Tagged: cloud server
September 6, 2016 at 12:28 am #1616
I’v migrated my site to another hosting provider (cloud hosting). Since then I can not activate the brute force protection functionality. In the previous hosting (shared one), the plugin funtionality was working good.
Now the plugin does a compatibility test and then it ends with the “No response from server” error message.
Having read your foro, It seems the issue could be related to the rewrite rules.
Some background in case it can help:
- WordPress is installed in a subfolder “public_html/subfolder/”, where the wp-config.php is located.
- There are .htaccess files in both the subfolder and in the root public_html.
Thanks for your work in the plugin and your support,
September 6, 2016 at 7:34 am #1618
- This topic was modified 6 months, 3 weeks ago by Miquel Conesa.
Does your new server run nginx or apache? rewrite rules only work in apache so my brute-force patch does not work in nginx.September 6, 2016 at 12:20 pm #1619
The main server is running Apache. There’s asecondary nginx server for static files.
In case it can help understanding the scenario, below a link with a screenshot of the active services running in the cloud server.
Thanks.September 7, 2016 at 2:32 pm #1620
The borwser console is printing this error:
Refused to execute script from ‘https://keyelp.com/xxxxxxx/wp-content/plugins/gotmls/images/gotmls.js?SESSION=0′ because its MIME type (‘image/gif’) is not executable.
I’ve checked the folder and there is no gotmls.js located in this directory .
I hope this info can help.
ThanksSeptember 8, 2016 at 5:02 pm #1624
Can you test something for me? Can you make a new file called test.php in that same directory and put this code in that file:
< ?php echo htmlspecialchars($_SERVER["REQUEST_URI"], ENT_QUOTES); ?>
Then call up that file in your browser and tell me what it says?September 13, 2016 at 8:02 am #1628
Seems to work OK:
For your information, in case it could be related with this issue, I had to change the directory permissions and ownership, to be able of uploading (ftp) the test.php file.
Does it make sense to uninstall and reinstall the plugin??
Thanks,September 13, 2016 at 8:27 am #1629
That does seem to work as I expected, so I’m not really sure why the rewrite is not working correctly.
The next step would be to put this code in your test.php file:
if (preg_match('|(.*?/gotmls\.js\?SESSION=0)|', GOTMLS_script_URI, $match))
September 14, 2016 at 1:06 am #1630
I tried this script, but it seems the constant GOTMLS_script_URI is not defined.
The script is printing it as a string. See screenshot with PHP error messages:
I’ve taken the initiative to do a further test, by pasting the small script at the end of the index.php file . I’m assuming the constant is defined in this file. When calling the modified index.php file, a small square was printed at the top left side where before it used to print a small GOTMLS logo.
I’ve reverted the change. Still the small square is printed. Below a link to the screenshot with the square, just in case it has any importance…
ThanksSeptember 17, 2016 at 11:13 am #1633
Ah, yes. Now try changing the .htaccess file in that directory so that it redirects to test.php instead on index.php and then call up that gotmls.js path in your browser.September 19, 2016 at 12:00 am #1634
I’ve changed the htacces a per your indications, and the same php message was printed. ?undefined constant’ (screenshot attached).
Again I’ve done a furtehr test. Now I’ve copied your script followed by an ‘exit;’ instruction above line 94 of the index.php file, where I’ve seen you’re checking the content of this constant. This time it printed:
Hope it helps. Thanks.September 19, 2016 at 8:07 am #1638
I am not getting that same result so I think you must have put more code in there from the index.php file. I am trying to debug and isolate the exact conditions that are not being met for the if statement to produce that error you are getting. Would it be possible for you to create an admin login for me so that I can login to this site and debug the code in-place?
If so, You can email the login details dorectly to me: eli AT gotmls.netSeptember 25, 2016 at 11:30 pm #1643
Somedays ago, I sent by email the credentials to go into the site.
Did you receive it and manage to check the issue yet?
One more question. Can the brute forze protection be enabled on other login pages, apart from the default wp-login.php?
I mean, my site has another login page (deployed by the Woocommerce plugin). Is there a way to configure GOTMLS to protect this other page too?
Thanks.October 7, 2016 at 8:27 am #1662
Did you have the chance to check it yet?
If you think you’re not going to do it in the near futre, let me know, as I would remove the sever clone. It’s been created just for this test and it’s costing some money.
Regarding my question above: “Can brute forze protection be enabled for other login pages?” If the answer is not, as I think it is, then I’d probaly just block the access to wp-login.php, as the normal user flow is registering on other forms in the website.
I’d then use the plugin for virus scannning and forget about brute force.
MiquelOctober 9, 2016 at 6:55 pm #1663
I have spent quite some time debugging multiple issues on this test site that you gave me access to. First, I found that some of the rules in your .htaccess files were preventing the rewrite rule in my plugin directory from working properly. After fining a workaround for that problem I found that your server was not able to save and retrieve a session file. The directory where session files are stored has the following permissions: drwx-wx-wt
You must be logged in to reply to this topic.