Back end error

Hi atutrabajo,

Can you please send me an export of the page you’re having trouble editing? This will allow me to take a closer look at the settings of that page and work out what might be triggering this issue.

To export a page, open up the page in the editor and click the Layout button in the Page Builder toolbar. Click import/export and then click download. Please upload the export to a 3rd party file hosting site such as WeTransfer (no email is required).

And, when I went to see the code in question, I came across this;

The mentioned error is a generic error message and points to a WordPress file. This can sometimes happen, and the linked file isn’t directly related while the error message contents itself is – in other words, you are running out of memory, but it’s not caused due to that specific line. Are there any other error messages that are being listed in your error logs at the same time as the other edits?

Thank you for letting me know the steps you’ve taken to troubleshoot this issue.

Kind regards,
Alex

Hello. First of all my apologies for not having responded earlier.

It is precisely because I took care of these “things” that I neglected others. And, between us, I didn’t think you were going to answer me so quickly, heh!

With that said, let’s get started …
1) Regarding:
… “Can you send me an export of the page you are having trouble editing? … To export a page, open the page in the editor and click the Layout button on the Page Builder toolbar” …
It is precisely IN THIS STEP that I begin to have problems.
That is, when I click Edit, it stays “checked” (I don’t know how to say it in English ?? and – of course – how the “timeout” happens, if I’m connected to Cloudflare, it gives me an Error 524 On the other hand, if I temporarily disconnect from it, it gives me Error 503.
So, as I told you, I would not know how to do this “export” thing because, I CANNOT enter Edit ANYTHING.
Anyway, and in case you can analyze it “from the outside”, the page I would like to Edit is this; https://atutrabajo.org/coaching-laboral/sobre-francisco-soto

2) In relation to:
… “And, when I went to see the code in question, I came across this;
The mentioned error is a generic error message and points to a WordPress file “…
Yes. It is the same that I could find out by googling for example:
… “solution Flush all output buffers for PHP 5.2”

As a result of which, I came across for example this;
https://generatepress.com/forums/topic/error-bug-message-under-footer/

Which, as you can see, mentions among other things that …
… “failed to send zlib outbound compression buffer” …
To which they respond the same as you;
… “That is a function that comes from WordPress itself:” …
And also “casually” he asks:
Are you getting the error with all plugins disabled?
If so, what happens if you switch to a default theme of twenty series?
And this is the answer:
It is strange why this problem appears all of a sudden, without new plugins being installed.
With all plugins disabled, there is still some problem. You’re right, it’s not a thematic theme, the same with TwentyTwenty.
But, in my case, as I already mentioned, it happens to me ONLY when I leave your plugin activated.
In any case, the interlocutor takes “pity” on his client and tells him that …
… “I would report this to WordPress support.
Maybe they have heard the problem and already have a solution “…
[This was in January 2020, heh!]
But as you know, we are already on Version 5.7 AND NOTHING! ??
Ah! And I also came across this other;
https://toolset.com/forums/topic/functions-php-on-line-4609/

Where the consulted proposes that …
… “is a common WordPress error, generated when you have zlib output compression enabled. Disable it and it should be resolved. For more information, see this thread:” …
And I assure you that I tried ALL the suggestions that you can see (both in that thread and in the one mentioned within it) and NOTHING!
So, like I told you, I don’t know what to do anymore.

3) Regarding …
… “This can sometimes happen, and the linked file is not directly related, while the content of the error message is – in other words, you are running out of memory, but it is not due to that specific line. “…
You are also right ?? And it is the same that my hosting (Mochahost) told me. This is;
… “Few responses have suggested that your application’s memory was low or that the server was saturated. Due to the above, we have set memory_limit so that a single php process is the maximum included in your 4GB plan, which is why which is not a standard practice for a single php process to occupy so much memory “…
Finally and as for …
… “Are there other error messages that are listed in your error logs at the same time as the other editions?” …
The short answer is yes. But there are so many that, in order not to continue “filling in” this form, I put them in a notepad and I send them attached to this link;
https://drive.google.com/file/d/1-jbxL0z8-0Sb6Zm0F3Sytj5l9RCIJNDj/view?usp=sharing

Note I:
I only took the last 2 days (15 and 16) not to “bore you” but, the truth is that there are many errors, during many days (those that I tried to edit my page).

Note II:
As you will understand and, for security reasons, I changed the names in the links, the IP numbers that are mentioned, etc. But I think it is easy to see what they imply.

Note III:
The last part of the errors (the one that says Latest suexec error log messages ?? does not coincide in their dates but, maybe it helps you to complete your analysis.

Well, that’s all for now. : – &

I hope you can help me.

From already thank you very much.

Greetings.

Hi atutrabajo,

No worries about the delay. ??

Thanks for trying to export the layout. It’s possible something on the server is blocking edits on the relevant page. Please reach out to your hosting provider and ask if mod_security (or an equivalent) is being used. If it is, ask if you’re getting blocked by it (there are logs they’ll be able to check). If you are getting blocked by it, please ask them for a copy of the relevant log.

Kind regards,
Alex

Hi Alex.

First of all, thanks for responding.

That said, I comment:
– Regarding…
… “It is possible that something on the server is blocking edits on the relevant page. Contact your hosting provider and ask if mod_security (or an equivalent) is being used” …
In 1st. Instead, I told you that, a while ago, when I wanted to update to WordPress 5.6.1 (I think), it happened to me that I could not update it and then, I contacted my hosting.
In the “tug of war” (the long exchange of emails that we had with my hosting), and even though we had already overcome it, they ended up with the following conclusion:
… “We suspect you failed to update your application because mod_security … in case you cannot update your application again, please disable mod_security via: cpanel >> security >> mod_security” …

However – luckily, heh! – I didn’t have to do it because, after their intervention, the problem was solved and, NEVER again, I had problems when I updated my WordPress (thank goodness :).

For example, I already upgraded to 5.6.2 and 5.7 without ANY issues.

On the other hand, I don’t understand how, THAT page is with the ONLY one that – until now – I have problems.

I know this because I tried the first 2 (Home Page and Blog) and, I can edit them “in one go”.

And frankly I did not continue testing with other pages / posts so we are commenting
Is that…
1) Every time I wanted to edit THAT page – About Me – I had these errors (524 – with Cloudflare – or 503 without).

2) When deactivating your plugin, the problem was “solved” (it allowed me to continue editing) but, on the other hand, the page in question (About Me) was “deconfigured” because, precisely, said plugin had not been activated (and in the itself, several elements of it are installed).

Ergo …
3) Since I didn’t know how to fix it, I took my last backup (from 10/3) and “rolled back” ALL of my site to that date. And then EVERYTHING was solved.

You will understand then that, I cannot be like this, all day, right?

– With respect to…
… “If so, ask if they are blocking it (there are records they will be able to verify). If they are blocking it, ask them for a copy of the corresponding record” …
I don’t think it will be of much use because, as I told you, BEFORE I contacted you, I did it with them ?? Who, as I told you, already had this background.

And, as I also told you, according to what they manifest …
… “Due to the above, we have set memory_limit so that a single php process is the maximum included in your 4GB plan, which is not standard practice for a single php process to take up so much memory” …

And, based on this with more, the antecedents that we were seeing throughout our “conversation”, reached this conclusion …
… “If your application is working fine temporarily after restoring the backup, the problem is caused by the plugin / theme or combination, the server is not interrupting your application as no changes are made on the server side “…

Finally if you want, I can try (that of disabling mod_security and testing) but … Are you sure that this is not going to leave me – precisely – without a security “thing”?

I await your comments.

From already thank you very much.

Greetings.

PS: One last piece of information that, for me, is nothing “minor” …
Even if it was as you suppose (that your plugin might not be “compatible” with mod_security) …
– Why is it the ONLY plugin with this incompatibility?
– Why NOW if, as I already told you, both this plugin and this page have been around for 3 years?

Anyway.

And, in case they were not “compatible” and, as those of my hosting suggested at the time, if I had to disconnect mod-security, what would happen to the security of my site?

By last.
I honestly do not know how they did it at the time (helping me with the update to WordPress 5.6.1) but, what I do know is that, I NEVER had this problem again and that is why, the updates to 5.6.2 and 5.7 I could do them “on the touch”.

And that, as I mentioned, luckily I NEVER had to “touch” any of the mod-security, heh!

Hope this can help you.

See you.

Hi atutrabajo,

Thank you for clarifying. mod_security uses rules defined by your hosting provider and sometimes rules can be a little too general/vague so they can affect things they shouldn’t – this is known as a false positive. New rules are commonly added which is why this issue the page only recently blocked.

Why this rule would only affect that one specific page would come down to the contents of the page itself – there’s one difference about that page that’s not present on any of your other pages and that one difference is what’s getting flagged.

Temporarily disabling mod_security will allow us to confirm if this issue is linked to mod_security. That will allow you to go to your hosting provider and ask them to check their logs to identify what rule is flagging the request.

Please try temporarily disabling mod_security to see if that helps.

Kind regards,
Alex

Hi Alex.

As they say in my country (Argentina) … “you ask for it, you have it” … ??
I tell you that, I requested the mod_security file that you suggested, which you can see by following this link;
https://drive.google.com/file/d/1wodK7oNbJUpEJI3xhXiHmwrPLIVyHf7k/view?usp=sharing

[I honestly hope you understand because I don’t, heh!]

That said, I tell you that, I tried what they suggested.

This is…
… “Try temporarily disabling mod_security to see if that helps” …

And, indeed, I was able to enter Edit the page in question;
https://atutrabajo.org/coaching-laboral/sobre-francisco-soto

However, although this was a great advance (being able to enter), when I gave it to update after making the change I wanted, boom! Again it was “buoyant” and, I could NOT update because, I had to leave and stop completing the edition.

This is because, if I continued editing, I was going to get Error 524 again and 99% of the 4GB of memory that I have according to my plan would be consumed, wasted in a single process!

So if I managed to update and the change I had made didn’t look right, I wouldn’t be able to edit it again.

So, I left everything as it was (the page and the mod_security that I reconnected to).
Okay. For now it is all.

I hope that with this info you can do something to solve this problem.

I await your comments.

Greetings.

Hi atutrabajo,

Thank you for a copy of the logs. To summarize the provided logs, there’s a false positive related to our plugin where a rule is incorrectly flagging a font – specifically Open Sans – as a critical issue. I can’t really explain why it’s getting flagged (Open Sans is an popular and well-regarded font) but I can say that it’s a custom rule that’s being triggered so please check with your hosting provider about that.

As for the rest of the logs, there are references to files that contain dangerous code that’s commonly present after being hacked. This may suggest you’ve been hacked, and if you have been hacked, that would explain hitting the memory limit. These flagged files aren’t related to our plugins, but these sorts of hacks hijack unrelated files so it’s very likely none of the flagged files are directly related to hack itself but have merely been edited. I recommend running through hack recovery to confirm if you’ve been hacked and to start the recovery process.

I recommend removing the linked log file.

Kind regards,
Alex

Hello Alex.

I’m “fighting” with my hosting for this issue and here is their response;
… “There is no problem with mod_security as I explained in my previous answers. I disabled mod_security for your domain and enabled the plugin … In this case, I cannot edit your page and plugin timeouts” …

ALL of this is what I just checked. That is to say:
1) mod_security is temporarily DISABLED, as you can see in the following screenshot;
https://ibb.co/w6GMyZr

2) When I want to Edit THAT page in question, which, as you know, is the one that has several add-ons installed for your plugin, it remains ticked (I don’t know how to say it in English ?? and, after a while … paf! I get the following Error Message 524 (if I am connected to Cloudflare);
https://ibb.co/BwYzkqT

Or, if I temporarily disconnect from Cloudflare, I get a 503 Error.

3) I CANNOT leave your plugin disabled because, if I do so, my page is “unconfigured” (I can’t explain it in English ??

Please … Could you verify what happens as soon as possible?

Otherwise, I will have to remove your plugin and unfortunately remake the ENTIRE page.
From already thank you very much.

Greetings.

P.d 1: Just in case, I’ll keep mod_security disabled for a while in case you want to test my page (https://atutrabajo.org/coaching-laboral/sobre-francisco-soto) but, of course, I’ll have to come back later to enable it then, as you can read in the cPanel module itself …
… “Warning: ModSecurity is disabled for one or more of your domains. Only disable ModSecurity while troubleshooting an issue with your configuration. Without ModSecurity enabled, your domains lose the extra layer of protection that the module provides” …

P.d 2: From what I can “interpret” the message from my hosting, the problem would be in the “plugin timeouts” (or something like that).

Hi atutrabajo,

Please try replicating the issue you’re facing and then checking the mod_security log. Is there a new record? I ask as the previously mod_security log were related to the page you linked and would explain the issues you’re facing. I’ve found disabling mod_security through cPanel to be very unreliable so this is to ensure it’s actually disabled.

Just in case, I’ll keep mod_security disabled for a while in case you want to test my page

Unfortunately, inspecting the page on the frontend won’t alow us to work out why it’s not working on your server as the issue itself is only occurring on the backend. We’re also unfortunately not allowed to log into your website due to the www.ads-software.com rules.

Kind regards,
Alex

Hi Alex.
I made the inquiries of the case with my hosting and, this is what (very reluctantly) they answered me. I hope it is useful for your analysis and later resolution of the problem because, what I am, I am a “little” tired since, they have me as a “ball without a handle”, heh!
Anyway.
Note: So far and according to cPanel, I have the mod_security disabled. But as you know, I CAN’T leave it disabled much longer.
And, as I already mentioned, I can’t disable the plugin either, since the ENTIRE page would be misconfigured.
Ergo, I find myself in a kind of “trap” that I DO NOT know how to get out of ??
Okay…
There you go (the questions I asked them plus the answers they gave me);
Hello,
1) Could you tell me what to do?
We identified the problem and responded to it. Unfortunately it is related to bad code and it is up to you how you want to proceed. You can keep the plugin and disable mod security which will lower your website security or remove the plugin and keep your website security high.
2) Do I enable or not mod_security?
You can keep the plugin and disable mod security which will lower your website security or remove the plugin and keep your website security high.
3) Can you send me the latest records for this module?
ModSecurity: WARning. Coincidencia de patrón &quot;(? I :( ?: procedimiento \\\\ s + analizar \\\\ s *? \\\\ () | (?:; \\\\ s *? (Declare | open) \\ \\ s + \\\\w- +) | (?: crear \\\\ s + (procedimiento | función) \\\\ s *? \\\\ w + \\\\ s *? \\\\ (\\\\ s *? \\\\) \\\\ s *? -) | (?: declare^\\\\w + @# \\\\ s *? \\\\ w +) | (exec \\\\ s *? \\\ \ (\\\\ s *? @)) &quot;en ARGS: data. file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf" line "77" id "942320" rev "2" msg "Detects MySQL and PostgreSQL stored procedure/function injections" [data&quot; Datos coincidentes:; Open Sans encontrado dentro de ARGS: data: siteorigin_widget class=\\x22SiteOrigin_Widget_Headline_Widget\\x22 <input type=\\x22hidden\\x22 value=\\x22{&quot;instance&quot;:{&quot;headline&quot;:{&quot;text&quot;:&quot;\\x5cu00a1Multiplicaremos tus posibilidades!&quot;,&quot;destination_url&quot;:&quot;&quot;,&quot;tag&quot;:&quot;h5&quot;,&quot;color&quot;:&quot;#ffffff&quot;,&quot;hover_color&quot;:false,&quot;font&quot;:&quot;Open Sans:600&quot;,&quot;font_size&quot;:&quot;2em&quot;,&quot;font_size..."] severity "CRITICAL" ver "OWASP_CRS/3.0.0" matur hostname "atutrabajo.org" uri "/wp-admin/admin-ajax.php" unique_id "YFm8Mz8JfeRGq9TgU3lAXQAAAZc", referer: https://atutrabajo.org/wp-admin/post.php?post=5290&action=edit

Hi atutrabajo,

Thanks for confirming. Unfortunately, we’re not able to resolve these sort of issues on our end as it’s dependent on your hosting provider fine-tuning their ruleset to prevent false positives like this.

I recommend asking them to whitelist your IP in mod_security (this will allow just you to bypass all checks) or changing to a different hosting provider.

Kind regards,
Alex

Estimated:
Just so you keep in mind well, honestly … I’m already exhausted!
Note: The following is the final report of my hosting and then my opinion about it.

Hi, I am trying to explain that the problem is not caused by mod_security or the shared hosting environment.
1) The issue is caused by the SiteOrigin Widgets Bundle plugin repeating and hitting the memory limits for PHP, causing an error.
Exact error:
Wed Mar 24 05: 04: 32.812587 2021 lsapi: error pid 217057: tid 46978767673088 client hidden: 0 host atutrabajo.org Error sending request (GET /wp-admin/post.php?post=345&action=edit HTTP / 1.1); uri (/wp-admin/post.php?post=345&action=edit) content-length (0): ReceiveAckHdr: timeout 300, referrer: https://atutrabajo.org/wp-admin/ edit.php? post_type = page
There are no errors related to mod_security.

Sincerely, Tim G. MochaHost – Senior Technical Support Team

My opinion:
Obviously, the nature of the problem was simpler than ALL the time we were wasting.
And this is that you still DID NOT update to WordPress 5.7

I hope you find it useful.

See you.

P.S. As you understand, I am going to have to deactivate and delete ALL your plugins from my site.

Hi atutrabajo,

Thanks for liasing with your hosting company and sharing the feedback provided.

1. The provided error message is commonly related to mod_security blocking the request, and isn’t an error associated with hitting the memory limit. Hitting the memory limit would result in a PHP error like this:

Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 2348617 bytes) in […]

2. The previously provided mod_security logs directly point to a rule that’s flagging Open Sans as a security risk – it’s a very well regarded font and is by no means a security risk. That rule is a custom rule set by your hosting provider. Your hosting provider will need to either remove this rule or update it to be more specific.

3. We can confirm compatibility with version WordPress 5.7, all versions of PHP 7, and PHP 8. We test each WordPress update extensively before release to ensure no compatibility issues are present. Due to the WordPress changes mentioned in my response to point 4, we released a number of updates to address potential compatibility issues. This wasn’t however required for 5.7. Put another way, there was no reason for us to release an update for WordPress 5.7 other than to update the Tested up to tag.

The tested tag requires a plugin update and we haven’t released an update since the release of 5.7 so the tested to tag hasn’t been able to be updated yet. We have an update planned for release shortly and that will contain the updated tested tag.

5. WordPress 5.5, 5.6, and 5.7 included an updated version of jQuery Migrate, a newer version of jQuery. A lot of older plugins and themes don’t support the newer version of jQuery and that will result in JavaScript errors. Due to how JavaScript handles errors, anything that uses JavaScript can be negatively affected by a JavaScript error so it can appear as though we’re not compatible with newer versions of WordPress due to other errors present on your website. These errors can be fixed by either updating the outdated plugin/theme, switching to a newer plugin/theme, or installing jQuery Migrate Helper – which is a plugin WordPress released to address these legacy issues.
This is called a false positive, and it’s a very common report for all plugins and themes since the release of those updates – this is not to suggest they were bad updates, only that older plugins/themes can have issues with them.

For reference, all of our plugins and themes are compatible with these jQuery changes.
I’m not familiar with the linked thread, but it’s unlikely they’re facing a direct compatibility issue between WordPress 5.7 and our plugins. When that happens we typically receive dozens of reports after release rather than a few threads. As the thread has been marked resolved by the user it’s likely they were able to resolve it by updating all of their plugins. If you read the thread referenced by hosting support you’ll see that no reliable information was provided, no further feedback has been provided by the user after troubleshooting steps were provided. A link between 5.7 issues and our plugin is at that point speculation.

We’d be happy to talk directly with you and your hosting provider email in order to resolve the issue you’re facing. If you’d like for us to do that, please, email [email protected], reference this thread and include the contact details of your hosting support department.

Kind regards,
Alex