Forum Replies Created

Viewing 15 replies - 1 through 15 (of 77 total)
  • Thread Starter wp_kc

    (@wp_kc)

    This change to Fail2Ban happened a few years back, and I had put the problem on the back burner. As I recall, it has to do with the changing size of the log file. If the NinjaFirewall file size reaches it’s maximum for the month and starts trimming lines off the beginning, then Fail2Ban barfs with an error message saying the system clock is wrong, and then ignores the log file for the rest of the month!

    I had a long back-and-forth with the developer about this. He had made some changes to solve a problem with some other stuff, and was unwilling to change it back just for Ninjafirewall logs (which he viewed as weird and non-standard, whatever that standard is). His suggestion was to use iNotify to capture changes to the log file and append those changes to a different log file. But when I looked into that idea, it also has issues. I also looked into systemd path units and a few other kernel level file monitoring methods, and none of them are ideal.

    What I came up with in the meantime was a Must-Use plugin that loads before 0-ninjafirewall.php, and adds a register_shutdown_function callback, then checks for new lines at php shutdown. It’s ugly, but it works, sort of. It tends to reban things that were already banned even though I am keying off the incident ID number, so I end up setting the max number of days to 1 just to minimize rebanning IPs that haven’t come back.

    Just looking for a way back to what I had before this change to Fail2Ban happened. Two of my customers are on VPS’ one of whom had the premium version of NinjaFirewall for a couple of years, then stopped paying their bill, the other never had a premium version. So I’ll have to do a sales pitch to get them to subscribe to the premium version.

    All my other customers are on shared hosting, so syslog was always out of the question since I have no control over the host’s Fail2Ban. But it would be nice to have a script running that can take NinjaFirewall logs and do a ban through an API call to CloudFlare.

    Thread Starter wp_kc

    (@wp_kc)

    Changes in Fail2Ban broke my custom filter that looked at the NinjaFirewall log files. Fail2Ban is expecting a log file to only be appended to, with a consistent end of file index. So the rolling log file nature of NinjaFirewall, where old events are removed from the start of the file, messes up NinjaFirewall. How about instead, making an option that disables the rolling log file feature?

    The latest versions of Debian don’t have a syslog any more, everything goes to the journal. I assume the OS probably redirects software syslog writes to the journal. This is also problematic for Fail2Ban, since NinjaFirewall is not a systemd unit as Fail2Ban filters expect, and there is no way to redirect syslog writes to a text log file.

    Thanks.

    Thread Starter wp_kc

    (@wp_kc)

    Well done @gosuccess ! Thanks. And thanks @bruandet for rolling out the fix so quick.

    Thread Starter wp_kc

    (@wp_kc)

    I also see this…

        /**
         * Create session dir if it doesn't exist.
         * Note: NFWSESSION_DIR can be defined in the .htninja file.
         */
        if (! self::$session_dir ) {
            if ( defined('NFWSESSION_DIR') ) {
                self::$session_dir = NFWSESSION_DIR;
            } else {
                self::$session_dir = NFW_LOG_DIR .'/sessions';
            }
            if (! is_dir( self::$session_dir ) ) {
                $res = mkdir( self::$session_dir, 0700, true );
                if ( $res === false ) {
                    return false;
                }
            }
            touch( self::$session_dir .'/index.html');
        }

    I don’t think I have anything special in my security settings that would prevent mkdir() from working in the /wp-content/ folder. My directories are set to 755, and my files are set to 644. All files and directories are owned by the apache2 user, www-data.

    Plugins and themes be installed and uninstalled without a problem, so it seems that directories and files can be created and deleted without problems in /wp-content/plugins/ and /wp-content/themes/.

    There are six calls to NinjaFirewall_session::start(), but none of them handle a return value of false. It looks like this affects the login, logout, and captcha procedures.

    Thread Starter wp_kc

    (@wp_kc)

    Thanks for the reply. I was not aware of that constant and have not changed it. I do see this in your code…

    /**
    * Select whether we want to use PHP or NF (default since v4.8.1) sessions.
    */
    if ( is_file( NFW_LOG_DIR .'/nfwlog/phpsession') ) {
    require_once __DIR__ .'/lib/class-php-session.php';
    } else {
    if (! defined('NFWSESSION_DIR') ) {
    /**
    * NFWSESSION_DIR can be defined in the .htninja.
    */
    define('NFWSESSION_DIR', NFW_LOG_DIR .'/session');
    }
    require_once __DIR__ .'/lib/class-nfw-session.php';
    }

    I did recently upgrade all my sites from php8.2-fpm to php8.3-fpm. Is it possible that the change in PHP versions messed it up somehow? Because I do see a /wp-content/nfwlog/session/ directory on my sites, and they have a bunch of session files with date-time stamps that end the day before I did the switch in PHP versions.

    • This reply was modified 7 months, 3 weeks ago by wp_kc.
    Thread Starter wp_kc

    (@wp_kc)

    Thanks again!

    Thread Starter wp_kc

    (@wp_kc)

    Forgot to mark resolved

    Thread Starter wp_kc

    (@wp_kc)

    That didn’t fix it. But based on your response, I deleted the plugin, made sure all the plugin files and directories were deleted from the server, then re-installed it. After that, the Quarantine tab started working again.

    Thanks!

    Thread Starter wp_kc

    (@wp_kc)

    It is not a publicly accessible web site, and it has WP_DEBUG enabled. These messages only show up in the debug log file while accessing /wp-admin area of the web site. Nothing special has to be done, simply log in to the site. The log file grows by about 2MB per day with these types of messages.

    No front end issues are noticeable. I just thought you might be interested, since it looks like these message will turn into errors in the future.

    Thread Starter wp_kc

    (@wp_kc)

    I still got the same result with that…
    03-May-21 14:48:38 ERROR Fatal error: forking process failed (cURL error 56: OpenSSL SSL_read: error:1409445C:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required, errno 0: AJAX API). Aborting

    But, I figured it out. I have CloudFlare on the site with the problem, and I have “Authenticated Origin Pulls” enabled. When I disabled Authenticated Origin Pulls in my server configuration and paused CloudFlare, it started working. Just pausing CloudFlare alone did not fix it.

    So I am assuming the problem is happening because the server can’t do a simple loopback when Authenticated Origin Pulls is on.

    I’m research if there is a fix for this. But at this point, it does not look like it is a NinjaScanner problem. So I’m marking this as resolved. Any more ideas would be appreciated though.

    Thread Starter wp_kc

    (@wp_kc)

    I commented out both lines, but still got the same result.
    30-Apr-21 05:25:32 ERROR Fatal error: forking process failed (cURL error 56: OpenSSL SSL_read: error:1409445C:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required, errno 0: AJAX API). Aborting

    Thread Starter wp_kc

    (@wp_kc)

    P.S. If I switch to WP-CRON mode, the error message is pretty much the same…
    29-Apr-21 15:25:37 ERROR Fatal error: forking process failed (cURL error 56: OpenSSL SSL_read: error:1409445C:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required, errno 0: WP-CRON). Aborting

    Thread Starter wp_kc

    (@wp_kc)

    It looks like the Elementor developers found the problem and fixed it. The latest version released 8 hours ago is no longer generating these messages.

    Thread Starter wp_kc

    (@wp_kc)

    Fixed!

    Thanks for the speedy response.

    Thread Starter wp_kc

    (@wp_kc)

    It works again! Thanks, you guys are awesome.

Viewing 15 replies - 1 through 15 (of 77 total)