500 Error wpadmin login

  • Resolved cpsdarren

    (@cpsdarren)


    10 years ago

    I am troubleshooting an error I believe may be related to ModSecurity and BPS. Support said it was a log file and disk space issue, though I appeared to have plenty of disk space remaining. They say the issue was a modsecurity log that they removed, but I’m guessing it wasn’t 25GB in size so something doesn’t quite add up. Not sure if it is BPS related, but BPS is mentioned in the error log they provided below. Any ideas?

    “Seems the inode quota is exceeded on your server. I am checking further with this.

    =========
    [Wed Feb 25 10:20:46 2015] [error] [client 151.207.250.61] PHP Warning: session_start() [function.session-start]: open(/tmp/sess_d051630b9430445b002e976de6da81ae, O_RDWR) failed: Disk quota exceeded (122) in /home/carseatb/public_html/wp-content/plugins/bulletproof-security/403.php on line 3
    [Wed Feb 25 10:20:46 2015] [error] [client 151.207.250.61] PHP Warning: session_start() [function.session-start]: open(/tmp/sess_5badab92f8486c6a92a4f007a1bf80c5, O_RDWR) failed: Disk quota exceeded (122) in /home/carseatb/public_html/wp-content/plugins/bulletproof-security/403.php on line 3
    [Wed Feb 25 10:20:48 2015] [error] [client 151.207.250.61] ModSecurity: Audit log: Failed to create subdirectories: /var/asl/data/audit/nobody/20150225/20150225-1020 (Disk quota exceeded) [hostname “carseatblog.com”] [uri “/wp-content/plugins/bulletproof-security/403.php”] [unique_id “VO32XkgsWEsAAGu@NxYAAAAN”]
    [Wed Feb 25 10:20:48 2015] [error] [client 151.207.250.61] ModSecurity: Audit log: Failed to create subdirectories: /var/asl/data/audit/nobody/20150225/20150225-1020 (Disk quota exceeded) [hostname “carseatblog.com”] [uri “/wp-content/plugins/bulletproof-security/403.php”] [unique_id “VO32XkgsWEsAAF2TaegAAAAI”]
    =========”

    https://www.ads-software.com/plugins/bulletproof-security/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author AITpro

    (@aitpro)

    What can happen with mod_security and BPS Security Logging is they compete with each other to log errors. The end result is you get an infinite redirect looping problem. BPS tries to log the error in the Security log and mod_security tries to log the error in the log file that mod_security uses. Both (BPS and mod_security) are using a redirect to log errors. A redirect looping problem occurs.

    The simple solution is to turn off BPS Security Logging, but of course you lose the benefit of having a Security log file to view from your WordPress Dashboard and would have to check your Server’s log file|Mod Security log file instead.

    It sounds like your host may have turned off mod_security logging. If that is the case then the problem is already solved and you would not have to turn off BPS Security Logging.

    As far as the BPS log file size goes: BPS automatically zips and emails your Security Log file when it reaches the size limit setting that you choose.

    Regarding the mod_security log file size I assume mod_security has a similar type of automated log file handling capability, but maybe not. Host servers in general automatically zip log files and archive them at regular intervals. I do not know if a mod_security log file is supposed to handled by the host – ie the host has to zip the mod_security log file when it reaches a certain size or if mod_security does something like that automatically. Not really sure about that stuff so I cannot provide a definite answer about how mod_security does things.

    Plugin Author AITpro

    (@aitpro)

    I looked around the Internet and found some stuff that kind of answers some questions, but not really. I was looking for the htaccess code to handle mod security logging or to change the way logging is handled or to turn off logging. Found a lot of confusing info so I am not really sure what is what. ??

    bits of Mod Security info that I found that give you a vague idea of what is what.

    This has changed to SecDefaultAction instead of SecFilterDefaultAction in the newer versions of mod_security.

    Instead of disabling mod_security for everyone who requests async-upload,
    you should instead use this method which allows the request to pass without being denied,
    so you still have the security of additional mod_security checks and you keep logging turned on.

    Prevent mod_security logs from showing up in error log

    <IfModule mod_security.c>
SecFilterDebugLevel 0
SecFilterDefaultAction "deny,nolog,noauditlog,status:503"
</IfModule>

    To redirect to another page/website on error use `redirect:https://www.somewhere.com. To set it as the default action, this would work:
    SecDefaultAction “phase:2,deny,log,redirect:https://www.somewhere.com/bad.html&#8221;`

    Plugin Author AITpro

    (@aitpro)

    Assuming all questions have been answered – thread has been resolved. If you have additional questions about this specific thread topic then you can post them at any time. We still receive email notifications when threads have been resolved.

    Thread Start Date: 2-25-2015
    Thread Resolved/Current Date: 2-27-2015

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘500 Error wpadmin login’ is closed to new replies.