Support » Fixing WordPress » Unfixable 500 Internal server eror

  • EDIT – my first time posting here on the support forums, i see i used the wrong forum – i will go and repost on the correct one ( i do not know how to move or delete this post)

    My WP site have been running for over 5 years. Last week, i decided it was time for a new theme, and i played around with a few themes until i settled on Fabulous(?). I have also installed a few new plugins, including Classic Editor, Teost, and Yeost-No-Adds.
    My site looked beautiful, and i went out to dinner. When i came back, and wanted to edit one of my pages, i got the 500 Internal Server error. I strongly suspect that it was either the new theme, or the Yeost-No-Adds that boke it….

    I followed all the steps on these pages, as follows:
    1 – updated my wpconfig file
    2 – updated my htpaccess file
    3 – disabled plugings in my File manager by changing the filename to plugins.hold
    4 – disabled plugins in my SQL database by changing the option value
    5 – deleted the new theme from the file manager
    6 – created a new database on my SQL, in which i uploaded my backup of this afternoon, which i made just before going to dinner
    7 – reinstalled wordpress, including changing the wpconfig file to the name of the new database

    I am now at my wits end, and have no idea how to fix the problem, as it still persists, and i urgently need to update my page (i have just created a New App, whihc we are launching this week)

    Any advice would be really highly appreciated…

    • This topic was modified 4 months, 1 week ago by  watershare. Reason: wrong forum

    The page I need help with: [log in to see the link]

Viewing 15 replies - 1 through 15 (of 17 total)
  • Moderator t-p

    (@t-p)

    Internal server errors are usually described in more detail in the server error log. If you have access to your server error log, generate the error again, note the date and time, then immediately check your server error log for any errors that occurred during that time period. If you don’t have access to your server error log, ask your hosting provider to look for you.

    Hi t-p

    Where can i find my server error log?

    Moderator t-p

    (@t-p)

    Please ask your hosting provider to look for you.

    @watershare

    Saw your post over in the duplicate thread saying that now you get a 404 error
    Are you able to get to wp-admin? If so try resaving your permalink settings to see if that fixes the issue.

    You can get to these settings once logged into wp-admin by going to
    Settings → Permalinks.

    Hi Binary

    I am unable to get to wp-admin – i have gone and changed my login settings on mySQL server, becqause i thought that that may have caused the problem, but still am unable to get that lovely friendly login page…

    Maybe it would help if i delete the old user \ID| from my SQL, and just add myself as a completely new admin user?

    At this point T-P’s suggestion would be your best bet. Work with your provider to get to get your server logs and get to the bottom of this.

    Yikes.

    Thanks guys – really appreciate your trying to assist

    My warnings went off in my Chrome browser when I went to the services page.

    Who is http://iyfipun.com/? There’s a reference to that site in your https://www.cbosss.com/404testpage4525d2fdc file which is probably hacked, corrupt, or something.

    I can’t figure out your site either but the theme on the ‘training’ side is Agama or something like that… You said you were running the Fabulous theme which makes me think you either have a multisite or two discrete installs of WordPress.

    Is that true?

    I ran a scan on the site and the training side and all I found was two plugins but you mentioned several that seemed oddly named but might affect Yoast… I’d recommend killing those off.

    On the ‘service’ side, I’d kill the whole plugin directory. Just rename it for now.

    Something on that ‘service’ side looks like it’s leaking the serialized data from your database and I thought I saw ‘admin’ there before it disappeared.

    If you can get the ‘service’ side running again you might try installing the WordFence and iThemesSecurity plugins together and do a malware scan from WordFence.

    I’d also install the Sucuri scanner plugin and run it.

    I can’t recommend ever manipulating the raw database data unless you have a specific reason to do so. Your haste in diving into that might have made a simple problem worse which might explain that data leak I saw.

    If you get things working again I’d recommend this article When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If it was me, I’d continue running those first two security plugins I recommended above and keep the Sucuri Scanner handy. I’d also rethink my site layout to possibly secure my site a little better using the WordPress plugins. Right now you have a discrete HTML page that’s outside of WordPress itself to send your visitors to the two sides.

    One more suggestion might be to put your site on CloudFlare after you get things squared away which will hide that Apache web server from prying eyes.

    • This reply was modified 4 months, 1 week ago by  JNashHawkins.

    @jnashhawkins , thank you very much for your reply

    I followed the suggestions of @binarywc and @t-p , and contacted my provider. It turns out that there was malware hidden in TWO of the plugiuns that i had installed, namely Yoast_No_Adds, AND Admin Page Spider. Admin Page Spider even removed my admin privileges, and although i disabled plugins, one of these two plugins kept kicking me out…

    Yes, i have two discrete WordPress installs – fortunately, as i am marketing a training course right now on my RTraining site (which is running Agama), and would have jumped from a bridge if the training site was also compromised… I killed those two plugins immediately on my training site.

    I DO have Wordfence running on both my sites – lovely plugin, but they did not detect the malware injections. I have NO IDEA who http://iyfipun.com/ is – i suspect they are the hackers behind this? I even received an email from “attack.net” warning me that my site is infected just now, and “offering” to “fix”” it for me, at a price, of course… I will definitely follow your suggestions, and also install iThemesSecurity and Sucuri scanner.

    The long and short of the problem on my Services site is that we are going to have to create an entire new database, and new website, and i am going to start from scratch.

    I have no idea on how i can set my site up differently from the way it is currently set up, with the separate discrete html page outside of WordPress, or how to put my site on Cloudfare – any suggestions or resources in this respect would be greatly appreciated 🙂

    And thanks again – i have learned my lesson the hard way – my mistake was to be too eager to update my site, and i installed plugins that i should not have installed 🙁

    Oh, and what do i do to remove that “impunify” rubbish from my landing page?

    I’m just glad you got a handle on it.

    I’d put my energy into fixing what I have and leaving things alone for now except to beef up the security some.

    After the dust settles and you have things running, you might take a look at CloudFlare. It’s pretty easy really but take a breather from the rest of this mess before you look at it.

    One caveat on CloudFlare… the free side of CloudFlare is a little strict on server response so if your present host isn’t up to the task you’ll get ‘500’ type errors. The DNS service alone is still worth that effort though. You can turn the Proxy side off if you need to.

    That first page will be fine there and it will make the whole site look seamless from outside. IPage hosting (if I remember right you’re on IPage) should be able to respond fast enough for that.

    If you need anything else just ask.

    • This reply was modified 4 months, 1 week ago by  JNashHawkins.

    @jnashhawkins thanks again – you have been very helpful (although that last part about using cloudfare went completely over my head, lol)

    But i will follow your suggestion, and take a breather after all of this has been fix first, and then investigate Cloudfare, maybe over the holidays..

    I have four more questions – lol – here goes:
    (1) how do i remove that “impunify” rubbish from my landing page?
    (2) how can i secure or change the location or design or settings of my landing page in the meantime until i go to cloudfare?
    (3) is my training site safe, or could the hackers get in and break it as well?
    (4) should i report the security issues with these plugins somewhere, so that my bad experience can be prevented from happening to someone else?

    Its OK if you cant answer all of them – lol – i am just trying to keep myself from getting panic attacks over all of this 🙂

    • This reply was modified 4 months, 1 week ago by  watershare.
    Moderator t-p

    (@t-p)

    Carefully follow this guide.

    When you’re done, you may want to implement some (if not all) of the recommended security measures and start backing up your site.

    @watershare

    1) I’m not seeing any “impunify” text on the landing page right now

    2) Cloudflare’s base free service isn’t really going to help very much in this case. Their free service is great for blocking network attacks like DoS/DDoS, but ideally you want a more robust firewall and not just CDN for improved security.

    3) It looks like both are on the same shared hosting plan at iPage, so you should assume both have already been compromised.

    4) I wouldn’t recommend doing so until you have definitive proof. It’s extremely common for hackers to inject plugin and theme files with malware, but that in no way means the creators of that plugin or theme had anything at all to do with such activity.

    One thing I did notice is you mentioned the plugin “Yoast_No_Adds” having been installed. I can’t find any official repository information on a plugin with such a directory name and the name itself is suspect. It sounds like it is a pirated/nulled version of Yoast premium. If that is the case, then that is your problem.

    EDIT:

    oh and btw right now the iyfipgun.com is only loading when a 404 request is sent to the website. it looks like something, probably a theme file or plugin file, is generating a fake 404 page that loads ads from iyfipgun.com:

    
    var url = 'http://www.iyfipgun.com/?dn='
                    + document.domain + '&pid=9POL6F2H4';
    
                $(document).ready(function() {
                    $('#ad_frame').attr('src', url);
    
    • This reply was modified 4 months, 1 week ago by  g0tr00t.
Viewing 15 replies - 1 through 15 (of 17 total)
  • You must be logged in to reply to this topic.