dwinden

@tazo todua

And your question is … ?

dwinden

@milian

I can reproduce this when I rename the better-wp-security/core/admin-pages/js/script.js file.

But this way none of the iTSec plugin Admin interface buttons will work since there are no click events. I think your issue is isolated with the Details link in the File Change History log.

dwinden

@mehrdad32

Just to determin whether any of the 2 settings mentioned earlier is causing the ERROR 500 msg you can manually remove the corresponding lines from the .htaccess file.

First manually remove the many many many “HackRepair.com Blacklist” lines.

If that does not make any difference remove the 2 “Disable PHP in Uploads” lines too.

Both of these settings add a RewriteCond/RewriteRule to the .htaccess file with a regular expression which could be causing your issue.

dwinden

@anuruddha94

Thank you for that explanation.

Try and manually remove the following 5 lines from the .htaccess file:

SetEnvIF REMOTE_ADDR “^2a00:1210:fffe:0?0?72:(0{0,4}:){0,2}(0{0,4})?:0?0?0?1$” DenyAccess
SetEnvIF X-FORWARDED-FOR “^2a00:1210:fffe:0?0?72:(0{0,4}:){0,2}(0{0,4})?:0?0?0?1$” DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP “^2a00:1210:fffe:0?0?72:(0{0,4}:){0,2}(0{0,4})?:0?0?0?1$” DenyAccess

Require not ip 2a00:1210:fffe:72::1

Deny from 2a00:1210:fffe:72::1

This is just to see whether this is the offending IP causing the 500 internal server error/The specified IP address is invalid log entry.

If this helps solve the 500 internal server error I’ll provide you with additional instructions to remove the IP from the database.

dwinden

@anuruddha94

Please post the content of the /home/test123/public_html/.htaccess file.

What web server and what version of that web server is the website using ?
(eg. Apache 2.2.12)

dwinden

@TZAL

Ok, so we did make some progress.

It turns out that the settings controlling the display of both the “what’s new” notice and the “Security Check” window are stored in the database (itsec-storage option) as part of the Global Settings module.
(The setting which controls the display of the “Get Free API Key” notice is not part of the Global Settings module).

Display of the “what’s new” notice is controlled by the show_new_dashboard_notice setting.

Display of the “Security Check” window is controlled by the show_security_check setting.

In total there are 27 Global Settings stored in the database.
However only max 23 will show up under the Global Settings module.
2 settings will only display if you are using nginx web server and/or the infinitewp plugin. If you are using neither of these only 21 settings will show under the Global Settings module.

So that leaves 27-23=4 extra settings.
2 of these are did_upgrade and log_info which are probably irrelevant for this issue. The other 2 I already mentioned: show_new_dashboard_notice and show security_check.

I’m providing you with as much relevant info as possible as I’m convinced you will need to monitor these settings in your database in order to find out what is going wrong.

Earlier in this topic mcmito figured out that 1 of the 23 Global Settings
(Path to Log Files) was not getting validated when trying to save the Global Settings. This also prevented the show_new_dashboard_notice setting from being saved in the database as part of the Global Settings when closing the “What’s new” notice.

I don’t think you are experiencing exactly the same issue, but something seems to be interfering with the Global Settings as saved in the database (itsec-storage option in wp_options table).

It could be a caching plugin or anything else.

Anyway I’m running out of options.

dwinden