUMENT_ROOT : /var/www/vhosts/bulk.de/bphome
ABSPATH : /var/www/vhosts/bulk.de/bphome/
WordPress version : 5.5.1
WP_CONTENT_DIR : /var/www/vhosts/bulk.de/bphome/wp-content
Plugins directory : /var/www/vhosts/bulk.de/bphome/wp-content/plugins
User Role : Unknown role (or user not logged in)
User Capabilities : Error: missing manage_options capability - Error: missing unfiltered_html capability
Make sure you are logged in to WordPress before running this script.
Log dir permissions : /var/www/vhosts/bulk.de/bphome/wp-content/nfwlog dir is writable
Cache dir permissions : /var/www/vhosts/bulk.de/bphome/wp-content/nfwlog/cache dir is writable
It looks fine.
You need to check the HTTP and PHP error logs, there will be the reason why your server (or PHP) throws a 500 error. When you find the line in your log, post it here.
proxy_error_log
2020/09/07 19:43:14 [error] 32228#0: *5839493 FastCGI sent in stderr: "PHP message: PHP Warning: Unknown: failed to open stream: No such file or directory in Unknown on line 0PHP message: PHP Fatal error: Unknown: Failed opening required '/var/www/vhosts/xxx.de/bphome/.htninja' (include_path='.:/opt/plesk/php/7.4/share/pear') in Unknown on line 0" while reading response header from upstream, client: 162.158.167.73, server: xxxnet, request: "GET /de/merkmal/fussbodenheizung/page/5 HTTP/1.1", upstream: "fastcgi://unix:///var/www/vhosts/system/xxx/php-fpm.sock:", host: „xxx.net"
error_log
35.242.232.68:43474] AH01630: client denied by server configuration: /var/www/vhosts/xxx.de/bp_net/server-status
[Mon Sep 07 18:51:43.459992 2020] [authz_core:error] [pid 3089] [client 35.242.232.68:44184] AH01630: client denied by server configuration: /var/www/vhosts/xxx.de/bp_net/server-status
proxy_access_ssl_log
108.162.216.47 - - [07/Sep/2020:13:37:45 +0200] "GET /bphome/.htninja HTTP/1.1" 404 36035 "https://xxx.net/bphome/.htninja" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36"
php_error_log
2020-09-07 19:42:43 Warning 162.158.89.234 32228#0: *5839452 FastCGI sent in stderr: "PHP message: PHP Warning: Unknown: failed to open stream: No such file or directory in Unknown on line 0PHP message: PHP Fatal error: Unknown: Failed opening required '/var/www/vhosts/xxx.de/bphome/.htninja' (include_path='.:/opt/plesk/php/7.4/share/pear') in Unknown on line 0" while reading response header from upstream nginx-Fehler
As you can see, you have a file that is loading the .htninja.
But the log reads “in Unknown on line 0” which isn’t very helpful.
Nevermind, you should be able to find it by adding this code to the .htninja:
$foo = debug_backtrace();
file_put_contents( 'ninjadebug.txt', print_r( $foo[0], true) );
Visit the site, and check the content of the “ninjadebug.txt” filecreated in the same folder: it should display the full path and line number of the script that loads the .htninja.
Don’t forget to remove the above code from the .htninja.
The file ninjadebug.txt is created. But it remains empty.
Then, that means the .htninja is not loaded from a PHP script.
That’s really weird.
Maybe you have a proxy or HTTP cache that still caches and loads it?
All very strange. I can’t find anything that causes this.
The site runs on a nginx server, via Cloudflare, as caching plugin runs WP Fastest Cache.
But even if everything is deactivated nothing changes.
-
This reply was modified 1 year, 8 months ago by
Torsten Bulk.
Maybe an opcode cache? Can you try to reload your PHP-FPM process?
I deactivated the opcode and also deleted it. I changed PHP-FPM to 7.2 and 7.3.
All without any change. I am at a loss.
Search for ‘.htninja’ in your document root:
$ grep -r '.htninja' /full/path/to/your/blog/ --color=always
If you have root access, try your luck with the Linux kernel’s audit system. Unlike inotify, auditd will give you information about the process that accessed the file. But I’ve no idea if that will work in your case.
You must install it. In Debian:
apt install auditd audispd-plugins
Start the service:
service auditd start
Set up a watch:
auditctl -w /full/path/to/.htninja -p war -k foobar
Restart your HTTP server, your PHP server, access your blog etc.
Then check if it caught something:
ausearch -f /full/path/to/.htninja
The audit log is in /var/log/audit/audit.log.
To remove the watch:
auditctl -W /full/path/to/.htninja -p war -k foobar
