Hard Rock online casino Florida real money.Claim Your Free 999 Pesos Bonus Today

tangcsg
(@tangcsg)

9 years, 4 months ago

I have the following linux cron job added through my hosting control panel to replace wordpress internal cron job

wget -q -O – https://mysite.com/wp-cron.php?doing_wp_cron >/dev/null 2>&1

However, certain commands inside .htaccess file is blocking my cron job from running every hour. After spending some time researching, I confirm they are came from these additional commands I added for protecting my site from query string exploits.

# BEGIN QUERY STRING EXPLOITS
# The libwww-perl User Agent is forbidden – Many bad bots use libwww-perl modules, but some good bots use it too.
# Good sites such as W3C use it for their W3C-LinkChecker.
# Add or remove user agents temporarily or permanently from the first User Agent filter below.
# If you want a list of bad bots / User Agents to block then scroll to the end of this file.
RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (;|<|>|’|”|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=https://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*$.*$ [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*$[^)]*$ [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^.*($|$|<|>|%3c|%3e).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
RewriteCond %{QUERY_STRING} (\./|\../|\…/)+(motd|etc|bin) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ – [F,L]
# END QUERY STRING EXPLOITS

I know if I just delete these commands, then everything should be alright. But, these commands could help me to reduce query string exploits which I got them from other site. Can you all help me to identify which part of the commands are the culprits?

Viewing 5 replies - 1 through 5 (of 5 total)

linux4me2
(@linux4me2)

9 years, 4 months ago
Instead of using wget, I think you can sidestep the .htaccess problem by running wp-cron directly using PHP:
```
/usr/bin/php -q /home/username/public_html/wp-cron.php >/dev/null 2>&1
```
I used the standard path to PHP above, which you’ll have to verify is correct for your server, and also substitute your server’s correct path to wp-cron.php to make it work.

If you’re going to do that, make sure and disable wp-cron in your wp-config.php so it only runs via your cron job:
```
define('DISABLE_WP_CRON', true);
```
Thread Starter tangcsg
(@tangcsg)

9 years, 4 months ago

thank you so much!!! My linux cron job is working now. But, I have another question here… Actually, I have two cron jobs which I set them to run at different interval (once per hour and once per three hours accordingly). If I don’t replace wordpress internal cron job with linux cron, they should be able to run at different interval. But, after I replace them with linux cron job, I guess I would only be able to select one of the interval to run both of the cron jobs at the same time. And I also found out that no matter what interval I set to run the particular function in my php script (coded in my plugin files of course), they would follow the interval I set in linux cron directives. So, do I have to merge both cron jobs and use only one interval as it seems that linux cron only allow to to set one interval for that directive?

linux4me2
(@linux4me2)

9 years, 4 months ago

I’m not really sure what you’re asking. You can set the different cron jobs to run at different times so they don’t overlap. For example, set one to run on the hour, the next to run five minutes after the hour, etc. That way, the one that runs hourly and the one that runs every three hours won’t coincide because the first will run on the hour and the second runs five minutes later.

Thread Starter tangcsg
(@tangcsg)

9 years, 4 months ago

Let me make it clearer for you…. I have two cron jobs which I set them to run once per hours and once per three hours respectively using function wp_schedule_event(). Then, I disable internal wordpress cron and set linux cron to run every 5 minutes (just for testing). Surprisingly, both cron jobs were running every 5 minutes and linux cron simply ignore the interval I set with function wp_schedule_event(), but make every cron job to be run every 5 minutes. Are you clearer now?
linux4me2
(@linux4me2)

9 years, 4 months ago
I don’t know the answer to that one. You may want to create a new thread for that specific question.

Looking at the Codex, the only thing I can see is that you need to make sure you’ve added the code to clean the scheduler on deactivation:
```
register_deactivation_hook(__FILE__, 'my_deactivation');

function my_deactivation() {
	wp_clear_scheduled_hook('my_hourly_event');
}
```

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Certain Htaccess command is blocking my linux cron job’ is closed to new replies.

Certain Htaccess command is blocking my linux cron job

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics