[Plugin: Secure WordPress] Crashed Server

  • Resolved noShitWFP

    (@noshitwfp)


    15 years ago

    Hi Guys,

    WordPress Version is actually 2.9.2.

    This is just FYI.

    I installed your plugin on 2 servers yesterday. One server was fine, the other crashed the entire server…yep! Not just the host account…the entire server. I reckon if your gunna have a problem, make it memorable and this certainly did that ?? Naturally the Account was suspended…

    I got permission to get back into the site and uninstalled the plugin…it seems ok now.

    Of note: Both sites on which I installed the plugin are very similar. Same platform, same template, same plugins. Even the same host company…just different servers/accounts therein.

    I’ll include what information I can from the Error Logs in case it helps:

    [Mon Mar 08 22:43:39 2010] [error] [client IP ADDRESS] ALERT – Include filename (‘../../../../wp-load.php’) contains too many ‘../’ (attacker ‘IP ADDRESS’, file ‘/home/USER/public_html/wp-content/plugins/secure-wordpress/js/page.php’, line 2), referer: DOMAIN_NAME/wp-admin/options-general.php?page=secure-wordpress.php

    [Mon Mar 08 22:43:24 2010] [error] [client IP ADDRESS] ALERT – script tried to increase memory_limit to 268435456 bytes which is above the allowed value (attacker ‘IP ADDRESS’, file ‘/home/USER/public_html/wp-admin/includes/file.php’, line 501), referer: DOMAIN_NAME/wp-admin/plugin-install.php?tab=plugin-information&plugin=secure-wordpress&

    [Mon Mar 08 15:34:46 2010] [error] [client IP ADDRESS] ALERT – script tried to increase memory_limit to 268435456 bytes which is above the allowed value (attacker ‘IP ADDRESS’, file ‘/home/USER/public_html/wp-admin/includes/file.php’, line 501), referer: DOMAIN_NAME/wp-admin/plugins.php

    Hmmm! That’s was a bit naughty wasn’t it? ?? It seems that combination of the 2 errors created some kind of giant query loop that just kept going and going…and going ??

    Anyway, I hope this helps. It seems like a plugin worth the effort to iron the bugs out of, and by all accounts such anomalies as this are rare.

    Cheers

    Stephen G

    https://www.ads-software.com/extend/plugins/secure-wordpress/

Viewing 4 replies - 1 through 4 (of 4 total)

  • Thanks for your reply – i will see for htis problem. The page.php is a small script to include javascript, maybe this is a problem; inlcude php and use header as JS. In one of the next versions i will change this for include js, only.

    I am installing WordPress 3.0 and have ALERT – script tried to increase memory_limit to 268435456 bytes which is above the allowed value (attacker ‘202.58.180.34’, file ‘/home/sloki/user/mysusername/sites/mywebaddress.com/www/wp-admin/admin.php’, line 96)

    how to overcome or surpress this warning?
    thanks in advance.

    sur

    Moderator James Huff

    (@macmanx)

    That sounds like WordPress is being blocked by an overly aggressive server-side security script. Contact your hosting provider. If they can’t help, please start your own topic as your issue has absolutely nothing to do with this topic.

    This plugin spiked the server resources to over 150% resulting in my site being suspended by my host for abuse of server resources!

    There are no other fingers to point as this was the only change I made to my site.

    However, I have to say that the blog site is within and OSCommerce directory – so it might be because of my unique situation – and I must also say that I’ve used this plugin within several other sites with no problem.

    Still be cautious and take a backup before you install (any plugin)

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘[Plugin: Secure WordPress] Crashed Server’ is closed to new replies.