I just tried to upgrade to the latest version of YARPP (3.3.1) and it caused my Hostgator (shared) server to crash. I can’t figure out if this is HG’s problem or the plugin is causing the problem.
I just wanted you to know that both times I tried to upgrade I crashed the server. I’ve never had this happen before w. a WP plugin.
Here’s the specific security error generated by my log:
Wed Jun 08 03:27:26 2011] [error] [client 220.127.116.11] ModSecurity: Access denied with code 403 (phase 2). Match of “rx (/wp-content/plugins/one-click-plugin-updater)|(www/delivery/ajs.php)|(www/admin/dashboard.php)|(/wp-content/(themes|uploads)(?:/(\\\\w+))*/(tim)?thumb.php|/pl/download\\\\?file=http|/index\\\\.php/admin/system_config/save/section/payment/|^/b/ss/mxmacromedi …” against “REQUEST_FILENAME” required. [file “/opt/mod_security/hg_rules.conf”] [line “91”] [id “1234234”] [msg “JITP:1234234-RFI-REQUEST_FILENAME=cheapestlaptop.cheapandworth.com”] [hostname “www.richardsilverstein.com”] [uri “/tikun_olam/”] [unique_id “Te8ybkMSE@IAAGKbHmIAAABH”]
The cheapestlap.com filename looks absolutely weird. IS that spam or should that be called as part of the upgrade? It appears the error is being caused by the one-click plugin updater, which may not be related to your plugin specifically. But whatever it is this is one helluva strange set of behaviors.
Just to clarify, as per our email correspondence, this issue was *not* due to YARPP and was your hosting company’s misconfiguration of your server. Glad the issue was resolved! 🙂
No, not a misconfiguration on the host’s part. For some reason they set a security exception for scripts downloading files in the manner that the one-click plugin updater does because they had someone take down their server w. a script that operated in a similar way.
But they’re trying to get my site whitelisted so this doesn’t happen again.
And no, it wasn’t the fault of YARPP.
- The topic ‘YARPP causes server crash’ is closed to new replies.